https://github.com/ewdlop/virus

一切有为法，如梦幻泡影，如露亦如电，应作如是观 ;一切有為法，如夢幻泡影，如露亦如電，應作如是觀。
https://github.com/ewdlop/virus

adware dark-web-monitoring ddos-attacks dns-spoofing flooding-gateway keylogger nmap owasp-top-10 ping polymorphic-code prompt-injection ransomware remote-desktop rootkit social-engineering spyware sql-injection trojan virus worms

Last synced: 4 months ago
JSON representation

一切有为法，如梦幻泡影，如露亦如电，应作如是观 ;一切有為法，如夢幻泡影，如露亦如電，應作如是觀。

• Host: GitHub
• URL: https://github.com/ewdlop/virus
• Owner: ewdlop
• Created: 2024-11-19T07:22:12.000Z (7 months ago)
• Default Branch: main
• Last Pushed: 2025-01-24T15:33:58.000Z (4 months ago)
• Last Synced: 2025-01-24T16:23:59.420Z (4 months ago)
• Topics: adware, dark-web-monitoring, ddos-attacks, dns-spoofing, flooding-gateway, keylogger, nmap, owasp-top-10, ping, polymorphic-code, prompt-injection, ransomware, remote-desktop, rootkit, social-engineering, spyware, sql-injection, trojan, virus, worms
• Language: C#
• Homepage:
• Size: 195 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Virus

一切有为法，如梦幻泡影，如露亦如电，应作如是观

請你們安息吧

Trojans.

Gamecracks.

Keygens.

Poor performance programs

Reverse shell

API key reverse engineering

Malicious software, commonly known as malware, encompasses various types designed to harm or exploit computer systems. Beyond viruses and trojans, other prevalent forms include:

- **Worms**: Self-replicating programs that spread across networks without user intervention, often exploiting vulnerabilities to propagate. 

- **Spyware**: Software that covertly gathers user information without consent, monitoring activities and collecting sensitive data. 

- **Adware**: Programs that automatically display or download advertisements, typically bundled with free software and often intrusive. 

- **Ransomware**: Malware that encrypts a user's files or locks them out of their system, demanding payment to restore access. 

- **Rootkits**: Tools that enable unauthorized users to gain control over a system without detection, often hiding other malicious activities. 

- **Bots/Botnets**: Networks of infected computers controlled remotely, often used to conduct large-scale attacks or distribute spam. 

- **Fileless Malware**: Malicious code that operates in memory rather than installing files, making it harder to detect and remove.

- **BackDoors**:

Understanding these malware types is crucial for implementing effective cybersecurity measures.

**Sources**:

- [10 types of malware + how to prevent malware from the start](https://us.norton.com/blog/malware/types-of-malware)

- [What is Malware? And its Types - GeeksforGeeks](https://www.geeksforgeeks.org/malware-and-its-types/)

- [What are the different types of malware? - Kaspersky](https://www.kaspersky.com/resource-center/threats/types-of-malware)

- [Malware, Spyware, Virus, Worm, and Trojan horse - ComputerNetworkingNotes](https://www.computernetworkingnotes.com/ccna-study-guide/malware-spyware-virus-worm-and-trojan-horse.html)

- [21 PC Malware Types Explained. Virus, Trojan, Ransomware ... - PCInsider](https://www.thepcinsider.com/computer-malware-types-explained/)

- [9 types of malware and how to recognize them - CSO Online](https://www.csoonline.com/article/548570/security-your-quick-guide-to-malware-types.html)

- [Malware - Wikipedia](https://en.wikipedia.org/wiki/Malware)

- [Computer security - Wikipedia](https://en.wikipedia.org/wiki/Computer_security)

- [Trojan horse (computing) - Wikipedia](https://en.wikipedia.org/wiki/Trojan_horse_%28computing%29)

- [Mobile malware - Wikipedia](https://en.wikipedia.org/wiki/Mobile_malware)

- [Linux malware - Wikipedia](https://en.wikipedia.org/wiki/Linux_malware)

- [Thousands of Android users must delete 2 dangerous decoy apps that are secretly stealing details & looting bank accounts](https://www.thesun.co.uk/tech/28185384/android-must-delete-apps-fake-pdf-qr-reader/)

- ['Malicious' way Aussies are being hacked](https://www.news.com.au/technology/online/hacking/plague-aussies-targeted-by-surge-in-malicious-online-attacks/news-story/ce2a73fd61d8bb4f56de2c8bdae244aa)

- [All Android users warned of sinister app posing as a major brand to take control of their phone and empty bank accounts](https://www.thesun.ie/tech/12667572/android-fake-mcafee-app-malware/)

- [Android owners told to delete three popular apps that could be malware-infected clones – including Google Chrome](https://www.thescottishsun.co.uk/tech/13595219/android-delete-apps-google-chrome-clone-steal-bank-details/)

- [Delete 'bank raiding' dangerous Android app right now - check for single text clue to see if you're already at risk](https://www.the-sun.com/tech/10987616/bank-raiding-dangerous-android-app-single-text/)

- [Millions of Android users warned over FAKE lock screen that steals their phone's PIN and raids bank accounts](https://www.thesun.ie/tech/14042466/android-users-warned-fake-lock-screen/)

It’s a valid concern to wonder whether tools and utilities included in a distribution like Kali Linux, or downloaded from external sources, could have backdoors or malicious components. Here are some best practices and methods to minimize the risk of using compromised tools:

---

### **1. Verify Integrity of the Distribution**

- **Official Source**: Always download Kali Linux only from its [official website](https://www.kali.org/).

