{"id":402,"date":"2006-11-28T10:56:45","date_gmt":"2006-11-28T10:56:45","guid":{"rendered":"https:\/\/www.darknet.org.uk\/2006\/11\/the-art-of-virology-01h\/"},"modified":"2017-06-05T00:41:59","modified_gmt":"2017-06-04T16:41:59","slug":"the-art-of-virology-01h","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2006\/11\/the-art-of-virology-01h\/","title":{"rendered":"the Art of Virology 01h"},"content":{"rendered":"<p>In this part we will discuss the basic framework of a computer virus&#8230; The basics of a virus consists of two elementary procedures (others will tell you three). These are:<\/p>\n<ul>\n<li>a search routine<\/li>\n<li>a infection routine<\/li>\n<li>[anti-detection routines]<\/li>\n<\/ul>\n<h2>The search routine<\/h2>\n<p>This routine will have to be a more delicate one [but not hard to analyze at all], because as besides the search routine itself we will include file validation two, we will check within this routine if the file is read-only file, not as in some cases in which I saw that the virus search the file, found it and only when trying to infect it he realised that is read-only, and if no check done for it the virus would crash.<\/p>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<h2>The infection routine<\/h2>\n<p>The trivial routine in a virus, because we do not need a search routine if we say for example we make a list of <q>wanted to infect files<\/q>, this routine (in COM viruses) will only write the whole virus in the host program and write a jump to it at the start of the file&#8230; simple don&#8217;t you think?<\/p>\n<h2>Pseudo-Code Virus<\/h2>\n<p>I know it&#8217;s the second article and what do you get? only a pseudo-code virus, but be pacient because I&#8217;m not so trustful to think that you have already read the book I recommended you in the first part&#8230; so wait until the 02h will be out; till then let&#8217;s check out our <q>first virus<\/q>:<\/p>\n<pre>\r\nvirusName \"infant-alfa\"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\r\nvirusAuthor \"backbone\"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\r\n\r\nbegin\r\n   SEARCH:\r\n      if find_com_file is true then INFECT\r\n      else SEARCH\r\n   INFECT:\r\n      if file_read_only then SEARCH\r\n      else OPEN_WRITE\r\n        OPEN_WRITE:\r\n           write_virus from virusName to FINISH\r\n           write jump to virusName at start_of_host_program\r\n\r\n           \/\/jump in machine-code = 0e9h\r\n\r\n           if write_ok goto FINISH\r\n           else SEARCH\r\n   FINISH:\r\nend\r\n<\/pre>\n<p>If you don&#8217;t like it in pseudo-code, maybe you&#8217;ll like it in Pascal, so dowload <a href=\"https:\/\/www.darknet.org.uk\/content\/files\/dnvg-pass.zip\">Dirty Nazi Virus Generator<\/a> (Password: <em>darknet123<\/em>) and create a virus to analyze&#8230; I didn&#8217;t try them out but in theory it should work fine&#8230; if you don&#8217;t have a pascal compiler you can try <a href=\"http:\/\/www.freepascal.org\">freepascal<\/a>&#8230;<\/p>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<h2>What more do I need to know before actually starting to write viruses?<\/h2>\n<p>This is an excellent question because even if the actual search and infect routine are simple to build in assembly, the DTA (Disk Transfer Area) is a little hard to understand so i&#8217;ll give you a book which will jump in your help (I advice you to read only the DTA part because the rest of it and even more I&#8217;ll treat them myself)&#8230;<\/p>\n<p><a href=\"https:\/\/www.darknet.org.uk\/content\/files\/the-little-black-book-of-computer-viruses.zip\">The Little Black Book Of Computer Viruses<\/a><\/p>\n<p><em>Almost forgot to mention, the password to the archive is <strong>Ludwig<\/strong> with the big L.<\/em><\/p>\n<h2>Another bitter end&#8230;<\/h2>\n<p>So this second part of <strong>the Art of Virology<\/strong> which is a bit easier to diggest than the first one, has finally ended. See you next time and hope that by the next chapter you have learned asm and read about the DTA&#8230; till then take five&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this part we will discuss the basic framework of a computer virus&#8230; The basics of a virus consists of two elementary procedures (others will tell you three). These are: a search routine a infection routine [anti-detection routines] The search routine This routine will have to be a more delicate one [but not hard to [&hellip;]<\/p>\n","protected":false},"author":18,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[30],"tags":[127,8874,112],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"backbone","author_link":"https:\/\/www.darknet.org.uk\/author\/backbone\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/402"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/18"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=402"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/402\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=402"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=402"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=402"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}