SlideShare uma empresa Scribd logo

Batch File Virus Project Technical Paper

Transferir como DOCX, PDF
S
Stephen Whisman

The document summarizes a student's final project to create a batch file virus hosted on a USB drive. The virus copies and deletes files from targeted directories and fills the space with junk files. The student reformatted the USB drive to have a CDFS partition containing the virus files, which allowed auto-execution on Windows computers. Testing was done using virtual machines. The student discusses challenges faced and ways the virus could be improved, such as disabling security software and persisting after reboots. The project helped the student better understand malicious software and batch file programming.

1 de 13
Running Head:Batch File Virus Project Final Paper Final Project Paper By: Stephen L. Whisman Student ID # 1698547 Embry-Riddle Aeronautical University Spring 2015 4/27/2015
Batch File Virus Project Final Paper 1 Batch File Virus Project Final Paper The final project that I chose was to create a virus that is hosted on a flash drive and is auto run when plugged into computer. The program has the ability to execute almost completely invisibly and will navigate to and steal files from a specific known directory(s) that are pre-programed into it. After all of the files in a targeted directory are copied to a location on the USB they are all deleted from the directory they were taken from. Once all of the files are deleted the program will copy a large picture file onto the victim computer and then replicate that file until the directory is completely full. Unfortunately when I first started working on this program I realized that Windows had disabled the auto run function for removable media, in order to stop malicious software such as this from being executed automatically, and I was unable to find a workaround to this problem for quite a few weeks. However, I had previously heard of a method of creating a small partition on a flash drive that is interpreted by the computer as a CDFS partition. The idea came from the U3 smart drives that were being created back in the mid-late 2000s which would auto launch, from a CDFS partition on the flash drive, applications upon insertion of the USB drive. This is important for my project because Windows 7 and later versions still have the ability to auto run from a CD that contains software if the targeted computer has enabled the auto run software from CD feature.
Batch File Virus Project Final Paper 2 Further research revealed that SanDisk discontinued their line of U3 smart drives due to a deal made with Microsoft, most likely for security reasons, and the idea of CDFS partitioned flash drives started to fade from commercial retail. However, programmers from around the world continued to develop open source software capable of re-formatting flash drives to have a CDFS partition along with a normal NTFS partition. The issue with these re-formatting programs is that they are chip-set dependent, meaning that certain programs only are capable of formatting certain USB drives depending on the chip-set used inside it. This presented another problem which was that not all flash drives have the capability of being formatted in such a way and trying to do so without the proper software tools or USB drives would result in permanent damage to the removable media. I was however able to discover a database of disk partitioning utilities on a website called USBDev.ru which hosts a vast variety of disk utilities as shown in Figure 1. In order to reformat a USB drive properly I needed to search the entire database for the tool that worked specifically for one of my flash drive’s chipsets. This required many failed attempts and it turned out that I just so happened to have one flash drive that was format table with a CDFS partition. Figure 1: USBDev.ru
Batch File Virus Project Final Paper 3 The flash drive that I was able to use for my project is a SanDisk Ultra USB 3.0 16GB. In order to find the chip-set that was included with the USB drive I used three tools from USBDev.ru called CheckUDisk, ChipEasy, and FlashGenius. These utilities showed me that my USB drive has a Phison PS2251-03 chipset controller. The software that I required to format my USB drive properly is a formatting tool called Phison ModeConverter which is capable of creating one NTFS partition and also creating a CDFS partition with a premade .ISO file “burned” into it. The .ISO file stores all of my script files that are to be loaded into the CDFS partition and is created by a free ISO creator software called Free ISO Creator. Figure 2 shows this program taking the directory that has all of my .bat, .vbs, and .inf files that makeup the virus and compressing it into an .ISO file. Figure 2: Free ISO Creator
Batch File Virus Project Final Paper 4 Once the ISO file has been created the flash drive is then inserted into a free USB port and Phison ModeConverter is then launched. ModeConverter automatically finds the proper drive letter associated with any Phison chipset controller so the user does not accidently try and format a drive that is not compatable. Next the proper settings are chosen, the NTFS partition is named, and the ISO file that was created earlier is chosen to be “burned” into the CDFS partition. The naming of the NTFS partition is important because the .bat file uses this name to identify which drive to copy data to. Then the convert button is clicked and the directions are followed until the removable media has been fully formatted. Figure 3 shows ModeConverter with the correct settings and drive name before and after convert is clicked. Figure 3: ModeConverter with Correct Settings and Drive Name, Before and After Conversion Once the flash drive has been formatted it will immediately be ready to use once it is plugged back into the computer. In order to perform tests on the program I needed to set up a few virtual machines, to prevent damage to my home computer,
Batch File Virus Project Final Paper 5 which required me to install Oracle Virtual Box. Virtual Box allows a virtual machine to be created that can be used to test software. With this program I created and copied virtual hard drives installed with Windows 7 Home Premium 64-Bit onto a removable hard drive. Once one of these virtual machines is running the proper auto run setting for software on CDs is selected. Now the USB drive can be inserted into the virtual machine to test how it executes. Figure 4 shows the virtual machines auto- run settings with the correct values selected, the image on the left, while the image on the right shows what the user using the computer should see when the script is running correctly. Figure 4: Auto-Run Settings with Correct Values (Left) and Correct Program Execution (Right)
