Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Who names the invaders


  • Please log in to reply
6 replies to this topic

#1 EdBee

EdBee

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 06 October 2004 - 03:01 PM

I have been wondering and pondering the ? as to who puts the names on to the things we are tring to catch? I presume that a virus/worm is named by the discoverer-not the creator? Or is it? Did the MY-DOOM creator name it that? Perhaps. How about the HJT files? I have seen bad files in logs with the word "sys hijacker" and such. The writer of the file doesn't name it that, does he? Does the HJT program name it? I can't believe a writer of a Highjacking .exe file would call it that -Or did the writer of the HJT or Spybot program set into the program names for these files based on the definitions. I just learned that the HJT program names portion of files "obfuscated" -meaning I guess that they are bad--or HJT thinks they are bad? Does that mean the code is ilegible? -Unreadable? I'd like to know more about this if anyone has some ideas!--Thanks for reading this "obfuscated" post!!! :thumbsup: :flowers: :trumpet:
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

BC AdBot (Login to Remove)

 


#2 cowsgonemadd3

cowsgonemadd3

    Feed me some spyware!


  • Banned
  • 4,557 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 06 October 2004 - 03:34 PM

Well some are named by the creator. others im not sure I have never asked that question it is a good topic!

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:16 AM

Posted 06 October 2004 - 04:23 PM

They are usually named by things they either find in the file itself or how it appears on the machine.

For example the love bug virus had this text in it:

rem  barok -loveletter(vbe) <i hate go to school>


And the file itself was named WIN-BUGSFIX.exe

#4 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:02:16 AM

Posted 06 October 2004 - 04:57 PM

Alot of times, those who write the viruses, want it to be identified with something they purposely put in there. If as an example, I wrote a virus, the best way for me to know that it worked, is if it was on the news. Of course, I would not put the text JEServices, because too many people know me by that. In a crude encryptive way, if I put HWAwecuxwa, it may not make much sence to anyone, but I know that I put it in there. To anyone who sees that and the way I came up with it, would instantly know that it is me. It is more of bragging rights to the writer of the virus.

Awesome question though

Edited by JEservices, 06 October 2004 - 04:57 PM.

We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#5 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:02:16 AM

Posted 06 October 2004 - 05:21 PM

obfuscated - Make obscure or unclear
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#6 EdBee

EdBee
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 06 October 2004 - 06:28 PM

Well if the code that HJT reads is "unclear" or "obscure" does that mean it is unclear to the HJT program or does it mean as well that it is also unclear to the Windows that will have to process the data? What I am getting at: is the meaning of what the file will/can do beyond the scope of the HJT program or is it for certain that the file is bad? I am getting more confused!!! :thumbsup: :flowers: :trumpet: :inlove:
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:16 AM

Posted 06 October 2004 - 07:40 PM

When you see obfuscated in a hijackthis log, that means that the hijacker/malware tried to hide itself by putting its information into hex




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users