by Fifo

Modifying Malware To Make Them Undetectable, [video tutor]

http://rapidshare.com/files/20951367/ModifyingMalware.rar

Finding Signatures Detected In Malware, 2nd video tutor

http://www.megaupload.com/?d=AI0HNDQG


EDIT: see post below for direct links to these files and the codec required to view them - Kayaker

And your point is??

nothing just posting tutorials..
it's forbidden or?

Not forbidden, quite the contrary, encouraged. But the files that you posted, at least on the virtual machine I played them, those avi's contain only high quality audio, with excellent guitar playing, by the way.
So my question stands,
Your point is??

(I made an ASS of myself)

Let's deal with this properly shall we..

Thank you Vrane for the contribution, much appreciated.

Since files never last long on those sites, I have uploaded them to the server for ever and anon.

They both require the TechSmith Screen Capture Codec, which I have also uploaded to the server, or you can get directly from the codec site:
http://www.techsmith.com/download/codecs.asp


http://www.woodmann.com/malware/Finding Signatures Detected In Malware_Fifo.zip
(127,877Kb)

http://www.woodmann.com/malware/Modifying Malware To Make Them Undetectable_Fifo.zip
(76,223Kb)

Codec for Windows Media Player:
http://www.woodmann.com/malware/TechSmith Screen Capture Codec.zip
(159Kb)


Cheers,
Kayaker

OMG... a video codec that actually installs and works on Vista!

I apologize to Vrane.
I had not installed the CODECS inside the virtual machine, and neither windows player or nero player complained about the lack of codecs, so I thought you were playing a joke of some sort.

hehe np

naides:

You've just experienced how an old American joke originated, which goes like this:

When you "assume," you make an "ass" out of "u" and "me."



We still luv ya anyway.

Regards,

Or the Samual L. Jackson way of saying it... "when you make an assumption, you make an ass out of 'u' and 'umption'."
(see http://www.imdb.com/title/tt0116908/quotes)

That movie was recently on one of my local channels and I watched it again.

Regards,

I had a look at the "finding sigs" tutorial. The guy who made this tut seems to be an absolute beginner. There are dedicated tools for finding sigs (e.g., sigtool, girardin's offset finder, avpoffset, UK splitter, etc.). The burdensome procedure described in this tut is redundant. Also the second tut is not the real deal. It confuses "undetected" with "undetectable". Moreover, it only deals with KAV. Other scanners use different sigs. Therefore, a different (holistic) approach is required in order to make malware "stealth".

But I like the sound of the tuts. So relaxing. Wish I had more time for reversing, coding, messing with malware *sigh*

FYI: there are tuts describing how to encrypt malware in memory /w ollydbg. This is really dangerous stuff.

u published the tutor without asking me!!!!

LoL. Now it's getting funny

Is a "bad" VXer entitled to copyright protection in a reverse engineering forum?

The same copyright permissions were requested for the background music on the tutorials I believe