Hey JustSomeBrHUE.
Since this is a somewhat important project for school, you should get the terminology right first. Only then we will know that we actually talk about the same things.
(actually, I'm trying an worm)
A
worm is a malware that spreads on its own via the network, often by using exploits or sending itself via email. This is not trivial to write and not so good to demonstrate to others. Furthermore, the risk of actually infecting and damaging the network is too high. Morris tried that too (creating a harmless worm) and it ended in a disaster, see
https://en.wikipedia.org/wiki/Morris_wormI strongly advise you against the creation of a worm.
A malware is only called
virus if it infects other files. That means it will search for a host file and append, prepend or replace the host file's code with its own code (see file infection strategies in the image below). The resulting infected file is also infectious. The behaviour of host infection is similar to parasites in nature, which is why we call this kind of malware "parasitic". A virus makes sure to be executed again by infecting host files that are opened by the system or the user. E.g. the user opens the infected notepad.exe and the virus code will be executed this way. This is one way to get
persistence.
But there are a lot of ways to gain
persistence. The most usual ones by non-parasitic malware are the startup folder of Windows (everything in it will be run after login) and autorun entries in the registry. The most commonly used autorun entries are:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
You can use regedit.exe or
autoruns.exe to check these entries on your system and see how it looks like for programmes that use them. There are some of these entries on every system.
Anyways, what you need clear up is: What malware type shall it actually be: virus, worm, trojan, backdoor, ...?
Please note that creating an
effective virus with powershell and batch is not possible. To be
effective, it would have to infect host files that are
often executed on the system and these are usually EXE and DLL files. You cannot put a batch script in those. Viruses are often written in C or assembly.
But maybe you don't need it to be effective. Afterall, it is a school project, and minimizing the risk of misusing your code would be a good thing to do. E.g. if you create a powershell virus that infects powershell source files, it would not be effective and the chance of misuse is very low, but it is enough to demonstrate how it works.
I want a "pacific" virus, so it can't be harmful or cause any damage to the computer or files
A virus is
always harmful. A virus modifies host files so that these host files become infectious themselves. This is considered damage, even if the payload doesn't do anything.
The same is true for a
worm. It will spread to other machines without asking their owners. This is in itself
harmful, even if you don't cause such problems as Morris did with his worm.
Do you have any questions?
Show Posts