Batch File Virus Project Final Paper 6 You may have noticed that in the above right figure there is no command line running and it looks like nothing is happening when in reality the program is just running invisibly in the background. This is because my CDFS partition of the USB contains a file called launch.bat that has a call to start running wscript.exe with the invisible.vbs script file and virus.bat. The invisible.vbs file contains a short script that enables virus.bat to be run invisibly with the exception of a blank command line popping up for less than a second when the program starts executing. Figure 5 shows the contents of invisible.vbs displayed in notepad. Figure 5: Contents of Invisible.vbs Before going any further I would like to explain why I chose to use a batch file to be my virus and what a batch file is. The choice to use a batch file was due to the fact that they can perform a variety of tasks and are more difficult to detect than many other programing languages. They are commonly used to automatically update things when a certain event occurs and to format data storage mediums. They can also be used to steal information, irritate victims by wasting CPU resources, delete
Batch File Virus Project Final Paper 7 windows files, and disable both the AntiVirus and Firewall (“Microsoft Corporation”, 2015). Batch files, also called a batch program or script, were designed to simplify routines or repetitive tasks back in MS-DOS. They still exist today as a relatively unused and unknown feature in windows operating systems. They are written in an unformatted text file that includes one or more commands for the command line and is saved with a .bat or .cmd extension. Any commands that work in the windows command line are allowed along with commands like for loops, goto statements, and if statements that are used to tell the program what to do when executing (“Batch File”, 2015). Whenone of these script files are executed the commands within are executed line by line until the end of the file is reached, which results in the termination of the script. The only exception to the sequential execution of the commands is when the program is in a for loop or hits a goto statement. My virus's launch.bat file, that initiates the execution of virus.bat, is called by the autorun.inf file which the computer automatically launches once the removable media is plugged in. The batch file called virus.bat is the main script file that contains the code that identifies if the drives that have been pre-programmed exist or not and the code that copies, erases, and fills the working directory with spam. Figure 6 below shows all of the files that are formatted into the CDFS partition on the left and the contents of virus.bat on the right.
Batch File Virus Project Final Paper 8 Figure 6: All Files Apart of CDFS partition (Left) and Contents of virus.bat (Right) The program that I have written above is extremely modifiable and can easily be changed to implement other potentially harmful actions. For example, code could be added that searches for every available media storage drive letter in order to copy all the data that is connected to a computer. Other code could be used that saves a separate .bat file, that copies junk files into a hidden directory, into the windows file system and cause it to auto run on computer startup. This would be a useful function because it effectively uses up all of the system memory and the victim would have a hard time finding out why.
Batch File Virus Project Final Paper 9 I desired to implement a way to disable the Antivirus, firewall, and networking capabilities but was unable to find a way. I was able to create a batch file that did all of these things but it was not capable of being run invisibly. Since I want it to run invisibly this was unacceptable so I decided not to implement it into my final submission. I also wanted to implement a way to auto run on system startup but I honestly ran out of time and was unable to add it to the final submission. Figure 7 shows the code needed to disable the system security, firewall, and network adapter. Figure 7: Network Capability and Security Disable Overall, batch files can be both an incredibly useful and yet dangerous tool. This being said they are also very difficult to wright and fully understand if the programmer does not understand the proper syntax that goes along with the MS-DOS command line interface. One space in the wrong location will cause the batch file to operate improperly resulting in a faulty execution. The final submission does function correctly and has been used to copy more than 2GB of data at a time from multiple disk drives that were connected to a computer, even ones that are shared over a network. It also deletes the users profile
Batch File Virus Project Final Paper 10 directory and fills it with junk files which can result in loss of valuable information because that space is now holding new data instead of just being unindexed from memory. Figure 8 shows the user directory after the virus has finished executing. Notice that the computer is giving an error message that it is low on disk space because of the junk file replication. Figure 8: User Directory After In conclusion, I am disappointed that I was unable to implement more advanced features into this project because of time constraints. This project is probably something that I will continue to slowly modify in my free time. I was continually challenged and confused by the batch script syntax and also had a difficult time navigating through USBDev.ru even after the page had been translated from
Batch File Virus Project Final Paper 11 Russian to English. There are so many different tools and versions of tools that even the ones that are listed for your chipset controller may not even work. Just discovering which chipset controller my drives had was a lengthy task because a lot of the tools are also extremely buggy. I found this project quite challenging and feel that I have a much greater knowledge of how malicious programs are able to cause so much frustration on a victim and damage to a computer.
Batch File Virus Project Final Paper 12 Bibliography Batch File Help. (2015). Retrieved April 27, 2015, from http://www.computerhope.com/batch.htm Microsoft Corporation. (2015). Retrieved April 27, 2015, from http://www.microsoft.com/resources/documentation/windows/xp/all/proddo cs/en-us/batch.mspx?mfr=true

