vx-underground
Malware Noob Month Post #1 Anti-malware vendors (anti-virus companies, but it's more appropriate to call them "anti-malware" now), rely heavily on known-good and known-bad lists. In other words, anti-malware companies maintain a large list of file signaturesβ¦
CaNt U JuSt ChAnGe A SiNgLe ByTE
How about you shut the fuck up, hmmm? This is for the NOOBS. Yes, you can combat this using hashbusting, polymorphism, oligomorphism, metamorphism, multi-staging, etc. But that IS FOR TOMORROWS POST
YES then the anti-malware vendors can use YARA rules for detection to combat this.
THIS IS FOR THE NOOBS. SHUT THE FUCK UP. LETS ENJOY THE RIDE BRO SHUT THE FUCK UP
How about you shut the fuck up, hmmm? This is for the NOOBS. Yes, you can combat this using hashbusting, polymorphism, oligomorphism, metamorphism, multi-staging, etc. But that IS FOR TOMORROWS POST
YES then the anti-malware vendors can use YARA rules for detection to combat this.
THIS IS FOR THE NOOBS. SHUT THE FUCK UP. LETS ENJOY THE RIDE BRO SHUT THE FUCK UP
β€101π€£49π₯8β€βπ₯4π€4π2π’2π€2π1
wE AlL KnEw thIs bRO
Oh yeah?
How come I don't see your bitch ass commenting on the actual technical discussions? Nerds like to talk big when discussing noob subjects, but then when we start having serious malware conversations these motherfuckers get REALLLLLLLL quiet.
Oh yeah?
How come I don't see your bitch ass commenting on the actual technical discussions? Nerds like to talk big when discussing noob subjects, but then when we start having serious malware conversations these motherfuckers get REALLLLLLLL quiet.
β€100π€£47π―22π₯5β€βπ₯2π2π’1
Malware Noob Month Post #2
It is common for people to perpetuate the myth that malware will impact computer performance. This myth is also perpetuated in corporate trainings.
Historically, in the 90's and early-2000's, it was possible for malware to be so resource intensive (using excessive memory or CPU) it would slow down the machine. However, in 2025 this isn't a problem due to improvements in computer hardware.
Part of this myth comes from "polling" operations performed from malware.
An example of "polling" is when you're writing a (shitty) keylogger. You may want to write code which continuously checks to see if a key on the keyboard has been pressed. Then, when your code determines a key has been pressed, write the pressed key to a text file (recording what the user is typing).
This action of continually checking to see if something has been performed (any key being pressed) is "polling". As recent as Windows XP, "polling" when writing malware was considered dangerous because there was a concern of excessive CPU usage.
In 2025 "polling" isn't really a concern. The only malware now which is resource intensive is crypto-mining malware.
It is common for people to perpetuate the myth that malware will impact computer performance. This myth is also perpetuated in corporate trainings.
Historically, in the 90's and early-2000's, it was possible for malware to be so resource intensive (using excessive memory or CPU) it would slow down the machine. However, in 2025 this isn't a problem due to improvements in computer hardware.
Part of this myth comes from "polling" operations performed from malware.
An example of "polling" is when you're writing a (shitty) keylogger. You may want to write code which continuously checks to see if a key on the keyboard has been pressed. Then, when your code determines a key has been pressed, write the pressed key to a text file (recording what the user is typing).
This action of continually checking to see if something has been performed (any key being pressed) is "polling". As recent as Windows XP, "polling" when writing malware was considered dangerous because there was a concern of excessive CPU usage.
In 2025 "polling" isn't really a concern. The only malware now which is resource intensive is crypto-mining malware.
β€βπ₯75β€25π₯°10π5π₯2π’1π€£1π€1
New malwares are available for your computer. Please download it.
- Bazaar.2025.08.7z
- InTheWild.0199.7z
- InTheWild.0198.7z
This is like, 100,000 malwares, or something. I don't know. I'm just making up numbers, but I know it's more than 40,000
- Bazaar.2025.08.7z
- InTheWild.0199.7z
- InTheWild.0198.7z
This is like, 100,000 malwares, or something. I don't know. I'm just making up numbers, but I know it's more than 40,000
β€39π€£18π€©7π€3π2π’1
This media is not supported in your browser
VIEW IN TELEGRAM
π’69π₯20β€βπ₯10π€£5β€3π1
Hello,
Schizo posting aside, minor changes to the library
- Old New Thing updated
- Malware samples synced
- Drivers (vulnerable, and not) available for bulk download and individual download
Doing minor cleanup before huge swarm of updates come.
