I used to think that making viruses had something to do with programming skills. I thought writing a program that could copy itself, spread itself, hide in other programs or files, find its way around on all these different computers, that surely had to be the summum of programming.
Maybe this once was true. Back in the old days, when viruses ware written in assembler, were small enough to hide in the boot sector of a floppy disk, were able to attach themselves to a file without anyone noticing (and files were quite small those days), had stealth capability, and could influence your hardware directly, bypassing the operating system.
So maybe, maybe in those days, creating viruses could be seen as an achievement, or as a sport. Now, any fool can do it. And judging by the number of viruses, a lot of them do.
Here's how.
Here's how.
- search the web for something like "Virus Construction Tool" or "Internet Worm Generator". Download it.
- run the program (click on its icon).
- fill in the form. Choose interesting names.
4) check the boxes to indicate how you want this virus / worm to spread (e-mail, irc, ...)
5) choose your options for 'payload'
6)click "Done"
7)click "create virus" or "generate"
8)Save the file
9)run it to see if it works.
This should create a visual basic script that will run on Windows computers and try to use the same Outlook application files to mass-mail itself. Much like the 'I love you' virus or the 'Ana Kournikova' worm.
Silly.
you've seen how any kid that knows how to click a button can create a mass mailing worm. Nothing to it. This tool generates a VB script that- copies the script to a given location on the 'victim' computer
- creates a Windows Registry entry to execute the script as soon as Windows starts
- uses Microsoft Outlook to generate email messages with the 'virus' attachted to it
- lets Outlook send these messages to all addresses in the Contact list
- executes some payload, such as shut down the computer, display a message on the screen, open a webpage with the systems default browser, etc.
As this is purely Visual Basic scripting, it could do a lot of other things : VB script is designed to script just about any system administration task : create, modify or delete user accounts, files, ... . It also offers the possibility to start other applications and let those perform actions as well - as is demonstrated here with the 'Outlook' Application.
Downside (from the script kiddie's point of view) of this 'technique' is that
- The attachment is clearly a vb script - recognizable by the .vbs extension. Users should know better than to run executable files without knowing what they will execute
- It only works on Windows systems with Microsoft Outlook installed
Still, this type of virus / mass mailing worm have been known to spread successfully. Apparently, there is a sufficient number of computers with Windows and Outlook, and a sufficient number of users that click on anything that is sent to them.
To make things worse, VB scripting can not only be used for scripts attached to an email message, but it can appear in Microsoft Word, Excel and other applications as so-called Macro's (a.k.a Visual Basic for Applications or VBA), and on web sites, so that it will be executed as soon as you visit the page where the script is present -- demo -- . All in the name of user-friendliness.
Gotcha again !
Is this page really a virus ?
What you've just seen is Visual Basic being executed by your web browser.
Didn't see anything ? Good. That probably means that your browser did not execute the Visual Basic scripts on this page, which protects you against harmless jokes and not so harmless tricks people can play with VBS on web pages.
VBS is a rather powerfull scripting language. It is capable of reading files, get acces to your computer configuration, and modify them, or delete them, and so on. It can be used by system administrators to create or modify user accounts and security settings etc. All that can also be done by a script embedded in a web page, so that the 'web page' becomes system administrator of the PC that visits that site. Scary, isn't it ?
No comments:
Post a Comment