Recomendados

Emmanuel's Technical Slides 2015
Emmanuel's Technical Slides 2015Emmanuel's Technical Slides 2015
Emmanuel's Technical Slides 2015Onwubiko Emmanuel
 
The Evolution of the Fileless Click-Fraud Malware Poweliks
The Evolution of the Fileless Click-Fraud Malware PoweliksThe Evolution of the Fileless Click-Fraud Malware Poweliks
The Evolution of the Fileless Click-Fraud Malware PoweliksSymantec
 
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20WindowsMaking%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windowstutorialsruby
 
Ten Myths About Recovery Deleted Files
Ten Myths About Recovery Deleted FilesTen Myths About Recovery Deleted Files
Ten Myths About Recovery Deleted FilesEnvision Technology Advisors
 
How to get help in windows 10
How to get help in windows 10 How to get help in windows 10
How to get help in windows 10 hpcustomerservices
 
O.S(Presentation)
O.S(Presentation)O.S(Presentation)
O.S(Presentation)Mannilou Pascua
 
manual
manualmanual
manualtutorialsruby
 
Corporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadCorporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadAzad Mzuri
 

Recomendados

Emmanuel's Technical Slides 2015
Emmanuel's Technical Slides 2015Emmanuel's Technical Slides 2015
Emmanuel's Technical Slides 2015Onwubiko Emmanuel
 
The Evolution of the Fileless Click-Fraud Malware Poweliks
The Evolution of the Fileless Click-Fraud Malware PoweliksThe Evolution of the Fileless Click-Fraud Malware Poweliks
The Evolution of the Fileless Click-Fraud Malware PoweliksSymantec
 
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20WindowsMaking%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windowstutorialsruby
 
Ten Myths About Recovery Deleted Files
Ten Myths About Recovery Deleted FilesTen Myths About Recovery Deleted Files
Ten Myths About Recovery Deleted FilesEnvision Technology Advisors
 
How to get help in windows 10
How to get help in windows 10 How to get help in windows 10
How to get help in windows 10 hpcustomerservices
 
O.S(Presentation)
O.S(Presentation)O.S(Presentation)
O.S(Presentation)Mannilou Pascua
 
manual
manualmanual
manualtutorialsruby
 
Corporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadCorporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadAzad Mzuri
 
Chapter.01
Chapter.01Chapter.01
Chapter.01jdswitzer
 
L14 muongs
L14 muongsL14 muongs
L14 muongssopanhamuong
 
1.0 QuickBooks Fundementals : Day 02 Windows :2.1 windows
1.0 QuickBooks Fundementals : Day 02 Windows :2.1 windows1.0 QuickBooks Fundementals : Day 02 Windows :2.1 windows
1.0 QuickBooks Fundementals : Day 02 Windows :2.1 windowsVeerendra Singh
 
Guide to Windows 7 - Managing File Systems
Guide to Windows 7 - Managing File SystemsGuide to Windows 7 - Managing File Systems
Guide to Windows 7 - Managing File SystemsGene Carboni
 
Windows 1.0 The Beginning Of A New Era
Windows 1.0 The Beginning Of A New EraWindows 1.0 The Beginning Of A New Era
Windows 1.0 The Beginning Of A New EraKen Wisnewski
 
How to use the command prompt to fix issues with your pc's boot records dig...
How to use the command prompt to fix issues with your pc's boot records dig...How to use the command prompt to fix issues with your pc's boot records dig...
How to use the command prompt to fix issues with your pc's boot records dig...vipin473
 
Establish reliable builds and deployments with Magento
Establish reliable builds and deployments with MagentoEstablish reliable builds and deployments with Magento
Establish reliable builds and deployments with MagentoUnic
 
Operating System (Presentation)
Operating System (Presentation)Operating System (Presentation)
Operating System (Presentation)guest7dac7dad
 
Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3CTIN
 
Comparison of Windows and Linux Operating Systems in Advanced Features
Comparison of Windows and Linux Operating Systems in Advanced FeaturesComparison of Windows and Linux Operating Systems in Advanced Features
Comparison of Windows and Linux Operating Systems in Advanced FeaturesIJERA Editor
 
Rapport Papon Martin Senat 2009
Rapport Papon Martin Senat 2009Rapport Papon Martin Senat 2009
Rapport Papon Martin Senat 2009Jerome Messinguiral
 
Can Ketamine be used for Patients with TRD
Can Ketamine be used for Patients with TRDCan Ketamine be used for Patients with TRD
Can Ketamine be used for Patients with TRDMichelle Widholm
 
201611 GWI Tigris Article
201611 GWI Tigris Article201611 GWI Tigris Article
201611 GWI Tigris Articlehuangrx
 
Subliminal images in watchtower publications-part1 (imágenes-subliminales-tes...
Subliminal images in watchtower publications-part1 (imágenes-subliminales-tes...Subliminal images in watchtower publications-part1 (imágenes-subliminales-tes...
Subliminal images in watchtower publications-part1 (imágenes-subliminales-tes...nolascosarista
 
Reglementation ACM
Reglementation ACMReglementation ACM
Reglementation ACMCemeaBretagne
 
Módulo II Actividad 2 Teniente Primero Juan Portales Coronado
Módulo II Actividad 2 Teniente Primero Juan Portales CoronadoMódulo II Actividad 2 Teniente Primero Juan Portales Coronado
Módulo II Actividad 2 Teniente Primero Juan Portales Coronadojuanportales06
 
ucs engleski 2011
ucs engleski 2011ucs engleski 2011
ucs engleski 2011Dragana Prokic
 
[Infographic] Bạo lực súng đạn ở Mỹ đáng sợ tới mức nào?
[Infographic] Bạo lực súng đạn ở Mỹ đáng sợ tới mức nào?[Infographic] Bạo lực súng đạn ở Mỹ đáng sợ tới mức nào?
[Infographic] Bạo lực súng đạn ở Mỹ đáng sợ tới mức nào?Steve Nguyen
 
Diploma
DiplomaDiploma
DiplomaGeorge Avetisyan
 
A Mini Case Study on SAMSUNG
A Mini Case Study on SAMSUNGA Mini Case Study on SAMSUNG
A Mini Case Study on SAMSUNGIshan Agnihotri
 
211K Library Upgrade 1
211K Library Upgrade 1211K Library Upgrade 1
211K Library Upgrade 1Andy Jordan, R.A. AIA
 
Jamie Naik CV
Jamie Naik CVJamie Naik CV
Jamie Naik CVJamie Naik
 

Mais conteúdo relacionado

Mais procurados

1.0 QuickBooks Fundementals : Day 02 Windows :2.1 windows
1.0 QuickBooks Fundementals : Day 02 Windows :2.1 windows1.0 QuickBooks Fundementals : Day 02 Windows :2.1 windows
1.0 QuickBooks Fundementals : Day 02 Windows :2.1 windowsVeerendra Singh
 
Guide to Windows 7 - Managing File Systems
Guide to Windows 7 - Managing File SystemsGuide to Windows 7 - Managing File Systems
Guide to Windows 7 - Managing File SystemsGene Carboni
 
Windows 1.0 The Beginning Of A New Era
Windows 1.0 The Beginning Of A New EraWindows 1.0 The Beginning Of A New Era
Windows 1.0 The Beginning Of A New EraKen Wisnewski
 
How to use the command prompt to fix issues with your pc's boot records dig...
How to use the command prompt to fix issues with your pc's boot records dig...How to use the command prompt to fix issues with your pc's boot records dig...
How to use the command prompt to fix issues with your pc's boot records dig...vipin473
 
Establish reliable builds and deployments with Magento
Establish reliable builds and deployments with MagentoEstablish reliable builds and deployments with Magento
Establish reliable builds and deployments with MagentoUnic
 
Operating System (Presentation)
Operating System (Presentation)Operating System (Presentation)
Operating System (Presentation)guest7dac7dad
 
Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3CTIN
 
Comparison of Windows and Linux Operating Systems in Advanced Features
Comparison of Windows and Linux Operating Systems in Advanced FeaturesComparison of Windows and Linux Operating Systems in Advanced Features
Comparison of Windows and Linux Operating Systems in Advanced FeaturesIJERA Editor
 

Mais procurados (10)

Chapter.01
Chapter.01Chapter.01
Chapter.01
 
L14 muongs
L14 muongsL14 muongs
L14 muongs
 
1.0 QuickBooks Fundementals : Day 02 Windows :2.1 windows
1.0 QuickBooks Fundementals : Day 02 Windows :2.1 windows1.0 QuickBooks Fundementals : Day 02 Windows :2.1 windows
1.0 QuickBooks Fundementals : Day 02 Windows :2.1 windows
 
Guide to Windows 7 - Managing File Systems
Guide to Windows 7 - Managing File SystemsGuide to Windows 7 - Managing File Systems
Guide to Windows 7 - Managing File Systems
 
Windows 1.0 The Beginning Of A New Era
Windows 1.0 The Beginning Of A New EraWindows 1.0 The Beginning Of A New Era
Windows 1.0 The Beginning Of A New Era
 
How to use the command prompt to fix issues with your pc's boot records dig...
How to use the command prompt to fix issues with your pc's boot records dig...How to use the command prompt to fix issues with your pc's boot records dig...
How to use the command prompt to fix issues with your pc's boot records dig...
 
Establish reliable builds and deployments with Magento
Establish reliable builds and deployments with MagentoEstablish reliable builds and deployments with Magento
Establish reliable builds and deployments with Magento
 
Operating System (Presentation)
Operating System (Presentation)Operating System (Presentation)
Operating System (Presentation)
 
Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3
 
Comparison of Windows and Linux Operating Systems in Advanced Features
Comparison of Windows and Linux Operating Systems in Advanced FeaturesComparison of Windows and Linux Operating Systems in Advanced Features
Comparison of Windows and Linux Operating Systems in Advanced Features
 

Destaque

Can Ketamine be used for Patients with TRD
Can Ketamine be used for Patients with TRDCan Ketamine be used for Patients with TRD
Can Ketamine be used for Patients with TRDMichelle Widholm
 
201611 GWI Tigris Article
201611 GWI Tigris Article201611 GWI Tigris Article
201611 GWI Tigris Articlehuangrx
 
Subliminal images in watchtower publications-part1 (imágenes-subliminales-tes...
Subliminal images in watchtower publications-part1 (imágenes-subliminales-tes...Subliminal images in watchtower publications-part1 (imágenes-subliminales-tes...
Subliminal images in watchtower publications-part1 (imágenes-subliminales-tes...nolascosarista
 
Módulo II Actividad 2 Teniente Primero Juan Portales Coronado
Módulo II Actividad 2 Teniente Primero Juan Portales CoronadoMódulo II Actividad 2 Teniente Primero Juan Portales Coronado
Módulo II Actividad 2 Teniente Primero Juan Portales Coronadojuanportales06
 
[Infographic] Bạo lực súng đạn ở Mỹ đáng sợ tới mức nào?
[Infographic] Bạo lực súng đạn ở Mỹ đáng sợ tới mức nào?[Infographic] Bạo lực súng đạn ở Mỹ đáng sợ tới mức nào?
[Infographic] Bạo lực súng đạn ở Mỹ đáng sợ tới mức nào?Steve Nguyen
 
A Mini Case Study on SAMSUNG
A Mini Case Study on SAMSUNGA Mini Case Study on SAMSUNG
A Mini Case Study on SAMSUNGIshan Agnihotri
 

Destaque (12)

Rapport Papon Martin Senat 2009
Rapport Papon Martin Senat 2009Rapport Papon Martin Senat 2009
Rapport Papon Martin Senat 2009
 
Can Ketamine be used for Patients with TRD
Can Ketamine be used for Patients with TRDCan Ketamine be used for Patients with TRD
Can Ketamine be used for Patients with TRD
 
201611 GWI Tigris Article
201611 GWI Tigris Article201611 GWI Tigris Article
201611 GWI Tigris Article
 
Subliminal images in watchtower publications-part1 (imágenes-subliminales-tes...
Subliminal images in watchtower publications-part1 (imágenes-subliminales-tes...Subliminal images in watchtower publications-part1 (imágenes-subliminales-tes...
Subliminal images in watchtower publications-part1 (imágenes-subliminales-tes...
 
Reglementation ACM
Reglementation ACMReglementation ACM
Reglementation ACM
 
Módulo II Actividad 2 Teniente Primero Juan Portales Coronado
Módulo II Actividad 2 Teniente Primero Juan Portales CoronadoMódulo II Actividad 2 Teniente Primero Juan Portales Coronado
Módulo II Actividad 2 Teniente Primero Juan Portales Coronado
 
ucs engleski 2011
ucs engleski 2011ucs engleski 2011
ucs engleski 2011
 
[Infographic] Bạo lực súng đạn ở Mỹ đáng sợ tới mức nào?
[Infographic] Bạo lực súng đạn ở Mỹ đáng sợ tới mức nào?[Infographic] Bạo lực súng đạn ở Mỹ đáng sợ tới mức nào?
[Infographic] Bạo lực súng đạn ở Mỹ đáng sợ tới mức nào?
 