- smelly
Schizo posting aside, minor changes to the library
- Old New Thing updated
- Malware samples synced
- Drivers (vulnerable, and not) available for bulk download and individual download
Doing minor cleanup before huge swarm of updates come.
- smelly
π₯33β€14π3π2π’1
vx-underground
Hello, Schizo posting aside, minor changes to the library - Old New Thing updated - Malware samples synced - Drivers (vulnerable, and not) available for bulk download and individual download Doing minor cleanup before huge swarm of updates come. - smelly
Oh, Black Mass Volume III has been re-loaded and repaired. I accidentally misplaced it (and 12,000,000 other malwares, still can't find those).
π€£41π±7β€3π₯°1π’1
Teach a man to code he'll something, do something, teach a man something else and he'll do something else again too
π€―84β€18π€18π€6π₯1π’1
Malware Noob Month Post #3
The easiest malware to develop is information stealer malware.
Of course any malware can get really crazy, all the buzzwords and mumbo jumbo, but an information stealer is extremely basic in concept.
All your code needs to do is copy everything from a users machine to a remote computer you control.
The most deceptively hard malware to write is ransomware. In principle it seems easy, but ransomware very quickly can become very strenuous on a developer.
Ransomware must be fast, must be multi-threaded, must be asymmetrically encrypted, must be bug free (or else decryption won't work), and while also trying to avoid detection (almost impossible for ransomware).
Ransomware is incorrectly called "skidware" because it is the most heinous types of malware. But good ransomware (which is rare) can be challenging to develop.
And for the Threat Actors and Red Teamers reading this: DO NOT USE BABUK RANSOMWARE. Babuk is filled with bugs. Babuk will destroy everything. If you're a Threat Actor using Babuk, you won't get paid and you'll waste everyone's time (including yours). If you're a Red Teamer, the people won't be able to restore their data.
The easiest malware to develop is information stealer malware.
Of course any malware can get really crazy, all the buzzwords and mumbo jumbo, but an information stealer is extremely basic in concept.
All your code needs to do is copy everything from a users machine to a remote computer you control.
The most deceptively hard malware to write is ransomware. In principle it seems easy, but ransomware very quickly can become very strenuous on a developer.
Ransomware must be fast, must be multi-threaded, must be asymmetrically encrypted, must be bug free (or else decryption won't work), and while also trying to avoid detection (almost impossible for ransomware).
Ransomware is incorrectly called "skidware" because it is the most heinous types of malware. But good ransomware (which is rare) can be challenging to develop.
And for the Threat Actors and Red Teamers reading this: DO NOT USE BABUK RANSOMWARE. Babuk is filled with bugs. Babuk will destroy everything. If you're a Threat Actor using Babuk, you won't get paid and you'll waste everyone's time (including yours). If you're a Red Teamer, the people won't be able to restore their data.
β€70π―9π3π2π₯1π₯°1π’1π€£1
Malware Noob Month Post #4
Does malware need to be written in C or C++?
No. You can write malware in any language you want. In fact, I encourage you to write malware in other programming languages.
The reason why C (or C++) is so common is because, as is tradition, it has some historical context.
Back in the day the language for programming was assembly. However, as IDEs and compilers improved, it became more acceptable to write in C (for reasons we can discuss later).
Either way, Operating Systems began exposing APIs (Application Program Interfaces) in C. Basically, you could communicate to the Operating System and have it do things for you such as create a file or make space in memory.
C very quickly became the standard for APIs for Windows and Linux. Hence, malware would inevitably use this language. Additionally, C is very similar to assembly in regards to memory management and ability to ruin your day.
In 2025 dozens of programming languages can interopt with Operating Systems. You do not need to use the old school Windows API or do things on Windows anymore.
You can write malware in Rust, Go, Java, NodeJS, CSharp, VB, Python, ???. It doesn't matter.
C (or C++) is the old school standard, it has seniority, it's been around forever. But, as long as the language gets the job done, it can be literally anything you want.
It should be noted though that C (and C++) has a reputation of being elitist (myself included sometimes), so when you make a cool proof-of-concept and it's not C or C++, some people might sigh or complain (myself included), but just ignore them (myself included).
Does malware need to be written in C or C++?
No. You can write malware in any language you want. In fact, I encourage you to write malware in other programming languages.
The reason why C (or C++) is so common is because, as is tradition, it has some historical context.
Back in the day the language for programming was assembly. However, as IDEs and compilers improved, it became more acceptable to write in C (for reasons we can discuss later).
Either way, Operating Systems began exposing APIs (Application Program Interfaces) in C. Basically, you could communicate to the Operating System and have it do things for you such as create a file or make space in memory.