- **Check SHA256 Hashes**: After downloading, verify the integrity of the ISO file using SHA256 checksums provided on the website.

    ```bash

    sha256sum kali-linux-.iso

    ```

    Compare the output with the hash on the website.

- **GPG Verification**: Use GPG signatures to confirm that the ISO was signed by an official Kali developer.

    ```bash

    gpg --verify kali-linux-.iso.sig

    ```

---

### **2. Use Trusted Repositories**

- Kali Linux tools are maintained in the official repositories. Avoid installing tools from unofficial or untrusted sources.

- Regularly update your system:

    ```bash

    sudo apt update && sudo apt upgrade

    ```

---

### **3. Review Tool Behavior**

- **Source Code Audit**: For open-source tools, review the source code if you suspect a backdoor or unusual behavior.

    - Many Kali tools are open source, allowing you to inspect their code.

    - Example: Clone a repository and audit it before compiling or running the tool.

        ```bash

        git clone https://github.com/example/tool.git

        ```

- **Monitor Network Activity**:

    - Use tools like `netstat`, `tcpdump`, or `Wireshark` to monitor whether a tool is unexpectedly sending data to unknown servers.

---

### **4. Sandboxing and Virtualization**

- Run suspicious tools in a sandboxed environment, such as:

    - Virtual Machines (e.g., VirtualBox, VMware).

    - Docker containers.

    - Tools like `firejail` for isolating applications.

        ```bash

        firejail [tool-command]

        ```

- This prevents tools from affecting your primary system.

---

### **5. Monitor for Unusual Activity**

- **System Logs**: Regularly check system logs for suspicious activity.

    ```bash

    tail -f /var/log/syslog

    ```

- **File Changes**: Use tools like `tripwire` or `AIDE` to detect unauthorized file changes.

- **Running Processes**: Regularly check running processes using `top` or `htop`.

- **Network Connections**: Monitor active network connections with:

    ```bash

    netstat -tuln

    ```

---

### **6. Use Reputable Tools and Alternatives**

- **Community Trust**: Research tools before use. Popular tools with an active development community are less likely to contain backdoors.

- **Security Updates**: Ensure tools are regularly updated by their developers.

---

### **7. Use Security Best Practices**

- **Least Privilege**: Avoid running tools as `root` unless absolutely necessary.

- **Isolate Penetration Testing**: Use a dedicated machine or environment for penetration testing. Do not mix it with personal or sensitive data.

- **Whitelist Tools**: Maintain a list of tools you trust and avoid installing random utilities.

---

### **8. Scan Tools Before Use**

- Use antivirus or malware scanners for Linux, such as:

    - **ClamAV**:

        ```bash

        sudo apt install clamav

        clamscan -r /path/to/tool

        ```

    - Online services like VirusTotal to scan downloaded files.

---

### **9. Community and Forums**

- Engage with the cybersecurity community on platforms like Reddit, GitHub, and specialized forums. If a tool has known issues, there are often discussions about it.

---

### **10. Trust But Verify**

Even if a tool is widely used, always question its origin and purpose. Trust should come after careful analysis, and regular testing and monitoring will help ensure that no backdoors compromise your system.

**Prompt Generation Time**: 2024-11-17 19:28:37 EST 

## CloudStrike Ring 0 Bug 

In July 2024, CrowdStrike, a prominent cybersecurity firm, released a faulty update to its Falcon Sensor software, which operates at Ring 0 (kernel level) on Microsoft Windows systems. This update led to widespread system crashes, commonly known as the "Blue Screen of Death" (BSOD), affecting approximately 8.5 million devices worldwide. 

Operating at Ring 0 grants software unrestricted access to all hardware and memory, essential for security tools to monitor and protect systems effectively. However, any malfunction at this level can have catastrophic consequences, as seen in this incident. 

The update's flaw caused memory corruption by attempting to access invalid memory addresses, resulting in immediate system failures upon installation. The global impact was significant, disrupting operations across various sectors, including airlines, banks, hospitals, and emergency services. 

CrowdStrike promptly acknowledged the issue, with CEO George Kurtz issuing a public apology and clarifying that the disruption was due to a software bug, not a cyberattack. A fix was rapidly deployed; however, due to the scale of the problem, recovery efforts extended over several weeks for some users. 

This incident has reignited discussions about the risks associated with granting third-party applications kernel-level access. Alternatives, such as utilizing technologies like Extended Berkeley Packet Filter (eBPF), which allow necessary system monitoring without full kernel access, are being considered to enhance system stability and security. 

 Here are the source links for more information about the CrowdStrike Ring 0 bug:

1. [How the CrowdStrike Tech Outage Reignited a Battle Over the Heart of Microsoft Systems](https://www.wsj.com/articles/how-the-crowdstrike-tech-outage-reignited-a-battle-over-the-heart-of-microsoft-systems-72b62c90?utm_source=chatgpt.com)  

2. [CrowdStrike shares plunge more than 10% as global IT outage prompts mass chaos: 'A major black eye'](https://nypost.com/2024/07/19/business/cloudstrike-shares-plunge-10-as-global-it-outage-prompts-mass-chaos-a-major-black-eye/?utm_source=chatgpt.com)  

3. [The 78 minutes that took down millions of Windows machines](https://www.theverge.com/2024/7/23/24204196/crowdstrike-windows-bsod-faulty-update-microsoft-responses?utm_source=chatgpt.com)