Diploma
DiplomaDiploma
Diploma
 
A Mini Case Study on SAMSUNG
A Mini Case Study on SAMSUNGA Mini Case Study on SAMSUNG
A Mini Case Study on SAMSUNG
 
211K Library Upgrade 1
211K Library Upgrade 1211K Library Upgrade 1
211K Library Upgrade 1
 
Jamie Naik CV
Jamie Naik CVJamie Naik CV
Jamie Naik CV
 

Semelhante a Batch File Virus Project Technical Paper

Windows 8
Windows 8Windows 8
Windows 8liguad1
 
Windows installerbasics
Windows installerbasicsWindows installerbasics
Windows installerbasicsseethalux
 
I Am Linux-Introductory Module on Linux
I Am Linux-Introductory Module on LinuxI Am Linux-Introductory Module on Linux
I Am Linux-Introductory Module on LinuxSagar Kumar
 
Tricks N Tips By Ravish Roshan
Tricks N Tips By Ravish RoshanTricks N Tips By Ravish Roshan
Tricks N Tips By Ravish Roshanravish roshan
 
File inflection techniques
File inflection techniquesFile inflection techniques
File inflection techniquesSandun Perera
 
The purpose of operating systems
The purpose of operating systemsThe purpose of operating systems
The purpose of operating systems93DragonNinja
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxchristinemaritza
 
Portable storage device management
Portable storage device managementPortable storage device management
Portable storage device managementcseij
 
Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworksphanleson
 
the app code 2.0
the app code 2.0the app code 2.0
the app code 2.0pumpscale73
 
CSS G11 Module 6 Q1 computer systems servicing for grade 12
CSS G11 Module 6 Q1 computer systems servicing for grade 12CSS G11 Module 6 Q1 computer systems servicing for grade 12
CSS G11 Module 6 Q1 computer systems servicing for grade 12ASEJODEREK
 
Windows enviroment
Windows enviromentWindows enviroment
Windows enviromentMozaSaid
 
Crisis. advanced malware
Crisis. advanced malwareCrisis. advanced malware
Crisis. advanced malwareYury Chemerkin
 

Semelhante a Batch File Virus Project Technical Paper (20)

Windows 8
Windows 8Windows 8
Windows 8
 
Windows installerbasics
Windows installerbasicsWindows installerbasics
Windows installerbasics
 
Windows installerbasics
Windows installerbasicsWindows installerbasics
Windows installerbasics
 
I Am Linux-Introductory Module on Linux
I Am Linux-Introductory Module on LinuxI Am Linux-Introductory Module on Linux
I Am Linux-Introductory Module on Linux
 
Tricks N Tips By Ravish Roshan
Tricks N Tips By Ravish RoshanTricks N Tips By Ravish Roshan
Tricks N Tips By Ravish Roshan
 
Data Forensics Tool
Data Forensics ToolData Forensics Tool
Data Forensics Tool
 
File inflection techniques
File inflection techniquesFile inflection techniques
File inflection techniques
 
Deft v7
Deft v7Deft v7
Deft v7
 
The purpose of operating systems
The purpose of operating systemsThe purpose of operating systems
The purpose of operating systems
 
Linux Recovery
Linux RecoveryLinux Recovery
Linux Recovery
 
Operating system
Operating systemOperating system
Operating system
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
 
Portable storage device management
Portable storage device managementPortable storage device management
Portable storage device management
 
Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworks
 
Bootusb
BootusbBootusb
Bootusb
 
Bootusb
BootusbBootusb
Bootusb
 
the app code 2.0
the app code 2.0the app code 2.0
the app code 2.0
 
CSS G11 Module 6 Q1 computer systems servicing for grade 12
CSS G11 Module 6 Q1 computer systems servicing for grade 12CSS G11 Module 6 Q1 computer systems servicing for grade 12
CSS G11 Module 6 Q1 computer systems servicing for grade 12
 
Windows enviroment
Windows enviromentWindows enviroment
Windows enviroment
 
Crisis. advanced malware
Crisis. advanced malwareCrisis. advanced malware
Crisis. advanced malware
 