C very quickly became the standard for APIs for Windows and Linux. Hence, malware would inevitably use this language. Additionally, C is very similar to assembly in regards to memory management and ability to ruin your day.
In 2025 dozens of programming languages can interopt with Operating Systems. You do not need to use the old school Windows API or do things on Windows anymore.
You can write malware in Rust, Go, Java, NodeJS, CSharp, VB, Python, ???. It doesn't matter.
C (or C++) is the old school standard, it has seniority, it's been around forever. But, as long as the language gets the job done, it can be literally anything you want.
It should be noted though that C (and C++) has a reputation of being elitist (myself included sometimes), so when you make a cool proof-of-concept and it's not C or C++, some people might sigh or complain (myself included), but just ignore them (myself included).
π59β€39π€£15π2π₯1π₯°1π’1
People keep forgetting that time a hacker was strategically bombed by Barack Obama
Nerd from the United Kingdom fled to Syria to become a Jihadist hacker. He was pissing off the United States government, so Obama just bombed his ass.
Killed him and his homies
Nerd from the United Kingdom fled to Syria to become a Jihadist hacker. He was pissing off the United States government, so Obama just bombed his ass.
Killed him and his homies
π40π€―23π14π€£13π’6β€2π€2π€2π₯°1
vx-underground
People keep forgetting that time a hacker was strategically bombed by Barack Obama Nerd from the United Kingdom fled to Syria to become a Jihadist hacker. He was pissing off the United States government, so Obama just bombed his ass. Killed him and his homies
Not memeing, Obama bombed him and his homies. They couldn't arrest him, or something, so they opted to just kill him
https://en.wikipedia.org/wiki/Junaid_Hussain
https://en.wikipedia.org/wiki/Junaid_Hussain
π€―38π₯°11β€6π₯6π€£6π1π1π―1
Malware Noob Month Post #5
"Malware written in Java? Malware written in Python?!"
Yes, this is more common than you think. Python, Java, CSharp (kind of), Perl, Ruby, etc. are interpretation-based languages.
Each of these languages listed (and more I didn't list) depend on a "virtual machine" to "interpret" the code. In the simplest of terms, a computer program reads the code you wrote (Python, Java, etc) and transforms the code into assembly code in real time.
Interpretation languages are cool because they (normally) are easier to write. The downside is that, because they depend on a "translator" (using that liberally here), they are slower than compilation-based languages. Each instruction in your script is being translated as the script continues.
Compilation-based languages, such as C, C++, Go, Rust, etc. compile directly into assembly code.
Malware written in interpretation languages has pros and cons. The positive side of writing malware in an interpretation-based language is the ease. Writing malware in Python is much easier than other languages. While it may not have as much "power" and "flexibility" as something like C, the simplicity of the language allows R.A.D. (Rapid Application Development). Basically, you can write a bunch of code really fast.
The downside is that your malware source code (usually*, you'll see soon) will be exposed as a .py file. In other words, your malware source code is easily exposed. Someone can simply open your malicious code in a text editor and inspect it. Furthermore, your malware is dependent on the "translator" program being present. If your malicious program written in Python, or Java, or Perl, does not have the appropriate software installed your code is basically dead before it can even start (it literally cannot start).
It is EXTREMELY common to find malware which targets Discord being written in Python. Java-based malware is less common nowadays, but in the mid-2000's it was hot stuff (long story). However, like all languages, malware tends to go through "phases".
To address the usually* with an asterisk which I wrote up above: in the mid-2010's malware written in Python was pretty common because the secret ingredient was using an external tool which would place the Python "translator" inside of an .exe and the Python script as well. Basically, it coupled everything together so a .py became a .exe. It made it possible to write Python code without relying on the "translator" program (it was all just jammed together).
But when anti-malware companies learned this trick and made tools to identify it (bundling .py and "translator"), the hype died down because it was caught super easily. They crashed the party.
"Malware written in Java? Malware written in Python?!"
Yes, this is more common than you think. Python, Java, CSharp (kind of), Perl, Ruby, etc. are interpretation-based languages.
Each of these languages listed (and more I didn't list) depend on a "virtual machine" to "interpret" the code. In the simplest of terms, a computer program reads the code you wrote (Python, Java, etc) and transforms the code into assembly code in real time.
Interpretation languages are cool because they (normally) are easier to write. The downside is that, because they depend on a "translator" (using that liberally here), they are slower than compilation-based languages. Each instruction in your script is being translated as the script continues.
Compilation-based languages, such as C, C++, Go, Rust, etc. compile directly into assembly code.
