Hein (fub) wrote,

  • Mood:

Writing a trojan

Today, I wrote a virus or trojan.

I needed a script that escaped two variables, constructed a URL with those, requested the URL and writes the response to a file. So I thought I'd write a small VBScript script that would run in the WSH to do the task. I found an example somewhere online, and adapted that code to suit my needs.
When I was finished, I saved the file as SaveURL.vbs, so that I could test it.

FSecure popped up a message: "ZOMG, I found a virus or trojan in SaveURL.vbs!"

And it kept nagging when I wanted to do anything to that file. I thought that maybe I would have to rephrase a few calls, but I couldn't edit the file anymore. When I tried to open it with my text editor, FSecure kept nagging about the trojan, and would deny me access. I couldn't even disable the live scan, because we have strict security policies.
(As an aside, those strict security policies do make sense. We take our laptops to clients and use their networks to do our work -- obviously it would be bad if a client environment would become infected through one of our laptops!)

So, in effect, I had fooled FSecure into thinking I had a quite volatile script on my harddisk, and it wouldn't let me fix things so that it could go to sleep again.

In the end, our sysadmin started killing all processed with names that began with 'fs', and somehow managed to kill the access scanning. Which enabled me to delete the file, to save FSecure from further stress.

Then I re-wrote the calling script to use wget instead. It does the exact same thing, but FSecure didn't mind at all. Lesson for trojan and virus writers: use wget! It's even open source, so you can just get the source code and integrate it with your own malware to download even more stuff to run on infected machines!
Tags: programming

  • Update

    Wow, what with one thing and another, I haven’t posted on here in a month! Time to give a short update on what’s been happening.…

  • Final RPG-a-Day: Thank

    The last prompt for RPG-a-Day this year is ‘Thank’. If you have read every entry of this year’s RPG-a-Day, then I certainly…

  • Next-to-last RPG-a-Day: Mention

    Today’s prompt is ‘Mention’. I guess this is where I mention people I look up to, or websites I frequent? Ok, here’s…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded