VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum
Top 5 articles
VortX «Python Virus Writing Tutorial» (49911)
Black Wolf «Batch File Viruses» (28451)
SPTH «PHP Virus Writing Guide» (27367)
SPTH «Perfect Internet-Worm via VisualBasic Script» (25955)
SPTH «RUBY Virus Writing Guide» (21156)

Library: Macro and script viruses

«Advanced Macro Virus Techniques Issue #1» 12.14Kb 13842 hits
We'll first take a look at Concept and Wazzu to learn the basics and learn some new techniques for using form fields and turning off read only NORMAL.DOT We'll also look at a not very well known technique, FileOpen. We'll look at true polymorphism for macro viruses. Also, some hints and tips.
«The UNDERGROUND MS WORD 6.x MACRO VIRUSES FAQ V2.0» 24.06Kb 11891 hits
«Wordmacro Viruses» 16.54Kb 10832 hits
Black Wolf
«Batch File Viruses» 2.43Kb 28451 hits
[...] They are incredibly simple to write and requir no real programming experience, and There are a growing number of programs that will convert .BAT files into .COM and/or .EXE files [...]
Vesselin Bontchev
«Macro virus identification problems» [SRC] 82.14Kb 6425 hits
Computers & Security, Vol. 17, No. 1, pp.69-89 (1998)
Computer viruses written in the macro programming language of the popular office applications like Microsoft Word have become extremely widespread. Unlike the MS-DOS viruses which are single entities, the macro viruses often consist of entire sets of several independent macros. This poses some interesting theoretical problems to the virus-specific anti-virus software that attempts to identify exactly the viruses it detects.Two viral sets of macros can have common subsets - or one of the sets could be a subset of the other.The paper deals with the problems caused by this, some of which are extremely difficult, if not impossible to solve. Emphasis is put on how the difficulties could be exploited by the virus writers and how the anti-virus products should be improved in order to be made resistant to such attacks and to avoid damaging the user’s documents when misidentifying the virus in it and attempting to remove the wrong virus variant.
cOrRuPt G3n3t!x
«Anti AV Techniques For Batch» 7.77Kb 16616 hits
In order to make our batch file virus a little more inconspicuos, unreadable or undetectable we use batch encryption techniques to fool AV's and people trying read or decypher our code. There are many different ways and today i'll explain all the possible ways i know for batch encryption and AV & AV heuristics fooling. I used ESET NOD32 Anti-Virus for its great herustics capabilities and Avast4 Professional Edition for normal detection. Please remember all techniques have been tested on Windows Vista and work!
«Batch IRC/Outlook Spreading» 12.21Kb 12707 hits
Welcome back to my 3rd batch tutorial of which we shall now discuss how to spread your batch virus over IRC (Internet Chat Relay) and MS Outlook. I have seen many different methods, but these seem to be the best so far. I will show how to spread over mIRC, pIRCh, VIRC, dIRC, XiRCON, KazaA, morpheus, limewire, bearshare etc... I would like to say thanks to SPTH for some of his IRC scripts although i needed to edit some as it would not run on my system! Please remember all these scripts are working BATCH scripts!
«Batch Run Techniques» 7.07Kb 11737 hits
In this tutorial I will be discussing the different methods in which you can make your batch file execute on startup, all of the ways depicted in this tutorial work on Windows Vista! It is essential for a proper virus to startup each time the computer is booted so it can carry out it's routines on a frequent basis. This tutorial is not for people trying to learn batch but rather for those trying to advance in batch!! I would also like to send a big thanks to SAD1c for some of the code i used from his tutorials!!
