Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Infecting Compilers

Silent Supporter
29a [6]
September 2001

1
[Back to index] [Comments]
[email protected]

btw. I apologize for my bad english ... I am so so so sorry for that [not really ;-p]

All of us know how to modify executables right? The bad thing is, that all of AVers know that too.

Well, there's a chance to make their work incredibly hard. What I am talking of is to infect not executables, but sources. But not the old way, like most of source infectors do. It is too easy to append some code to the file that is on the hard disk. it is also too easy for a programmer [he's not dumb, right?] to notice that something is wrong with his files.

No, No. This time we will talk about something more clever :) There's a lot of programs that compile programs to executables. Most of the old-fashioned compilers/linkers use files that are passed to them via command line or via "make" tool. In this way, infection would just need a virus to take an input file, append the virus source code in run-time [f.ex. by appending the virus to the copy of the source code file that would stay in a diff., temporary file] The executable would contain the virus in an unpredictable place + if the author of the program uses any executable packer wouldn't be easily able to be detected. Of course, there's still a chance to append the encrypted body of the virus - by using polymorphism f.ex.

New compilers like the most known VC++ and Delphi need some special treatment. It is still possible to play with them, and it shouldn't be so hard - cuz it seems quite easy to infect their project files. Other possibilites are like adding new header files or even more clever, modyfying some standard header files to include our virus. Let's imagine that a virus stays in memory and tries to infect only when somebody uses F7 key in VC++ [Building EXE File] and only when somebody builds the Release version... Hmm guess what happens few months later =)

A lot of the users use a new version of the product. They use newest AV programs and are proud of their safety and then one day something happens and the question appears where the hell that virus came to my machine from, huh? :>

See? Midfile infectors may enter totally a new era. Not to mention those which are also polymorphic ones.

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org
deenesitfrplruua