Malware written in interpretation languages has pros and cons. The positive side of writing malware in an interpretation-based language is the ease. Writing malware in Python is much easier than other languages. While it may not have as much "power" and "flexibility" as something like C, the simplicity of the language allows R.A.D. (Rapid Application Development). Basically, you can write a bunch of code really fast.
The downside is that your malware source code (usually*, you'll see soon) will be exposed as a .py file. In other words, your malware source code is easily exposed. Someone can simply open your malicious code in a text editor and inspect it. Furthermore, your malware is dependent on the "translator" program being present. If your malicious program written in Python, or Java, or Perl, does not have the appropriate software installed your code is basically dead before it can even start (it literally cannot start).
It is EXTREMELY common to find malware which targets Discord being written in Python. Java-based malware is less common nowadays, but in the mid-2000's it was hot stuff (long story). However, like all languages, malware tends to go through "phases".
To address the usually* with an asterisk which I wrote up above: in the mid-2010's malware written in Python was pretty common because the secret ingredient was using an external tool which would place the Python "translator" inside of an .exe and the Python script as well. Basically, it coupled everything together so a .py became a .exe. It made it possible to write Python code without relying on the "translator" program (it was all just jammed together).
But when anti-malware companies learned this trick and made tools to identify it (bundling .py and "translator"), the hype died down because it was caught super easily. They crashed the party.
β€69π₯°4π₯1π’1π―1
Malware Noob Month Post #6
"If ransomware just encrypts things, can't they use other encryption software?"
Absolutely! This is a discussion topic in malware analysis circles. For awhile (and maybe still now, haven't been as focused on ransomware) it was "trendy" for some ransomware strains to abuse utilities such as 7z or WinRAR to encrypt things.
The problem with this method however was the password being exposed. Traditionally, ransomware uses "asymmetric encryption". Basically, the "password" to encrypt something is NOT the same password to decrypt something (tl;dr public/private keys).
When ransomware uses 7z, WinRAR, etc. the password to encrypt is the same password to decrypt. Hence, the malware author would have to go through great lengths to hide the password they used to ransom the machine.
It's possible, but has weaknesses which make it difficult and not ideal.
"If ransomware just encrypts things, can't they use other encryption software?"
Absolutely! This is a discussion topic in malware analysis circles. For awhile (and maybe still now, haven't been as focused on ransomware) it was "trendy" for some ransomware strains to abuse utilities such as 7z or WinRAR to encrypt things.
The problem with this method however was the password being exposed. Traditionally, ransomware uses "asymmetric encryption". Basically, the "password" to encrypt something is NOT the same password to decrypt something (tl;dr public/private keys).
When ransomware uses 7z, WinRAR, etc. the password to encrypt is the same password to decrypt. Hence, the malware author would have to go through great lengths to hide the password they used to ransom the machine.
It's possible, but has weaknesses which make it difficult and not ideal.
β€61π―7π₯6π₯°1π’1
The University of Oregon leadership are so wildly incompetent they should seriously consider resigning.
A physics major discovered that the universities SharePoint was misconfigured. Using an asterisk (wildcard) while searching unveiled sensitive documents at the university including staff social security numbers.
When he reported the issue he got a disciplinary hearing for violating the university computer usage policy. He was suspended.
The university then notified the staff of a "breach" and issued all the staff 1 year of credit monitoring.
Absolute brain dead slime over there at the University of Oregon. All the student did was use a wildcard, report it wasn't configured correctly, then the dean started going schizo.
More information: https://archive.is/NPRM1
A physics major discovered that the universities SharePoint was misconfigured. Using an asterisk (wildcard) while searching unveiled sensitive documents at the university including staff social security numbers.
When he reported the issue he got a disciplinary hearing for violating the university computer usage policy. He was suspended.
The university then notified the staff of a "breach" and issued all the staff 1 year of credit monitoring.
Absolute brain dead slime over there at the University of Oregon. All the student did was use a wildcard, report it wasn't configured correctly, then the dean started going schizo.
More information: https://archive.is/NPRM1
archive.is
A University of Oregon student reported a troubling online privacy laβ¦
archived 5 Sep 2025 21:30:50 UTC
π42π€―29π€£13β€7π₯°6π’5π1
vx-underground
The University of Oregon leadership are so wildly incompetent they should seriously consider resigning. A physics major discovered that the universities SharePoint was misconfigured. Using an asterisk (wildcard) while searching unveiled sensitive documentsβ¦
tl;dr * IS ILLEGAL AND FOR NERDS
β€47π€21π11π’2π2π―1π€£1