«MEANDERINGS: Theory On batch Keylogging» 7.36Kb 11334 hits
First off i'd like readers to know, im not big on theories, but this however might catch the eye of a more experienced batch coder and be made into something really incredible! Well i hope... Today i would like to talk about keylogging in batch, I know many people will look at me as if im crazy but hey this is just my theory and with a little bit of passion and dedication anything is possible! Now when i talk about batch keylogging, i mean a application coded in batch that will record everything typed into it, however, There are some problems that become evident:
«Polymorphism In Batch» 7.77Kb 10814 hits
I have searched high and low for a working Polymorphic batch virii and/or self-polymorphic batch engine, but with no success. So the truth hit me, if i want to create a proper polymorphic batch i will have to turn to the younger brethern of batch - Visual Basic Script. Many poly engines have been coded using VBS so off i went and found an excellent working Batch Polymorphic Script by a VXer named Jackie. I would like to thank her for giving me the foundation of a near perfect polymorphic batch script, so lets get started...
Dark Night
«The macro virus writing tutorial» 12.67Kb 20105 hits
«Your favorites, my victims - .url infection in JavaScript» [SRC] 7.9Kb 8834 hits
Ready Rangers Liberation Front [5] (2004)
Hello again, today I want to show you a method to download a file from the internet (http) to the local machine. It's very easy with the URLDownloadToFileA API, but this API is not much commented. So I resulute to write this tutorial. I hope with this codes you are Up to Date =). Have fun...
«The Basic of Excel Virus Writing» 5.25Kb 18910 hits
Well, as U already know that Excel file(s) can infected by virus U may ask who to make it?, what toolz need to make Excel virus? Excel virus like Word virus, Excel have macro, Micro$oft like to call VisualBasicAplication (VBA).
«FBSL Virus Writing Guide» [SRC] 14.55Kb 14891 hits
Electrical Ordered Freedom #1 (2007)
At first FBSL looks alot like VB. It has some common Pascal, C functions too. It's in early stages, not YET supporting arrays.. But it was fun to write these code's in this language! Hope someone somewhere starts creating viruses with this! It's able to compile into exe files.. you could write a virus to infect exe files made with FBSL. I've not done that yet, I think this is enough, but would like to see that!
«Function Me» [SRC] 3.2Kb 7205 hits
Valhalla #1 (2011)
In JScript we have functions. They are declared like this: "function x(){}", the name seems to be important to identify them, however this is not true, they can be nameless.
«Hidden in .NET» [SRC] 4.71Kb 7007 hits
Valhalla #1 (2011)
Microsoft decided to include compilers along with the .NET framework that is available pretty much in every computer of the world running Windows. Compilers include one for JScript .NET. So, we can compile our JScript virus source into .NET assembly. Imagine you have polymorphic JScript virus, it is transformed to MSIL code, what is the result? One great .NET assembly that looks very different than previous one, so in each computer you can generate multiple polymorphic or even more complex instances of the virus running and spreading as exe file.This is much more powerful technique than using JS2EXE tools. ;) Since now you can infect files and recompile yourself!
«I Err.Raise, you fall» [SRC] 6.31Kb 6667 hits
Valhalla #1 (2011)
Try and Catch are the most widely used statements for exception handlers in most languages. When we run code that might be vulnerable to unexpected exceptions we can run it in Try block. If an exception occurs, then the Catch block handles the problem. This mechanism also includes a statement to cause an exception. It is the Throw statement. The Throw statement can specify an exception info to be supplied to the Catch (it should decide then on handling it or not).
jack twoflower
«How to link a library to a VBProject» 2.31Kb 10606 hits
today we will talk about how to link a library to a Visual Basic Project. So first why we need to link a lib or for what we need to link? Hmm...I think the answer is simple...for example if you want to add a module or something like that you need a lib for. Or for another technic of cross infection you could use a lib
«Phunny stuff with your cursor» 6.65Kb 10314 hits
The detailed description of four payloads for macro.
