November 12th, 2007

net zombie!

Writing a trojan

Today, I wrote a virus or trojan.

I needed a script that escaped two variables, constructed a URL with those, requested the URL and writes the response to a file. So I thought I'd write a small VBScript script that would run in the WSH to do the task. I found an example somewhere online, and adapted that code to suit my needs.
When I was finished, I saved the file as SaveURL.vbs, so that I could test it.

FSecure popped up a message: "ZOMG, I found a virus or trojan in SaveURL.vbs!"

And it kept nagging when I wanted to do anything to that file. I thought that maybe I would have to rephrase a few calls, but I couldn't edit the file anymore. When I tried to open it with my text editor, FSecure kept nagging about the trojan, and would deny me access. I couldn't even disable the live scan, because we have strict security policies.
(As an aside, those strict security policies do make sense. We take our laptops to clients and use their networks to do our work -- obviously it would be bad if a client environment would become infected through one of our laptops!)

So, in effect, I had fooled FSecure into thinking I had a quite volatile script on my harddisk, and it wouldn't let me fix things so that it could go to sleep again.

In the end, our sysadmin started killing all processed with names that began with 'fs', and somehow managed to kill the access scanning. Which enabled me to delete the file, to save FSecure from further stress.

Then I re-wrote the calling script to use wget instead. It does the exact same thing, but FSecure didn't mind at all. Lesson for trojan and virus writers: use wget! It's even open source, so you can just get the source code and integrate it with your own malware to download even more stuff to run on infected machines!

Torrenting under Linux

As you all know (or maybe you don't, but then you must be new here), I use BitTorrent to download the ungodly amounts of anime we watch. A site like BakaUpdates to keep track of the new releases, and a BitTorrent client with queues, slots, ratios and some other nice features are all that I need.

When I still ran WinXP, I used uTorrent. It's closed source, and was acquired by BitTorrent, Inc, which is in bed with the MPAA -- I used the last version before the merger, just in case.

On Linux, I tried a few clients. The built-in client in Ubuntu is not suited for my purposes, and the others were quite clunky interface-wise. In the end, I settled for KTorrent, but that one crapped out on me a lot of times. Still, it was as close as one could get to uTorrent on Linux, so I made do.

Until a few weeks ago, when I discovered Deluge. It's an open source client, with packages available for many Linux distros and even Windows. It supports many features that were unique to uTorrent, has the same type of interface... it is, in short, perfect.

Well, there is a small thing left: when you close Deluge, it doesn't save your upload ratios -- so when you next start Deluge, all ratios are reset to 0%. Apparently this bug has been fixed in the source, so it is only a matter of time until an updated package is built with that fix.