Tutorial: virus design

This may be somewhat of a cliche topic but I think it's important kids growing up have the same learning methods we do applied to more modern techniques. Therefor, lets discuss virus writing. When I was a kid there was a LOT of tutorials on irc trojans and mechanisms to bind them to legitimate software and send out. Today, I see a lot of copy pasta, do this exactly, no real explanation of why. So I'd like to avoid that by discussing the particulars of design to you, and using codeswitching the way many people use linguistic code switching. The following is a discussion on how you can design your own malware without giving you code itself. This is to teach you the procedure and execution of malware development for beginners, educational purposes only of course.

Function main
So, with programming you'll find that you can make function declarations and variable declarations in just about whatever language you choose, that is often named after what they're used for. When designing viruses this isn't ideal so often you may want to make a script specially to go back and overwrite your function, or variable names to limit someone's immediate understanding. So before moving forward you may want to think about how you can mask it later.

' this is a comment, in this comment I am referencing what will happen next. Please don't leave comments in virii code, it's bad juju.
' the next section to read is titled decisions, as called here
call decisions()

def decisions():
 readFirst=You really need to decide before you start your virus what you want it to do and how it will spread.
 decide1=first lets keep this easy and say you want your virus to communicate back to you details about keypushes, passwords, and web history. You don't care about remote access, you don't care about detections, you don't care about modular features (add new features from a control panel to active infected systems), you don't care about making money so you don't need to worry about unique traits, you don't care about interactive shells or flashy images, you don't care about screen monitoring or leveraging 3rd party to communicate. You just want basic data and sent back. So how? Do you want that emailed to you? ftp? update apache access logs on random servers you can access through a public platform and collect info? All of these are things we could do, but lets say we want to use link shorteners for user agent tracking to seed information. (our example can be https[:]//grabify[.]link/DV8J4T tracked via https[:]//grabify[.]link/track/1WRRVI)
 decide2=second lets say you decide you want your virus to spread through email or chat programs
 study1=you also need to know who your target infections are. If you spread a virus on a platform mostly used by linux or mac users, a windows executable won't get you anywhere (for example).
 seriousQuestions= Now you come to the hard part, you really need to decide what language you're comfortable building this in. For me, I really like using python but we could do this in anything that would run on a target systems.

// this is another type of comment you may see frequently, knowing what comments work for each language is also important when compiling. As such, things that work for .net as a comment could actually compile as a string variable in c#. Or some such like that. In languages such as python when compiling to an executable be aware that """ my comments go here """ is still code that runs, just takes no action, leaving the string available for anyone.

void execution() {
 Now to take our hand at developing this, we have several options. We can look up apis that make it easy for our language to accomplish these tasks, we can test out our own ways to do it with these languages, or we can look up where other people have written viruses for these goals and see how they made it. This may sound like a rather noobish technique but acquiring methods from other developers enables us to derive series of techniques that are less distinguishable to the author but still designed from the author. Remember, when doing such things the idea is to not let your ego take hold. Making something that may get you called a noob or neophyte is perfectly fine if it accomplishes the goals and strengthens your skillset. It's the ego to boast about your own tools that gets people in trouble. Save that shit for open source projects.

Once you have a design method that accomplishes what you want and you know the code requirements, put pen to paper then validate. To validate you may make some vms that you can revert back or do like many did and just infect another computer (not actually in use) a few thousand times and wipe it out later. If you need to run it through debugging, do it. If it runs just fine and does everything you need, still debug it. Make sure that at every stage of execution you aren't leaving something there that shouldn't have been. Maybe you need to clear out a variable before reusing it. This doesn't seem like much, but if you have a chain of functions inside a loop and one of them edits a global variable then crashes before it gets cleared, then you run the next function that adds to that variable, you now went from a variable of integer 99 to 9999 or 999999. That's gonna suck if you have a waiting/sleep loop for 999999 seconds (11 days before execution? yeah, a personal computer or workstation will be rebooted before then, servers will usually kill the process before then)


In theory, if you understood everything I've said here, you went and made a program designed as informed, you've made a keylogger that uses the useragent field of a web request to the grabify link added above to send data back. Perhaps if you're having trouble getting all the data into the field, remember that you can send multiple requests, without needing the return data, and therefor you can also send size-limited data back. This is designed to be educational and not intended to be used for any criminalized activities of course. The biggest take away people need to understand is the process to make any form of virus isn't exactly magic. Next time I'll discuss more about design around rats and backdoors.

With love,
- Ferasdour.

No comments:

Post a Comment

New wordpress site. yes, seriously

 So, I made myself a little wordpress site over (http://hello.0daz.io/see-also/). It's running on docker, with goreplay setup to propaga...