208 lines
8.6 KiB
Plaintext
208 lines
8.6 KiB
Plaintext
|
|
|
|
|
|
ÛÛÛÛÛÛÛÛÛ
|
|
ÛÛ ÛÛ
|
|
ÛÛ ÛÛ i O L O G i C A L
|
|
ÛÛÛÛÛÛÛÛ
|
|
ÛÛ ÛÛ
|
|
ÛÛ ÛÛ
|
|
ÛÛÛÛÛÛÛÛÛ
|
|
|
|
ÛÛ ÛÛ
|
|
ÛÛ ÛÛ A R f A R E
|
|
ÛÛ ÛÛ
|
|
ÛÛ ÛÛ
|
|
ÛÛ ÛÛ ÛÛ
|
|
ÛÛÛÛÛÛÛÛ
|
|
ÛÛ ÛÛ
|
|
|
|
|
|
Virus Creation Kit
|
|
Version 1.00 by MnemoniX 1994
|
|
|
|
|
|
|
|
LEGAL DEPT.
|
|
|
|
MnemoniX is NOT responsible for any damages that may result from using this
|
|
program or any code that is generated by this program. Such damages are your
|
|
problem, not mine. This program is for educational purposes only; the code
|
|
generated by the program is NOT to be distributed without the knowledge of
|
|
the recipient.
|
|
|
|
This program is not for idiots! If you are unfamiliar with programming or
|
|
the workings of your PC, you should definitely not be using this program.
|
|
|
|
And please don't remove the "[BW]" signature from the code. It's not that
|
|
much to ask.
|
|
|
|
|
|
REVISION HISTORY
|
|
|
|
0.90á Beta Test version.
|
|
1.00 Fixed minor superficial bugs and added support for the
|
|
Biological Warfare Mutation Engine.
|
|
|
|
|
|
ABOUT BIOLOGICAL WARFARE
|
|
|
|
Biological Warfare is, of course, a virus creation kit. The program will
|
|
generate assembly source code for a fully functional virus according to
|
|
the specifications you give it. The assembly code generated is specifically
|
|
designed for Turbo Assembler; it should work with MASM, and perhaps other
|
|
assemblers as well, although it may require slight modification. Its selling
|
|
points include :
|
|
|
|
* COM & EXE infection
|
|
* Resident & non-resident viruses
|
|
* Anti-trace code
|
|
* INT 24 handler
|
|
* Directory stealth
|
|
* Encryption, both standard and basic polymorphic (via the
|
|
Biological Warfare Mutation Engine)
|
|
|
|
When Biological Warfare is run, it will give you a menu with a list of
|
|
options pertaining to the virus. You manipulate the options as directed
|
|
to create the virus to your specifications. Any options that do not pertain
|
|
to the configuration you choose are ignored. The options are :
|
|
|
|
A) Text - Any text you wish to appear within the virus, up to 60 characters.
|
|
|
|
B) Resident - Specifies whether virus will be resident in memory or not. "Y"
|
|
specifies a resident virus.
|
|
|
|
C) Infect - Either COM, EXE, or both. Infects the corresponding files.
|
|
|
|
D) Encryption - This determines the type of encryption to be used by the
|
|
virus. This can be either None, Basic, or Polymorphic. If
|
|
None is chosen no encryption will be used. If Basic is used,
|
|
the program will use one of a number of encryption algorithms
|
|
at random. If Polymorphic is chosen, the code will be
|
|
written to include the Biological Warfare Mutation Engine.
|
|
More on this later.
|
|
|
|
E) INT 24 Handler - "Y" specifies that the virus will steal DOS's critical
|
|
error handler to avoid write protect errors.
|
|
|
|
F) Anti-Trace - "Y" specifies that the virus will includes routines to thwart
|
|
trivial debugging or tracing.
|
|
|
|
G) Maximum Size - Either Y or N. If "Y" is selected, the virus will not infect
|
|
any .COM file too large for it. (.COM infectors only)
|
|
|
|
H) Traversal - "N" specifies that the virus will only infect in the current
|
|
directory; "Y" specifies the virus will move upwards in the
|
|
directory tree. (Non-resident viruses only)
|
|
|
|
I) Infections/run - Maximum number of files to infect each run. Selecting "0"
|
|
will cause all possible files to be infected. (Non-
|
|
resident viruses only)
|
|
|
|
J) Avoid COMMAND - "Y" specifies that the virus will not infect COMMAND.COM.