Batch File Virus Project Technical Paper

  • 1. Running Head:Batch File Virus Project Final Paper Final Project Paper By: Stephen L. Whisman Student ID # 1698547 Embry-Riddle Aeronautical University Spring 2015 4/27/2015
  • 2. Batch File Virus Project Final Paper 1 Batch File Virus Project Final Paper The final project that I chose was to create a virus that is hosted on a flash drive and is auto run when plugged into computer. The program has the ability to execute almost completely invisibly and will navigate to and steal files from a specific known directory(s) that are pre-programed into it. After all of the files in a targeted directory are copied to a location on the USB they are all deleted from the directory they were taken from. Once all of the files are deleted the program will copy a large picture file onto the victim computer and then replicate that file until the directory is completely full. Unfortunately when I first started working on this program I realized that Windows had disabled the auto run function for removable media, in order to stop malicious software such as this from being executed automatically, and I was unable to find a workaround to this problem for quite a few weeks. However, I had previously heard of a method of creating a small partition on a flash drive that is interpreted by the computer as a CDFS partition. The idea came from the U3 smart drives that were being created back in the mid-late 2000s which would auto launch, from a CDFS partition on the flash drive, applications upon insertion of the USB drive. This is important for my project because Windows 7 and later versions still have the ability to auto run from a CD that contains software if the targeted computer has enabled the auto run software from CD feature.
  • 3. Batch File Virus Project Final Paper 2 Further research revealed that SanDisk discontinued their line of U3 smart drives due to a deal made with Microsoft, most likely for security reasons, and the idea of CDFS partitioned flash drives started to fade from commercial retail. However, programmers from around the world continued to develop open source software capable of re-formatting flash drives to have a CDFS partition along with a normal NTFS partition. The issue with these re-formatting programs is that they are chip-set dependent, meaning that certain programs only are capable of formatting certain USB drives depending on the chip-set used inside it. This presented another problem which was that not all flash drives have the capability of being formatted in such a way and trying to do so without the proper software tools or USB drives would result in permanent damage to the removable media. I was however able to discover a database of disk partitioning utilities on a website called USBDev.ru which hosts a vast variety of disk utilities as shown in Figure 1. In order to reformat a USB drive properly I needed to search the entire database for the tool that worked specifically for one of my flash drive’s chipsets. This required many failed attempts and it turned out that I just so happened to have one flash drive that was format table with a CDFS partition. Figure 1: USBDev.ru
  • 4. Batch File Virus Project Final Paper 3 The flash drive that I was able to use for my project is a SanDisk Ultra USB 3.0 16GB. In order to find the chip-set that was included with the USB drive I used three tools from USBDev.ru called CheckUDisk, ChipEasy, and FlashGenius. These utilities showed me that my USB drive has a Phison PS2251-03 chipset controller. The software that I required to format my USB drive properly is a formatting tool called Phison ModeConverter which is capable of creating one NTFS partition and also creating a CDFS partition with a premade .ISO file “burned” into it. The .ISO file stores all of my script files that are to be loaded into the CDFS partition and is created by a free ISO creator software called Free ISO Creator. Figure 2 shows this program taking the directory that has all of my .bat, .vbs, and .inf files that makeup the virus and compressing it into an .ISO file. Figure 2: Free ISO Creator
  • 5. Batch File Virus Project Final Paper 4 Once the ISO file has been created the flash drive is then inserted into a free USB port and Phison ModeConverter is then launched. ModeConverter automatically finds the proper drive letter associated with any Phison chipset controller so the user does not accidently try and format a drive that is not compatable. Next the proper settings are chosen, the NTFS partition is named, and the ISO file that was created earlier is chosen to be “burned” into the CDFS partition. The naming of the NTFS partition is important because the .bat file uses this name to identify which drive to copy data to. Then the convert button is clicked and the directions are followed until the removable media has been fully formatted. Figure 3 shows ModeConverter with the correct settings and drive name before and after convert is clicked. Figure 3: ModeConverter with Correct Settings and Drive Name, Before and After Conversion Once the flash drive has been formatted it will immediately be ready to use once it is plugged back into the computer. In order to perform tests on the program I needed to set up a few virtual machines, to prevent damage to my home computer,
  • 6. Batch File Virus Project Final Paper 5 which required me to install Oracle Virtual Box. Virtual Box allows a virtual machine to be created that can be used to test software. With this program I created and copied virtual hard drives installed with Windows 7 Home Premium 64-Bit onto a removable hard drive. Once one of these virtual machines is running the proper auto run setting for software on CDs is selected. Now the USB drive can be inserted into the virtual machine to test how it executes. Figure 4 shows the virtual machines auto- run settings with the correct values selected, the image on the left, while the image on the right shows what the user using the computer should see when the script is running correctly. Figure 4: Auto-Run Settings with Correct Values (Left) and Correct Program Execution (Right)
