Hein (fub) wrote,

  • Mood:

Writing a trojan

Today, I wrote a virus or trojan.

I needed a script that escaped two variables, constructed a URL with those, requested the URL and writes the response to a file. So I thought I'd write a small VBScript script that would run in the WSH to do the task. I found an example somewhere online, and adapted that code to suit my needs.
When I was finished, I saved the file as SaveURL.vbs, so that I could test it.

FSecure popped up a message: "ZOMG, I found a virus or trojan in SaveURL.vbs!"

And it kept nagging when I wanted to do anything to that file. I thought that maybe I would have to rephrase a few calls, but I couldn't edit the file anymore. When I tried to open it with my text editor, FSecure kept nagging about the trojan, and would deny me access. I couldn't even disable the live scan, because we have strict security policies.
(As an aside, those strict security policies do make sense. We take our laptops to clients and use their networks to do our work -- obviously it would be bad if a client environment would become infected through one of our laptops!)

So, in effect, I had fooled FSecure into thinking I had a quite volatile script on my harddisk, and it wouldn't let me fix things so that it could go to sleep again.

In the end, our sysadmin started killing all processed with names that began with 'fs', and somehow managed to kill the access scanning. Which enabled me to delete the file, to save FSecure from further stress.

Then I re-wrote the calling script to use wget instead. It does the exact same thing, but FSecure didn't mind at all. Lesson for trojan and virus writers: use wget! It's even open source, so you can just get the source code and integrate it with your own malware to download even more stuff to run on infected machines!
Tags: programming

  • Sinterklaas & rhymes

    On a whim, I had bought chocolate capitals for the two colleagues who are in my project, plus for the key people at the client. I wrote Sinterklaas…

  • BlinkenLEDs -- the final frontier

    This evening, I produced the final version of the firmware for the single-matrix BlinkenLEDs circuit. This one has it all. If you recall, I have two…

  • Another day, another blinkenLEDs mode

    So I had this idea yesterday... if I make a large display with multiple LED matrices on top of eachother, wouldn't it be cool to have a…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded