ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Multiple Payloads ³ DuSTFaeRie/DDT ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Multiple Payloads --> a guide to funny virus writing Hmmm erhhh... Gotta work... Gonna use my computer... Gonna use WinWord... Hmmm... Nice Program... 50 MB... That's a lot... That's a good program... So, where's the power button ? These computers... Always have to turn them on... Can't they do this alone ? OOOHHH... What's this ? Fixed disk drive #1 Boot failure Press DEL to enter setup Just released your mindblowing trojan or your gee virus. You're just laughing at those lamers using NAV or Flushot. Fuck NAV, fuck those bitching HD, wipe this data off earth !!! That's what virii are all about : tunneling int 13h, xoring all registers and killing the goddamn harddisk. Haha. What a kicking work. But haven't you noticed that you're the lamer in the whole thing ? Harddisk erasing is known since the beginning of virus writing, 2 centuries ago ;). Maybe it was funny in the beginning, coding stuff like killing first sector, filling MBR with scrap, erasing CMOS password. But even of that i'm not sure. Here's what you have to do : - make a copy of your HD or use your old 286 laboratory computer; - get a copy of the funky whale virus; - spread it; - watch. Aren't those files, those directories, those disappearing clusters funny ? Hey, but this virus doesn't do just a single thing. Yes, it has multiple payloads. => What's the use of this ? It just makes the whole thing grow. Who cares about two more kb nowadays ? If your virus is a good hip stealth tunneling antiheur polymorph, there is gonna be no problem. Today, virii are written in pascal and VB, so who gives a shit about those bytes ? Just stick to pure asm ;). And now enter the marvellous world of multiple payloads : -> don't you want to write a virus which people will spread on their computers just for the pleasure to see what it does ? -> You can reuse your graph demo knowledge, as far as you have some, and make it available to everybody ! For free !!! -> You won't get bored by just adding those fuckin' antiheurs into your virus. -> Your virus will more likely become famous the if it would just wipe files off the HD. WE WANT CODE !!! WE WANT CODE !!! WE WANT CODE !!! ============================================================================ MULTIPLE PAYLOADS ============================================================================ So here it goes : There are lotsa ways to write multiple payloads. You could use events that trigger on various dates : -----%<---snip-snip-----%<------ mov ah, 0x2a int 0x21 cmp dx, 0x070D jne next jmp payload1 next : cmp dx, 0x031B jne next2 jmp payload2 ... -----%<---snip-snip-----%<------ You could use a random number, and it and jump to the payload (notice you have 2^n payloads) : -----%<---snip-snip-----%<------ in ax, 0x40 and ax, 0b11 shl ax, 1 add ax, payloads mov bx, ax mov ax, [cs:bx+bp] add ax, bp jmp ax ... payloads dw payload1 dw payload2 dw payload3 dw payload4 -----%<---snip-snip-----%<------ You could let the user choose : -----%<---snip-snip-----%<------ Errr, that's up to you... -----%<---snip-snip-----%<------ ============================================================================ FUNNY PAYLOADS ============================================================================ Now we're gonna move to those payloads. You don't like WinBloze (ooohhh, there's a lot to do) : - erase win from autoexec.bat - call a little program from autoexec.bat -----%<---snip-snip-----%<------ mov ah, 9 lea dx, [message] int 0x21 cli halt message db "Page Segmentation Fault", 13, "Please format you Hard Disk and install Windows anew$" -----%<---snip-snip-----%<------ - open a lot of windows the user cannot close (check it out in my Roesch virus which will be avalaible in short time) => You want the user to get mad : - create a lot of files with rubbish poetry in them (whale virus) - beep and wait each time the user presses a key - send the whole mem to printer - beep every second - on int 0x20 or int 0x21:0x4c, launch the same program again - show a lot of false error messages => You want to be funny - ask some questions to the user - advertise your web site - show him some neat graphix (bump mapping, metaballs...) - let him play a game - show some messages from outer space (maybe on the speaker too) : "We are coming to invade your home, little earthling..." As you can see, there's a lot more to do. But i don't wanna see CMOS password erasers anymore. Hmmm erhhh... Gotta work... Gonna use my computer... Gonna use WinWord... Hmmm... Nice Program... 50 MB... That's a lot... That's a good program... So, where's the power button ? These computers... Always have to turn them on... Can't they do this alone ? Aahhh, Windows... Oooohhh, what's this ? Beep... Beep... "Hello Bill"... Ahh, I wan't to close that windows... And what's this on my printer : "I want biscuits... Biscuits make my living... Biscuits... Cookies... Brownies..." Hey... My Cd opens and closes... Open... Beep... Close... Segmentation fault... Beep... "The CIA has found some dangerous biological viruses in your brain"... Beep... Isn't that funnier ??? DuSTFaeRie / DDT