Malware Development
A quick dive into malware development⌗
Disclaimer⌗
First of all, I want to say that my point with this blog is not to encourage people to be black hats and do anything illegal. I deeply believe though that knowledge should be shared for a few reasons. First, there are some mean and malicious people out there and anyone working in Infosec should be able to understand what they do to prevent it. Second, there are some very legitimate and responsible people working in red teaming whose job it is to write malware and if you want to become one of those, you will also have to learn it. Third, some aspects of malware development are technically very interesting and quite challenging which is also why I like it. Now that it is said, please be responsible with what you do.
Introduction⌗
Malware is a word that is used to designate any malicious software which does things without the user consent. There are many families of malware, the most famous ones are :
- ransomware: malware that will steal and encrypt all the data from a system and then ransom it against money
- viruses: malware that will self-replicate and infect other software, mainly legitimate, of a system.
- worms: malware that will self-replicate and spread through the network
- trojans: software that looks legitimate but that will actually harm the computer
We will mainly focus on viruses here because it is how I started and even though they are not as widely used today as they used to be, they are still a good way to grasp some very low-level concepts that are still widely used on modern malware.
Before getting in the topic, I strongly recommend working inside a virtual machine, it will allow you to launch your virus safely without being afraid of infecting yourself.
Now that you have a virtual machine installed and configured, let’s start !
Disclaimer #2⌗
Even though this blog will speak about malware development, most of the concepts that we will discuss here are quite important to get a grasp on for your malware development journey but it is not sufficient enough to write any piece of properly malicious code in the modern world. Though code will be shown in these articles, it is mostly concerning file infectors which are actually harmless and quite out-to-date malware. In case you would be here to get a hand on some usable piece of malware, you can just pass your way but if you are really interested in infosec and its wide diversity of topics, please read along!
Summary⌗
- Infectors: How to make a simple self-replicating program on Linux
- Advanced infectors: How to make our infector stealthy and hardly detectable
- The payload: How to setup a simple backdoor on a computer
- Obfuscation: The Art of pissing off reverse-engineers
- Oligomorphism: How to encrypt our virus and evade signature-based detection