Worms!

desmond33 · 04-28-2004, 05:40 PM

hello. Do any of you know of a good site to find the source code and/or dissassembled binaries for some "worms"? The platform/exploit doesn't really matter; im just curious about it and would like to study the actual source.

chort · 04-28-2004, 06:28 PM

Worms are just network apps gone bad. They aren't really all that different from a typical client/server model, except in this case the "server" is accidentally running a "service" (really, a flaw) that the "client" can "logon" to (really, exploit). What does a worm do after it infects something? Read an address book, start an SMTP server, etc... that's not unlike "good" software.

Learn the principles of network programming and you'll essentially know how worms work. The rest is just about understanding a software flaw and how to exploit it, but that's really a small part of what a worm does.

desmond33 · 04-28-2004, 07:38 PM

Actually, im interested in the self-propagation principles involved with this (the "slammer" worm seems interesting), and id like to run some similar programs on a private network. i was hoping to get a head start by stealing code instead of starting from scratch, but i just cant find the actual files anywhere.

witeshark · 04-28-2004, 08:08 PM

It might be worth noting that lately the main technique used in windows relied on people's ignorance in opening attachments and the accessibility of the outlook express address book, and in some cases the accessibility of the registry. These vulnerabilities should be drying up a bit in the future

chort · 04-28-2004, 10:45 PM

Well I can't think of a legitimate reason why you would need to know how to write a self-propagating worm. LQ makes it a practice not to assist in finding to malicious code and/or exploits, so you won't find assistence on creating worms here.

Really, if you know network programming, it's not that difficult to create a worm. The only tough part is having the "luck" to discover a flaw and understand how to exploit it. Of course, many worm writers just download Proof of Concept code as the basis for their exploit code, so the whole thing becomes pretty braindead.

desmond33 · 04-29-2004, 01:10 AM

I realy dont have a practical security interest in this; I just found it interesting from an "artificial life" point of view. sorry if it's not in accordance with the forum policy.

chort · 04-29-2004, 03:14 AM

Not a problem. I think the issue is that you just fundamentall misunderstand how simple worms are. They aren't "AI" at all, they're just very simple network programs that happen to cause damage instead of performing useful tasks. Actually, from the worm writer's point of view they do perform useful tasks (harvesting e-mail addresses, sending spam, etc) but they do so without permission of the host they infect.