Your email address:



LigoWave

Other resources
 Linux certifications
 Security Focus

Tropical PC Solutions: How to hide a virus!

Today viruses and malicious code are everywhere.

I recently was called on to fix a clients laptop. As I began looking around seeing what all was wrong I noticed some strange signs. This guy had a number of viruses and spyware hidden in his machine. How did they get there?

There are many ways one can get a virus but in this case he had picked up some bad files on Limewire (P2P file sharing software). The viruses were wrapped up with legitimate music files. In other words, he downloaded the music file, ran the music file and the music file played as usual. What he didn't know is that a virus file was hidden within the music file. How does that happen? We will attempt to explain this.

Please note that we are not publishing the code we used to do this so others don't download and abuse it!

First off we need a binder program...
How to hide a virus

This program will bind two files together. Now we are going to wrap up our virus file (File1) with our image file (File2). Notice how you can change the file extensions to what ever you want. You can load .exe, .vbs viruses etc... You can also choose that the main file is an image, video or what ever you want.
How to hide a virus

Once you have decided on what virus you want to hide and in what type of media file you want to use, you tell the code to run the media file normally but HIDE the virus file (usually runs in console window).
How to hide a virus

Once we have set up the C code to do as we want, we then run the makefile script. This will run our code through Borlands C compiler and build our program. The finished program is called dropper.exe. You can make this code have whatever icon you want. In this example, since we are trying to hide our virus in an image file we used an image icon.
How to hide a virus

Keep in mind that this is just one example of how people hide virus files inside other working media files. It is very important to have up to date AV (Anti Virus) software and if you are running a Windows computer ALWAYS have the computer show you the files extension!