«Tricks to make your macro virus unscannable» 10.45Kb 12110 hits
Some tricks to make the macro virus unscanable
Jacky Qwerty
«Macro virus trickz» 15.23Kb 10670 hits
This article is not intended to be a tutorial for macro virus writin. It simply states some common problemz and known limitationz with actual macro virii, then sugests solutionz and provides some code examplez for them. The reader should be already familiar with some of the conceptz surroundin macro virii stuff. If not, i sugest to read first a 'real' tutorial about the subject and then jump back to this article.
Keith Allen McMillan
«A platform independent computer virus» 51.73Kb 13546 hits
Some modern computer systems are subject to "infection" of their programs by self reproducing computer viruses. While it has been shown that detecting such a virus in general is an undecidable problem [Coh84], there may be large classes of viruses against which effective defenses can be made. Before an examination of the defenses is possible, a more complete catalog of the capabilities of viruses is necessary in order to determine if such classes exist. Some modern computer systems are subject to "infection" of their programs by self reproducing computer viruses. While it has been shown that detecting such a virus in general is an undecidable problem [Coh84], there may be large classes of viruses against which effective defenses can be made. Before an examination of the defenses is possible, a more complete catalog of the capabilities of viruses is necessary in order to determine if such classes exist.Towards the end of a more complete picture of the capabilities of computer viruses, the author presents a virus written in the TEX document preparation language, with assistance from the GNU Emacs program. Such a virus is capable of running and spreading under a number of different operating systems without being recompiled or otherwise adapted.
«Batch Virii» 4.31Kb 13204 hits
Batch is a language created and used in MS-DOS. They are created by simple text editors, ie or Notepad.exe. Most batch virii use very simple means of copying and spreding. They will just append their code at the end of other *.bat in the hopes they will be ran.
Leugim San
«VBA viruses and trojans» 10.52Kb 11731 hits
Douglas McIlroy
«Virology 101» 15.31Kb 11367 hits
Computing Systems, 1989, v.2, N 2, pp. 173-181 (1989)
Joel McNamara
«Document Macro Viruses, Yes, you can spread a virus with a data file...» 22Kb 12376 hits
This paper moves beyond theory, by presenting preliminary research on an actual document-based virus created in Microsoft Word for Windows. The paper discusses the concept of a document macro virus, potential threats, how this type of a virus functions, and preventative measures for dealing with it.
«Neophyte's Macro Virus Tutorial» 79.34Kb 13398 hits
Virii created in MS-Word macro's (or other programs that have a good macro language) This sort will be the subject of this file.
Andy Nikishin, Mike Pavluschik, Denis Zenkin
«Macro-Viruses: Genesis, Truth about the Threat and Methods of Protection» 18.74Kb 12476 hits (2001)
Soon it will be 5 years since the macro virus term became customary among computer users all over the world. Despite the development of reliable security facilities against this kind of infection and a lot of reviews on the macro-virus protection methods, it still horrifies millions of computer users and prompts them to start their anti-virus scanners. So, what is the macro virus? What is the difference between macro-viruses and other members of the computer "fauna"? What is the extent of their threat? Are there any means of protecting against them? The main purpose of this article is to answer all these questions.
roy g biv
«010 Editor Scripts» [SRC] 7.37Kb 8476 hits
Valhalla #1 (2011)
Many people know about the 010 Editor. It is a great tool for examining file structure using templates. It supports a scripting language called 1SC. 010 Editor has a powerful scripting engine that allows many tasks to be automated, including infecting files. ;)
«BOMbing The System» [SRC] 7.12Kb 10998 hits
It's not the thing that explodes. That's a BOMB. Heh. BOM is Byte Order Marker. Some Unicode files use the Byte Order Marker to say that they are Unicode, and to say the order of the bytes (little-endian or big-endian). I say "some Unicode files" because there are exceptions, and one of those exceptions is very interesting: VBScript and JScript. Yes, Microsoft scripting technologies do not care about BOM is present or not (delete BOM and see for yourself!). They detect Unicode format using a special API called IsTextUnicode().
«Cross-scripting attacks» [SRC] 3.25Kb 7726 hits
Ready Rangers Liberation Front [6] (2005)
I often wondered if it would be possible to create a single script that could run on both platforms, but until now I could not think of a way to identify the platform or to protect against compiling errors. It happens that there is an easy way to do both of these things, and I found it.
«The IDA Plugin framework» [SRC] 5.09Kb 8310 hits
Ready Rangers Liberation Front [7] (2005)
Many people know about the Interactive Disassembler. It is a great tool for disassembling many different file formats for many different CPUs. It even has a debugger now, so it can be used for all kinds of reverse-engineering, unpacking, decrypting, etc. In case that was not enough functionality, it also supports plugins.
«The IDA Scripting Language» [SRC] 5.03Kb 7677 hits
Ready Rangers Liberation Front [7] (2006)
Many people know about the Interactive Disassembler. It is a great tool for disassembling many different file formats for many different CPUs. It even has a debugger now, so it can be used for all kinds of reverse-engineering, unpacking, decrypting, etc. In case that was not enough functionality, it also supports a language called IDC. In the words of Ilfak, IDC language is a C-like language. It has the same lexical tokens as C does: character set, constants, identifiers, keywords, etc. A program in IDC consists of function declarations.
«JScript Prototypes» [SRC] 5.43Kb 6727 hits
Valhalla #1 (2011)
JScript object methods use function prototypes which are the default handler when the method is called. We can create new methods for some objects by declaring a prototype with the name that we want to use. We can also change the handler for existing methods in some objects by declaring a prototype with the same name as that method.
«Out of Office Responses» [SRC] 29.46Kb 7549 hits
Ready Rangers Liberation Front [6] (2005)
Microsoft introduced a very powerful language in Office 97 and later versions, called Visual Basic for Applications. One of the best things about it is that many Office applications can use it. The environment is not quite the "write once, run everywhere", but with a little bit of code we can support multiple applications very easily.
«Polymorphic Batch» [SRC] 11.25Kb 5656 hits
Valhalla #2 (2011)
Everyone knows about batch files. Lots of very poor viruses have been written using it. Some of those viruses are even "encrypted", using environment variable tricks (simple text substitution). A few of them can change parts of their code using specially marked lines, find.exe, and output redirection. There has never been a truly polymorphic one... until now.
«Polymorphism using the Microsoft Script Encoder» [SRC] 6.9Kb 10958 hits
Ready Rangers Liberation Front [7] (2006)
I got this idea from the Virus Bulletin article about the Microsoft Script Encoder. ( That article mentions the EncodeScriptFile method that no-one noticed before, so I looked at it, to see what it could do. Amazingly, it can be used to encode any string that is passed to it. It is even documented on Microsoft's website!
«Self-crypting script files» [SRC] 13.74Kb 5551 hits
29a [7] (2003)
When thinking about the number of encrypted macro viruses, it is strange that there are not so many encrypted script viruses. I have no answer for why it is so. ;) Anyway, here I present a simple engine for encrypting VBScript and JScript files. It uses a variable skip-code encryption with oligomorphic decryptor. The cryptor supports variable spacing, random variable names, random variable case, random keyword case (VBScript only), and variable skip-codes with constant packet size. It can be used recursively, too.
«The StarOffice Basic» [SRC] 5.41Kb 8263 hits
Ready Rangers Liberation Front [7] (2006)
StarOffice has its own language called StarOffice Basic, which is similar to VBA for Microsoft Office. OpenOffice has its own language called OpenOffice Basic, which is almost identical to StarOffice Basic. The language is shared among all of the StarOffice or OpenOffice applications, so it is very easy to make a cross-platform virus.
«Encryption in Perl Viruses» [SRC] 2.91Kb 6063 hits
29a [6] (2002)
This tutorial describes how to use encryption in a perl virus, to make detection by simple string scanning useless or to reduce the scanstring, so anti virus companies have to implement a real emulation or heuristic for perl viruses.
