VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Ideas For Your Next Virus

Valhalla #2
October 2011

[Back to index] [Comments]

Viruses are basic. If we adhere to the basic definition of it, a virus should be "a piece of code that inserts itself to another code." And there have been a lot of proof of concept codes that demonstrate that. They are even written in different languages, from assembly to BASIC. Infection methods may vary a little but in general they all follow the definition.

But as time goes by, viruses have acquired functionalities that made them break free from that simplistic definition. We have now network aware viruses aka worms. We have viruses that take advantage of the operating system and hide themselves deep into the operating system. We have now viruses that attack nuclear power plants and military drones. And possibilities are endless.

And this article attempts to give you few of those possibilities.

Let's Go

So the key for a successful virus is the chance of it spreading in the wild. Before, the methods of spreading is by sharing disks so virus writers took advantage of that to spread their creations. They made their viruses infect the boot sector and the files in the disk. With this, this ensured the execution of it in another pc. And when the internet came, virus writers took advantage of email, network exploits and social engineering for their viruses to spread. Of course the old school file infection still existed but the majority was worming routines. And now, there's even a new trick that takes advantage of the internet. Virus writers host their viruses in websites and uses exploits for it to be remotely executed in a victim's pc.

But no, that's not all of the techniques that can be done. There is still few tricks that we can do.

  1. You can make your virus insert itself to picture file and upload the picture file to picture servers that gives you a direct link to the picture. And in the picture, there is an instruction for the user to do for him to execute the virus embedded in the picture (see Perrun.NET in b8#3). The virus then include the direct link to public galleries.
  2. You can make your virus convert itself to plaintext and upload the plaintext to a free text hosts, including in it an additional instruction for the text to be converted back to executable. You can make him download an executable that converts plaintext to executable bytes and execute it in memory.
  3. You can make the virus host itself to a free file server that gives you direct link and then make the virus message the link to your friends in Facebook, Twitter, Yahoo and other instant messaging services, telling them to execute the link (a .com extension is suggested for this). Or better, you can poison searches by showing the direct link in search engines.
  4. You can make your virus copy itself to removable drives to filenames that should be enticing for the innocent user to execute. Remember that the autorun feature was already given a fix so a little social engineering is necessary. Removable drives/USB sticks are used especially in university/school settings.
  5. You can make your virus embed itself to old school documents since documents are still the most exchanged form of data. Say your virus can put a link of itself in a document. This is very possible in Office documents, and possible too in the new XML Office format.
  6. You can predeploy the virus in crypted/data form and lie dormant in computers. Then deploy a program which only function is to decode/decrypt/make executable the predeployed files. Antivirus software won't raise a flag on the decoder since their only function is to decode.
  7. You can theoretically modify a video by placing a watermark on it, which can be an instruction to execute your virus, hosted on a remote server or embedded in the video.
  8. You can theoretically modify a sound file by appending another sound instructing the listener things to do for your virus, hosted on a remote server or embedded in the sound, to be executed.

I'm sure you'll notice that all the techniques lacks an important feature that the virus should have - autoexecution. But it is supplanted by social engineering. Your virus should be effective in convincing the user to do an additional step to actually executing your virus. This is like the old email worm wherein the attached worm must still be executed by double clicking the attachment.


So that's all that I can suggest for your next virus. That is if you're running out of ideas and you want to do something new.

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka