
=========================
Ideas For Your Next Virus
=========================
by alcopaul/brigada ocho
october 18, 2011


Viruses are basic. If we adhere to the basic definition of it, a virus should be
"a piece of code that inserts itself to another code." And there have been a lot
of proof of concept codes that demonstrate that. They are even written in
different languages, from assembly to BASIC. Infection methods may vary a little
but in general they all follow the definition. 

But as time goes by, viruses have acquired functionalities that made them break
free from that simplistic definition. We have now network aware viruses aka
worms. We have viruses that take advantage of the operating system and hide
themselves deep into the operating system. We have now viruses that attack
nuclear power plants and military drones. And possibilities are endless.

And this article attempts to give you few of those possibilities.

Let's Go
--------

So the key for a successful virus is the chance of it spreading in the wild.
Before, the methods of spreading is by sharing disks so virus writers took
advantage of that to spread their creations. They made their viruses infect
the boot sector and the files in the disk. With this, this ensured the execution
of it in another pc. And when the internet came, virus writers took advantage of
email, network exploits and social engineering for their viruses to spread. Of
course the old school file infection still existed but the majority was worming
routines. And now, there's even a new trick that takes advantage of the
internet. Virus writers host their viruses in websites and uses exploits for it
to be remotely executed in a victim's pc.

But no, that's not all of the techniques that can be done. There is still few
tricks that we can do.

1.) You can make your virus insert itself to picture file and upload the picture
file to picture servers that gives you a direct link to the picture. And in the
picture, there is an instruction for the user to do for him to execute the virus
embedded in the picture (see Perrun.NET in b8#3). The virus then include the
direct link to public galleries.

2.) You can make your virus convert itself to plaintext and upload the plaintext
to a free text hosts, including in it an additional instruction for the text to
be converted back to executable. You can make him download an executable that
converts plaintext to executable bytes and execute it in memory.

3.) You can make the virus host itself to a free file server that gives you
direct link and then make the virus message the link to your friends in
Facebook, Twitter, Yahoo and other instant messaging services, telling them to
execute the link (a .com extension is suggested for this). Or better, you can
poison searches by showing the direct link in search engines.

4.) You can make your virus copy itself to removable drives to filenames that
should be enticing for the innocent user to execute. Remember that the autorun
feature was already given a fix so a little social engineering is necessary.
Removable drives/USB sticks are used especially in university/school settings.

5.) You can make your virus embed itself to old school documents since documents
are still the most exchanged form of data. Say your virus can put a link of
itself in a document. This is very possible in Office documents, and possible
too in the new XML Office format.

6.) You can predeploy the virus in crypted/data form and lie dormant in
computers. Then deploy a program which only function is to decode/decrypt/make
executable the predeployed files. Antivirus software won't raise a flag on the
decoder since their only function is to decode.
7.) You can theoretically modify a video by placing a watermark on it, which can
be an instruction to execute your virus, hosted on a remote server or embedded
in the video.

8.) You can theoretically modify a sound file by appending another sound
instructing the listener things to do for your virus, hosted on a remote
server or embedded in the sound, to be executed.

I'm sure you'll notice that all the techniques lacks an important feature that
the virus should have - autoexecution. But it is supplanted by social
engineering. Your virus should be effective in convincing the user to do an
additional step to actually executing your virus. This is like the old email
worm wherein the attached worm must still be executed by double clicking the
attachment.

Finally
-------

So that's all that I can suggest for your next virus. That is if you're running
out of ideas and you want to do something new.