«Perl EPO Techniques» [SRC] 6.16Kb 5747 hits
29a [6] (2002)
This little tutorial will present you some simple, but effective methods, to hide your perl Virus from detection by analyzing the perl source code.
«Polymorphism in Perl Viruses» [SRC] 5.99Kb 6340 hits
29a [6] (2002)
This little tutorial will present you some simple, but effective methods, to hide your perl Virus from detection by analyzing the perl source code.
Alan Solomon
«Introduction to macro viruses» 21.24Kb 11885 hits
[...] Many applications provide the functionality to create macros. A macro is a series of commands to perform some application-specific task. Macros are designed to make life easier; for example, to perform some everyday tasks like text-formatting or spreadsheet calculations [...]
«Macro Virus Heuristics» 1.55Kb 10178 hits
[...] Dr. Solomon's have made a dramatic technological breakthrough in the fight against viruses [...]
«ASP.NET Virus Writing Guide» [SRC] 24.53Kb 9956 hits
Ready Rangers Liberation Front [7] (2005)
This time I've found another victim: ASP.NET. It is a pre-compiled language running on web-servers like IIS. I want to explain 'pre-compiled' a little bit: The server, when it runs a specific file for the first time, compiles it for execution (not as i.E. PHP, which are just interpreted) and saves the compiled version of the file. The advantage: The next executions are a lot faster than at pre-processor languages like PHP. The advantage in contrast to ASP is that we can use the whole amount of functions, methods, classes provided by the .NET Framework. ASP.NET scripts can be written in VB.NET, C#, C++ and J#. I've desided to use VB.NET for this article. For the codes I've used .NET Framework 1.1 and 2.0 beta (at IIS), and the codes run at both environment. Well, now let's look at the ASP.NET infection :)
«A brief viral Introduction into F#» [SRC] 11.17Kb 8817 hits
Ready Rangers Liberation Front [7] (2006)
In 2004/2005 Microsoft has started a new field of researching - with an interesting idea: Combining a functional language with the .NET Framework. The result of the research is a language called F# - a .NET variant of ML with a core language similar to that of the OCaml programming language.
«Computerviruses meet Infopath» [SRC] 15.95Kb 8779 hits
Ready Rangers Liberation Front [7] (2006)
Microsoft Office Infopath has been released in Office 2003. It is a XML based interactive formulare-generation tool. Infopath works perfectly together with Microsoft Windows SharePoint Server and Microsoft Office SharePoint Services. You can import and export data via MS-SQL or XML files, if you prefer that. You can create connections between objects very easiely and you can make anything automatic with scripts behind the document. When I had to learn Infopath, I sat there with a 500 pages book, and was quite bored. When I read about Infopath-Macros, I thought about doing something more interesting... I wrote a virus that infects Infopath XSN files. And here we are...
«Cross Infection in JavaScript» 16.76Kb 17183 hits (2003)
This article is a conclusion of my JS.Sinope, JS.Charon and some other silly ideas i got while coding anything senseless or drinking beer. :D Anyway, I think these techniques will be really successfull, because you're able to spread your virus with much more extansions. Now, let's start and see, what we're able to do.
«Cross Script Infection using MetaLanguages» [SRC] 9.45Kb 5622 hits
Valhalla #4 (2013)
I show how the useage of metalanguages allows one to write multi-language cross-script infectors with just a linear amount of complexity. That means, adding the 2nd target language is as complicated as adding the 5th language. This is the basis of a virus, that can infect JS, VBS, Ruby, Matlab and Python at the same time.
«Cross Script Infection using the same code» [SRC] 13.9Kb 5427 hits
Valhalla #2 (2011)
Cross infection gives us the possibility to reach more targets, thus spread faster. There are two ways how it can be done: Adjusting the code for each platform, or using a code that can run natively on each platfoms.In this text I show some ways to target different scripting languages by using the same code. The advantage is that one doesnt need to adjust the code for every new target, thus the infection is much easier, smaller and more beautiful :-)
«Exotic Morphing Techniques In JavaScript» 25.26Kb 12048 hits (2003)
This article deals with exotic morphing techniques. The following techniques are all kinds of Polymorphism, but not the standart way, moreover some neverseen ones. After I wrote something about Encryption, EPO, standart-Polymorphism and so on in JavaScript, I decided do make something neverseen and neverthought. And, in my oppinion, I had success. That was my inspiration: I've never seen something NON-STANDART in JavaScript. Sure, there are some good things in that language, for instands the poly engines by jackie, but that's more or less standart (anyway, it's real good quality). I don't know, if the following are as good as the 'standart' techniques, anyway, they are new, and maybe interessting. When I started to get the ideas and begin to write the samples, I asked Kefi and SAD1c, if they want to do the project together with me, but unfortunatly they had no real ideas for this topic, so I had to do it alone. Now go and read something more senseful that this silly intro :).
«Exotic Morphing Techniques in JavaScript II» [SRC] 23.13Kb 4500 hits
Valhalla #2 (2012)
JavaScript is a beautiful language itself, and can be used for computer viruses as we all know in a simple way. jackie twoflower wrote the first JS polymorphism engine in 2001 (cant find the source - sorry); many years ago I have written two texts about that topic [1][2]; there have been several unconventional engines in recent years, for example roy g biv's [3][4] or hh86's [5] creations.In this text I present three different methods. The first methode changes the structure by introding anonymous functions for small logical parts of the code. The second and third part are novel polymorphic encryption engines.It seems to be possible to create a real self-recreating ("metamorphic") engine in JavaScript - I predict this to come true one fine day :-)
«How to encrypt JavaScript viriis?» [SRC] 4.87Kb 14222 hits #3 (2003)
This tutorial describes how to encrypt JavaScript files (viriis ;p ) in two ways! On the one hand "unescape", which is nearly the same as "chr$" and on the other hand "var", which is the same as "set"! You can use this encryptions for avoiding heuristic alarms of AV programs or to make a string scanning almost impossible.
«Infecting Mathematica Notebook files» [SRC] 15.46Kb 9368 hits
Wolfram's Mathematica is one of the most wide spread computer algebra program, used for instance in science, engineering, economics. Beside of numerical solutions it also has the great capability to solve problems analytically and create awesome dynamic graphical solutions.Mathematica content is usually saved as .nb (Notebook) files, this is exactly where we are starting now.
«Matlab.MicrophoneFever2» [SRC] 85.01Kb 5563 hits
Valhalla #1 (2011)
This is a polymorphic MatLab file infector. It takes advantage of inbuild MatLab functions such as integration or solving of differential equations. It infects victims by searching appropriate places within their file code, and inserts the splitted virus to those possible places.
«Monad: Microsoft Command Shell Infection Tutorial» [SRC] 10.35Kb 15302 hits
Ready Rangers Liberation Front [6] (2005)
Monad - Microsoft Command Shell is the next version of CMD.exe and will be used in Microsoft Windows Longhorn. Everybody knows that and CMD.exe had a very small amount of commands, and where therefore nearly useless. Monad will be like Linux's Bash - that means a great number of command and functions. We will be able to make as huge and complex script as we can do it in Linux. As I thought this next step of Microsoft (stealing the ideas of OpenSource Software) should be infected too, I did. It is totally different to the older Command Shell of M$: The objects seems to have a very near connection to C#, the syntax is near to the syntax of bash or PHP. Nevertheless I sat down and tried it, and after ~6 hours after installing I saw my first Overwriter working. I think it is quite funny to infect a future part of Longhorn, which will be released in ~12 months. :D Just for information: I've worked with Windows Command Shell [6.0.4093.0]. Now, let's more to the real content!
«New IRC spreading» 8.16Kb 9580 hits (2004)
IRC (Internet Relay Chat) has been being a virus spreading field for years. Nowadays there are three different programs, which allow virus spreading via IRC. These are mIRC, pIRCh and vIRC. SnakeByte wrote an article about how to spread viruses with these three programs some years ago ( But when I sat down and thought, why aren't there more programs, I got no senseful answere, so I downloaded some programs, and tried to make a new virus-script for them. And, as you may imagine, I had more than less some successes. I wrote some scripts for some IRC clients, and added some information. The result of my working is this article. :) Well, stop reading this intro now, and learn, how to spread your virus/worm via other IRC clients.
«Past, Present and Future of Batch» [SRC] 10.67Kb 11737 hits
BATch Zone #5 (2004)
What is this article about and why do I write it? This may me your first questions when you see the title. Well, I'll answere you: In this article you can read my (theoretically) ideas of the future of Batch and a small view of the rached goals in the past. Why do I write it? I just want to tell everybody, who is interested in it, my ideas of the future goal and some neverdone things, because it's doubtful that I'll code much batch in future. Well, I hope that you will like my ideas and thoughts. And now go on reading more important things than this little intro. :)
«Perfect Internet-Worm via VisualBasic Script» [SRC] 7.55Kb 25955 hits
eBCVG #3 (2002)
Now i wanna show you 8 of the best VBS techniques to spread a worm...
«PHP Virus Writing Guide» 37.23Kb 27367 hits
29a [7] (2003)
PHP, abbreviate: 'Hypertext Preprocessor', is a very common script language for the world-wide-web. You're possible to do nearly everthing internet related with that language. That means, you're also able to make viruses for it. The first virus for PHP, PHP.Pirus by MaskBits/VXI, was done in October 2000, and was released in 29A#5. It was no real virus, moreover a companion. It writes to every PHP-file in the current directory a line, which let the victim run the virus. But the host doesn't contain the virus. After searching something about PHP viruses I found out that there is no high-tech PHP virus so far out, because all the virus I could find are rips of PHP.Pirus (useing the same prinzip). That was my inspiration in writing such an article. I wanted to make something totally new, and I guess I had success. I tested every source with PHP 4.3.3, and everthing worked fine. Now go on reading this and learn something about PHP viruses! :)
«Polymorphism in BatXP» [SRC] 9.86Kb 11432 hits
Coderz [3] (2003)
After writing 2 different polymorph BatXP viriis I thought, that I should write a tutorial about this, because I've never seen an other poly BatXP virus (ok, i just saw two other BatXP viruses) ;)In this tutorial I'll explain how to write such a virus. I hope, that I'll see some of this viruses in the near future out there.
«Polymorphism in JavaScript» 30.44Kb 10607 hits (2003)
«RUBY Virus Writing Guide» [SRC] 35.18Kb 21156 hits
29A #8 (2004)
Ruby is an interpreted script language, which is mainly used for web-sites. You can do alot of things with Ruby. The language's syntax has quite a lot realtion-ship to the C-syntax, but the whole language seems to be nearer to PHP or VB. It's a quite nice mixture of several famouse language, therefore it should not be that problem to learn the language, if you already know some other web-based script languages. The official site of Ruby is: The language has been done in japan, where it is very famouse. I've read about Ruby in a Linux Magazine, with a Knoppix 3.6-script-edition CD. As the text about Ruby was nice, I wanted to try it. And so I did. I've tested every source with ActiveScriptRuby ( With this article I wanted to discover another language fully. I hope you like it, if not, I don't care alot, because I had fun while writing it. :)
«The Secure Virus-Copy» [SRC] 8.29Kb 12733 hits
Ready Rangers Liberation Front [5] (2004)
The title of this article sounds really strange and I'm sure, you can't think what I'll tell you now. Don't worry, you will get the point while reading this text. First I have to thank three persons, who's viruses or articles helped me to get this idea. First person is Benny, who wrote a great article called 'Some ideaz about future worms', which was released in 29a#6. In his article he mentioned that a worm 'should not be stored at any file on the disk'. The second important person, who's virus helped me to get the idea and bring the idea to reallity was Lys Kovick with his WinREG.AntiREG. Last but not least Q the Misanthrope's virus Bat.OneLine wsa very important for this article. To all these guys I have to send out a really great 'THANK YOU'! :D Well you still can't think about my idea, so I'll stopp writing this silly intro and start to come to the important parts...