|
|
(.COM infectors only)
|
|
|
|
K) EXE Marker - Two characters used to indicate an infected .EXE file. (.EXE
|
|
infectors only)
|
|
|
|
L) Overlay check - "Y" specifies that the virus will not infect .EXE files
|
|
with internal overlays. (.EXE infectors only)
|
|
|
|
M) Time stamp - This is used by either directory stealth or polymorphism.
|
|
(You can't use both directory stealth and polymorphism.)
|
|
If you select polymorphism, infected files are marked with
|
|
this timestamp. If you are making a resident virus and
|
|
polymorphism is off, this timestamp is used to hide the
|
|
file size increases from a directory listing. All infected
|
|
files have their seconds field set to the given number.
|
|
Absence of this number indicates that no directory stealth
|
|
or polymorphic function will be included.
|
|
|
|
N) Infect on - Specifies what conditions the virus infects under. "EXEC"
|
|
specifies that the virus will infect on execute; "OPEN"
|
|
specifies that it will infect on file opening; and if both
|
|
are given, the viruses infects on execution and file opening.
|
|
(Resident viruses only)
|
|
|
|
O) Activate - If "Y" is chosen, the virus will include space for an activation
|
|
routine in the code.
|
|
|
|
P) More directory stealth - This may be only used in conjunction with
|
|
directory stealth; it will make the increase in file
|
|
size invisible from any file managing programs in
|
|
addition to a DIR command. If "Y" is chosen
|
|
this feature is added. (Resident viruses only)
|
|
|
|
After these options are set, enter "V" to create the virus source code, and
|
|
"Q" to quit. The source code can be compiled and then linked to create a
|
|
fully functional virus.
|
|
|
|
|
|
BIOLOGICAL WARFARE MUTATION ENGINE (BWME)
|
|
|
|
The BWME is a polymorphic encryption engine that will make your virus more
|
|
difficult to scan. It will create a different encryption algorithm each time
|
|
it is run and create a new copy of the virus, with very little similarities
|
|
between copies.
|
|
|
|
I should mention at this point that this a VERY basic polymorphic engine.
|
|
Modifications and additions are encouraged, as this is meant to be a
|
|
learning tool. You can use it in your own viruses as well, but please
|
|
don't remove the "BWME" signature.
|
|
|
|
I included the BWME as a separate file - BWME.ASM. When you compile a virus
|
|
created with the kit that uses BWME, this file must be accessable by the
|
|
assembler. Your can call it within your own programs as follows:
|
|
|
|
DS:SI points to code to encrypt
|
|
ES:DI points to area to store resulting code
|
|
CX is size of code to encrypt in bytes
|
|
DX is the offset at which the resulting code will be RUN
|
|
in memory
|
|
|
|
Use by entering:
|
|
|
|
call _bwme
|
|
|
|
and include, at some point in the file, the line:
|
|
|
|
include bwme.asm
|
|
|
|
|
|
IDIOTPROOFING
|
|
|
|
This program is, as I have said, not for idiots. For this reason I have
|
|
password protected the program; if you received this program from the right
|
|
places, you should have been given the password. I have not been overly
|
|
protective about hiding the password, but hopefully it will prevent the
|
|
knobs out there from using it.
|
|
|
|
|
|
BUGS, SUGGESTIONS, AND OTHER HOUSEHOLD HAZARDS
|
|
|
|
I hope to have weeded out most of the bugs in the virus creation engine; I
|
|
personally am disgusted by the many non-functional virus creation kits out
|
|
there. If you find bugs with a virus created, I would like to know; please
|
|
tell me, giving all the information you can, perhaps even a copy of the
|
|
program it screwed up on (no commercial programs, please). With your help I
|
|
hope to perfect the engine. Suggestions are always welcome as well; input
|
|
would be greatly appreciated.
|
|
|
|
|
|
IN THE FUTURE
|
|
|
|
A large percentage of the virus creation kits out there come with documen-
|
|
tation saying "Next version I'll add these fantastic new features, etc."
|
|
when it's unlikely there will even BE a next version. Nonetheless, in future
|
|
versions of this kit, I intend to optimize the code more (right now, some of
|
|
the code comes out a bit bloated, although still functional) and include :
|
|
|
|
* More stealth abilities
|
|
* Anti-AV techniques
|
|
* Boot sector infection, if I'm feeling ambitious
|
|
|
|
So there it is : Biological Warfare. Enjoy.
|
|
|
|
- MnemoniX
|
|
1994
|