Analyse The Virus

CAUTION: The application in this post MUST NOT be downloaded or executed whatsoever unless you are downloading it to a controlled environment. Although it is not a virus, nor does it replicate from computer to computer, it WILL cause damage to systems.


That said, I was bored on Sunday, and I have a copy of VMWare. So I used a sandbox of XP to create a trojan, to work out how ultimately I could destroy windows XP, in the fewest moves.

Here's my effort. If you have VMWare, or VMPlayer (free from their site) plus a WinXP image, I welcome you to study my trojan. Please note this is purely a research and just for fun effort. Please exercise extreme care when using this code.

Notes:

* This does not exercise any form of replication. It will affect only the machine it is run on
* This trojan is double clicked, and then infects the machine the next time it is rebooted

For fun, see if you can analyse it and see what it does. Or post your own windows killer code here, and I'll run it on my sandbox and see what it does Bonus points for making XP melt in a particularly gruesome / scary way...

( Oh, and the link ==> http://www. johndriscoll.co.uk/stuff/stop.exe )
NOTE: Space inserted after http://www.

Remember, you've been warned, this is dangerous, be safe people.

Then why do it?

Cause if you've got a VMWare simulated Windows XP it can be fun finding ways to destroy it. After all, it's just a simulated environment, and you can roll back to an image in a second. Lots of stuff that COULD be dangerous is done every day. I'm saying, "here, this is fun, just play safe". A reasonable warning to take precautions.

Of course, if in doubt, don't.

You will be hearing from the FBI shortly.

Bah, hey, if it's your installation of XP, and you know what you're doing, why not destroy it. It's your hard drive, and your digital 1s and 0s after all. Heck, why not

It's also not illegal, if that's what you choose to do with your own computer equipment

Just a note to remind readers, the application linked to in this thread is an academic trojan application, which is extremely corrosive to any installations of Microsoft Windows. DO NOT download it or run it unless you are sure you have taken all necessary precautions first. A virtual machine test environment is strongly recommended


Play safe, be happy

Great, now how do I fix my PC?

This was not funny.

If you had in fact run the program linked to, you would not be here typing that. There's always one who will try it on.

Just in case you're wandering around, I'm going to remind you, if you see a radioactive sign, don't eat it. If you see a biohazard sign, don't drink it, and if you see this sign:


Just a note to remind readers, the application linked to in this thread is an academic trojan application, which is extremely corrosive to any installations of Microsoft Windows. DO NOT download it or run it unless you are sure you have taken all necessary precautions first. A virtual machine test environment is strongly recommended


don't run it unless you know what you're doing. Not everyone can have fun messing with this app, but some of us can. So please don't spoil our fun because this app isn't for EVERYONE. The thread is clearly labelled, repeatedly.

I am using my laptop. My PC will not work.

I have Video Maker software and it DID NOT protect my PC like you said it would!

Seriously, do I fix it?

What is video maker? Doesn't sound like you know what you're doing, so I'm assuming you ignored all THREE warnings on the first post. Some people do innocently come into trouble with their computers, but I think if you're being serious, you actually do deserve this. Three warnings and bright red warning signs should be enough for anyone.

Video Maker Ware, you said it was okay to click if I had that. Do you have my bank account information now?

I called my friend and he said that trojans can steal my personal information and be used by criminals. Where did my personal information go?

Did you also steal my "kittens in a basket" screensaver? I WANT THAT BACK!!!!

Sorry I only have time for actual problems, not made up ones

Like creating malicious applications where none previously existed?

Ugh, I feel a pointless pitched battle coming on. I'm not getting into this, it's not worth it. Suffice to say this:

For me windows XP is not my primary choice of OS. But I did shell out a number of hundreds of dollars for a license to use it. And I also paid more hundreds for VMWare. One thing VMWare lets me do is mess around with my copy of XP. Which I'm within my rights to do. The program I created alters installations of XP. Specifically just one installation, the one the user chooses to run it on. It does not replicate in any way. Nor email itself at all.

The effects of this program may not be fun for everyone, so it's uses are labelled clearly to allow end users to choose if they wish to run this program or not.

As it stands, the program is quite useful and interesting in looking at some of the vulnerabilities and weaknesses of a modern operating system.

It cannot be labelled malicious in any way. It merely does exactly what it says on the tin.

Finally, one more bit of food for thought. A firework can blow your fist into smithereens, but I do NOT support it's withdrawl from sale anywhere in the world. Fireworks are not malicious. They also just do what they say on the tin.

There will always be those people who wish to make an argument for the sake of making an argument, but I'm not going down that road. I hope everyone with VMWare gets something interesting from my program. Tomorrow I'll discuss what it does, and how with two simple moves, you can cripple XP. It may throw up a number of debate topics, such as the lack of wisdom of making all users root.


Just a note to remind readers, the application linked to in this thread is an academic trojan application, which is extremely corrosive to any installations of Microsoft Windows. DO NOT download it or run it unless you are sure you have taken all necessary precautions first. A virtual machine test environment is strongly recommended

I'd put a space between the . and the j, as in

http://www. johndriscoll.co.uk/stuff/stop.exe

so that it doesn't auto-parse the URL. Just to be a little safer.

Fair point, I'll do that

ok, whats to stop someone from distributing your little monster?

Nothing except it's a real dog cause you have to convince every user to double click it (harder than it sounds). Also much as I'd like to take credit as an Einstein of programming, it really doesn't do that much. Anyone in the game could either a) knock up a better one in minutes (it took me about 30 minutes) or b) Download a REAL trojan with good replication off the net.

Mine is actually good cause it allows you to watch damage to XP, but with no replication code or anything, it's actually like a much cleaned up, neutered version of what you get in the wild.