«Server -> Client Communtication for Preprocessor languages (PHP)» [SRC] 5.7Kb 11564 hits
29A#8 (2004)
A 'Preprocessor language' is a web-based language, which has been done to run on a server, and only on the server. The results by the executed web-based preprocessor script (like PHP) file will be transfered to the Webpage, which can be seen by the user. That means, the user will never see the code of that script. As a result, the script can not harm the user in any way, because it is executed on the server, (and only there) and just the results are send to the user. This has been also written in VirusBulletin March/2001 in an article by Denis Zenlin & Mike Pavlushchik called 'PHP go the Script Viruses'. The article deals with the PHP.Pirus (29a#5) and PHP.NewWorld and the common PHP problem. A very important statement of the article: '... and it does not have the ability to spread to other Web sites or PCs of the visitors who view an HTML page containing a malicious PHP script. This last case is not possible simply because a user receives a pure HTML page with absolutely no script inside from the PHP processor...' Well, that's not true at all, which I will prove in this article. :)
«Useful things in Batch» [SRC] 7.66Kb 13913 hits
BATch Zone #1 (2003)
While making my Batch WOrm Generator I discovered much very useful techniques for Batch viruses, for instands about Encryption or Polymorphism. But I discovered also some other techniques. These are Anti AVA techniques, and I thought, I don't have to let them die. Now let's start...
«Useful things in JavaScript» 14.67Kb 13770 hits (2003)
After writing articles about Encryption and Polymorphism in JavaScript I also discovered some other things in JavaScript. But that techniques are to short to write more articles about it, so I desided to write one containing all the things I found out while discovering that language. So, here we are...
«BATch virii tutorial» 32.88Kb 17827 hits
«The Hidden Strengths of the Dos Batch Language» 72.85Kb 16381 hits
In the following pages, I will first give you the complete code of the last of the eighteen or more versions - I must have thrown some away - being the one that I am most satisfied with, and also the most complicated. After that, I will step by step explain the history of the eighteen versions, often systematically rather than strictly chronologically, and of course a bit edited and dramatized.
«Python Virus Writing Tutorial» [SRC] 8.58Kb 49911 hits
Python is a freeware powerful interpreted programming language available for most operating systems. It is object-oriented, interactive, portable and easy to learn. It is also popular as a CGI scripting language, as its capabilities compare favorably with those of Perl (Not that i code perl) It can be interpreted in a number of operating systems, this makes very good idea for future viruses So erm, lets go!
«Ferite virus writing guide» [SRC] 8.55Kb 13783 hits
«Some ideas about OpenOffice infection» [SRC] 7.41Kb 11092 hits
Electrical Ordered Freedom #2 (EOF-DR-RRLF) (2008)
This article will try to explain a new way of infecting openoffice documents. Other OO virii have been written using the basic programming language offered by OO, like Starbucks, Stardust or the multi platform BadBunny. It is possible to infect the documents using their simple structure. Let's go!
«Batch Viruses (second issue)» 13.13Kb 17297 hits
As written these programs are not damaging to data and will only affect BAT, BAS and PIF files. One could say this is still data but no malice is intended. Art maybe. Others might not be so nice - batch viruses are perfectly capable of carrying deadly payloads.
«Batch Viruses (third issue)» 16.08Kb 12093 hits
29 authors, 74 titles
By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka