• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

the Art of Virology 03h

March 2, 2007

Views: 6,180

[ad]

…finally after three months of inactivity (exams, parties and so) I made some time to write this virus and this article… so for the ones who read this series… ENjOY =)

The Old School Virus

Yeah, I gave up writting infant-b because even the [a] version was full of bugs, and had to logicaly restructure the code so I could implement the things I promised for this virus, which bears the name Old School (oldskl)…

A mutant?

I said that in this virus I’m going to implement and encryption scheme, xor based one and mutational (this I forgot to mention). The basics of the XOR is that when comparing two bits, if there are the same the result is 0 (zero) and if different (1).


0 xor 0 = 0
0 xor 1 = 1
1 xor 0 = 1
1 xor 1 = 0

Well also you could use other functions as rotate (left or right), increase/decrease, and, or, not and any other variation of these… The mutation of the virus happens before every infection. It simply adds 1 to the key (which is of dimension byte maxvalue = 255) until it reaches 0FFh (255), moment when it resets the key to 1, not 00 because then the virus would be no more encrypted. So it has 253 posible states (255 and 00 are out)…

The famous transversal infection (.. or Dot Dot)

I had to implement a multi-directory infector. Not all the files are in one single directory, so I implemented the dotdot technique, nothing fancy it works as a simple cd .. command… it’s a clasic …

Multiple infections per run

Simple implementation, but heavy result…
Some info on how it works… I used a tree type infection, just to make it funkier…

]The first infection wave infects 5 files, including itself (the first)…

]]The second file infects other 4 files

]]]The third file infects other 3

]]]]The fourth other 2

]]]]]The fifth just 1

When these infected files are executed, the above scheme starts over again, but decreasing from the number the have. So after another infection wave the second infected files infects other 4 files which infect as follows:

]The first 3 files

]The second 2 files

]The third 1 file

]The fourth 1 file

I think you got the idea… After going to 1 infections per run it stays there and infect just 1 file per run…

Stealth

Actually semy stealth because it only saves the time and date of the file and save the attributes of the files (because it resets them)… Why does it reset the attributes of the files? Because this way it can infect read-only files…

COM’s

You need some COM files to play with this baby… so I created a batch file which will automatically create you ten COM files per run (5 normal, 5 read-only)… Here is the code for the createCOM.bat:


@echo off
debug < gencom.file > nul
copy com.com 1.com > nul
copy com.com 2.com > nul
copy com.com 3.com > nul
copy com.com 4.com > nul
copy com.com 5.com > nul
copy com.com 6.com > nul
copy com.com 7.com > nul
copy com.com 8.com > nul
copy com.com 9.com > nul
copy com.com 10.com > nul
del com.com > nul
attrib +R 1.com
attrib +R 3.com
attrib +R 5.com
attrib +R 7.com
attrib +R 9.com
@echo off

Besides of this BAT file you also need the following file named gencom without any extension:


a100
mov ah, 4C
int 21h
nop
nop
nop
nop
nop
nop

n com.com
rcx
A
w
q

I advice you to make 2 directories: one Virus and a subfolder Start… Place the virus you assemble in start, where you also run createCOM.bat, and also run createCOM.bat in the folder Virus… Atention if the file gencom isn’t in the same directory with the bat, then no com files will be created..

Give me the virus
Again don’t spread this virus… It would an ok virus about 20 years ago, but not it’s god damn old for these times…

Oldskl by backbone: oldskl.asm

The ending of 03…

If you understand everything until now than you know the basics of computer viruses… If not don’t panic (i didn’t also understand viruses at the beginning) the following article will be a fully detailed one about every function we used… for the ones that have learned a bit of assembly… for the others: check my first article and get a good assembly book to learn…

EOF

Related Posts:

  • An Introduction To Web Application Security Systems
  • nbtscan Download - NetBIOS Scanner For Windows & Linux
  • sheep-wolf - Exploit MD5 Collisions For Malware Detection
  • BADLOCK - Are 'Branded' Exploits Going Too Far?
  • Upload_Bypass - Bypass Upload Restrictions During…
  • Doppler CLI - Streamlined Secrets Management for DevOps
Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Virology Tagged With: encryption, virii, Virology, virus



Reader Interactions

Comments

  1. Torvaun says

    March 2, 2007 at 8:37 pm

    Minor nitpick. Your virus has 254 possible states, not 253.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

TREVORspray - Credential Spray Toolkit for Azure, Okta, OWA & More

TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Views: 276

TREVORspray is a purpose-built password spraying utility designed for red teams and offensive … ...More about TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Force Push Scanner - Hunt GitHub Dangling Commits for Leaked Secrets

Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Views: 321

Force Push Scanner is an offensive security tool that identifies secrets inadvertently left in … ...More about Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Views: 3,897

Darknet marketplaces remain central to illicit trade in 2025, with evolving business models, payment … ...More about Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Caracal - Rust eBPF Rootkit for Stealthy Post-Exploitation

Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Views: 498

Caracal is a new Rust-based eBPF (extended Berkeley Packet Filter) rootkit that provides a stealth … ...More about Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Windows_EndPoint_Audit - Endpoint Security Auditing Toolkit

Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Views: 556

Windows_EndPoint_Audit from ITAuditMaverick introduces a powerful method for offensive security … ...More about Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Malvertising and TDS Cloaking Tactics Uncovered

Malvertising and TDS Cloaking Tactics Uncovered

Views: 387

As digital advertising continues to be exploited by malicious actors, malvertising and Traffic … ...More about Malvertising and TDS Cloaking Tactics Uncovered

Topics

  • Advertorial (28)
  • Apple (46)
  • Cloud Security (2)
  • Countermeasures (231)
  • Cryptography (84)
  • Dark Web (1)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (432)
  • Forensics (65)
  • GenAI (4)
  • Hacker Culture (9)
  • Hacking News (230)
  • Hacking Tools (688)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (240)
  • Networking Hacking Tools (353)
  • Password Cracking Tools (105)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (119)
  • Security Software (236)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (170)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker Hacker – Download brutus-aet2.zip AET2 (2,332,887)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,352)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,838)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,811)
  • Password List Download Best Word List – Most Common Passwords (933,799)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,470)
  • Hack Tools/Exploits (673,471)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,458)

Search

Recent Posts

  • TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More July 14, 2025
  • Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets July 11, 2025
  • Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends July 9, 2025
  • Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation July 7, 2025
  • Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit July 4, 2025
  • Malvertising and TDS Cloaking Tactics Uncovered July 2, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy