1: Sure, TCP and UDP are transport protocols and have some useful features but if you feel frisky you can always try an ICMP shell if you wish, just know that TCP is recommended because it is a very reliable protocol, ICMP shells are used to bypass more strict firewall rules, but don’t expect the performance of the typical reverse shell.
2: Those Python related articles do not talk about writing malware, but reverse shells, which is what you would use on a system in which you have already achieved code execution of some kind, to obtain a proper interactive shell. For this task Python is just fine because it comes shipped with most *nix OS out there.
I imagine the kind of malware you are interested in needs a way of remaining on a system for as long as possible, going undetected, perhaps collecting data. Sure Python has so many libraries that this can be done quite easily, but you have to remember Python is an interpreted language, ergo its scripts can be read by anyone, it is much slower than a native executable and when turned into one with programs such as py2exe it creates massive binaries that an AV can pick up blindfolded, that’s not what you want for a stealthy malware.
Plus, a malware often does its magic using low level system calls and operating system API, which are both accessible natively through C, because still to this day C is what most code of Windows and *nix is written with, so writing C code gives you access to a whole world of functions that are far more powerful than what Python provides.
Take for example the LogonUserExExW Windows API function and the jail FreeBSD system call, or any other function you find in the man pages or Microsoft’s documentation, the code examples are in C, the function prototypes are in C, and the code of the functions themselves is also written in C, here is the jail syscall’s code.
Having this much power allows you to fine tune each operation of your program, and considering that an AV cannot flag an action as malicious without already knowing what is malicious and what isn’t, you can bypass these checks by finding a new way of doing what you wanted without alerting anyone. Python and other higher level languages offer very little freedom in comparison.
I haven’t heard of a major malware completely written in Assembly in a long time frankly, ASM produces code that is even faster than C because it is essentially just a human readable representation of the opcodes the CPU sees and takes commands from, so coding in ASM equals to talking directly to the CPU… or at least it’s what it is supposed to mean, but now we have so many macro instructions that even by writing Assembly you often don’t know exactly what is going on under the hood.
But the bottom line is, ASM produces very efficient, fast, slim code, and it works directly with the operating system’s syscalls via interrupts, the only problem is Assembly has a very steep learning curve and is unsuited for large programs, especially for one as complex a modern malware, hence why typically you find simpler smaller malware written in ASM, not APT level spyware. Regardless, if you want to learn how your computer truly works learning it is a must.
If you want to run your program on a computer that doesn’t necessitate a ton of dependencies do not write it using Visual Studio.
3: I’m not a C++ programmer and I only know a little bit of C#, I wouldn’t recommend it for malware development. Stay native.