  • 7. Batch File Virus Project Final Paper 6 You may have noticed that in the above right figure there is no command line running and it looks like nothing is happening when in reality the program is just running invisibly in the background. This is because my CDFS partition of the USB contains a file called launch.bat that has a call to start running wscript.exe with the invisible.vbs script file and virus.bat. The invisible.vbs file contains a short script that enables virus.bat to be run invisibly with the exception of a blank command line popping up for less than a second when the program starts executing. Figure 5 shows the contents of invisible.vbs displayed in notepad. Figure 5: Contents of Invisible.vbs Before going any further I would like to explain why I chose to use a batch file to be my virus and what a batch file is. The choice to use a batch file was due to the fact that they can perform a variety of tasks and are more difficult to detect than many other programing languages. They are commonly used to automatically update things when a certain event occurs and to format data storage mediums. They can also be used to steal information, irritate victims by wasting CPU resources, delete
  • 8. Batch File Virus Project Final Paper 7 windows files, and disable both the AntiVirus and Firewall (“Microsoft Corporation”, 2015). Batch files, also called a batch program or script, were designed to simplify routines or repetitive tasks back in MS-DOS. They still exist today as a relatively unused and unknown feature in windows operating systems. They are written in an unformatted text file that includes one or more commands for the command line and is saved with a .bat or .cmd extension. Any commands that work in the windows command line are allowed along with commands like for loops, goto statements, and if statements that are used to tell the program what to do when executing (“Batch File”, 2015). Whenone of these script files are executed the commands within are executed line by line until the end of the file is reached, which results in the termination of the script. The only exception to the sequential execution of the commands is when the program is in a for loop or hits a goto statement. My virus's launch.bat file, that initiates the execution of virus.bat, is called by the autorun.inf file which the computer automatically launches once the removable media is plugged in. The batch file called virus.bat is the main script file that contains the code that identifies if the drives that have been pre-programmed exist or not and the code that copies, erases, and fills the working directory with spam. Figure 6 below shows all of the files that are formatted into the CDFS partition on the left and the contents of virus.bat on the right.
  • 9. Batch File Virus Project Final Paper 8 Figure 6: All Files Apart of CDFS partition (Left) and Contents of virus.bat (Right) The program that I have written above is extremely modifiable and can easily be changed to implement other potentially harmful actions. For example, code could be added that searches for every available media storage drive letter in order to copy all the data that is connected to a computer. Other code could be used that saves a separate .bat file, that copies junk files into a hidden directory, into the windows file system and cause it to auto run on computer startup. This would be a useful function because it effectively uses up all of the system memory and the victim would have a hard time finding out why.
  • 10. Batch File Virus Project Final Paper 9 I desired to implement a way to disable the Antivirus, firewall, and networking capabilities but was unable to find a way. I was able to create a batch file that did all of these things but it was not capable of being run invisibly. Since I want it to run invisibly this was unacceptable so I decided not to implement it into my final submission. I also wanted to implement a way to auto run on system startup but I honestly ran out of time and was unable to add it to the final submission. Figure 7 shows the code needed to disable the system security, firewall, and network adapter. Figure 7: Network Capability and Security Disable Overall, batch files can be both an incredibly useful and yet dangerous tool. This being said they are also very difficult to wright and fully understand if the programmer does not understand the proper syntax that goes along with the MS-DOS command line interface. One space in the wrong location will cause the batch file to operate improperly resulting in a faulty execution. The final submission does function correctly and has been used to copy more than 2GB of data at a time from multiple disk drives that were connected to a computer, even ones that are shared over a network. It also deletes the users profile
  • 11. Batch File Virus Project Final Paper 10 directory and fills it with junk files which can result in loss of valuable information because that space is now holding new data instead of just being unindexed from memory. Figure 8 shows the user directory after the virus has finished executing. Notice that the computer is giving an error message that it is low on disk space because of the junk file replication. Figure 8: User Directory After In conclusion, I am disappointed that I was unable to implement more advanced features into this project because of time constraints. This project is probably something that I will continue to slowly modify in my free time. I was continually challenged and confused by the batch script syntax and also had a difficult time navigating through USBDev.ru even after the page had been translated from
  • 12. Batch File Virus Project Final Paper 11 Russian to English. There are so many different tools and versions of tools that even the ones that are listed for your chipset controller may not even work. Just discovering which chipset controller my drives had was a lengthy task because a lot of the tools are also extremely buggy. I found this project quite challenging and feel that I have a much greater knowledge of how malicious programs are able to cause so much frustration on a victim and damage to a computer.
  • 13. Batch File Virus Project Final Paper 12 Bibliography Batch File Help. (2015). Retrieved April 27, 2015, from http://www.computerhope.com/batch.htm Microsoft Corporation. (2015). Retrieved April 27, 2015, from http://www.microsoft.com/resources/documentation/windows/xp/all/proddo cs/en-us/batch.mspx?mfr=true