Thursday, December 27, 2007

How Autorun Virus works in Windows Xp?

How to make AUTORUN Viruses:
--------------------------- ------
The pendrive viruses generally follow Autorun procedure of Windows OS.
When you plug your PENDRIVE or any removable storage device to USB Port,
the PLUG AND PLAY feature of Windows Xp first looks for the file AUTORUN.INF
and anyname following AUTORUN.* convention. Generally following files will be present in the list:

Autorun.inf // INFORmation file
Autorun.bat // Dos BATCH file EXECUTABLE
Autorun.vbs // Windows Scripting HOST WSCRIPT.EXE file , written using VB-SCRIPTING
Autorun.bin // ---
Autorun.ico // This icon file will be the ICON of your VIRUSED PenDRIVE
Autorun.com // Executable
Autorun.exe // Executable
or
somename.exe // Executable

The "autorun.inf" file contains information for the EXPLORER to Look the files to executable on click at pendrive icon. we'll use autorun.bat as executable at this Demo. You can have your virus code and reference it as an executable in "autorun.inf" file.


How to make a simple autorun VIRUS
------------------------------------
(Try it, it won't harm your computer. just a demonstration)


STEP1:
make "autorun.bat" using any text editor.
the *.bat files are DOS executable scripts.
eg:
----------CUT THE CODE--------------------
@echo off
@cls
@echo "this is a simple autorun test..."
@echo .
@echo .
@pause
@exit
-------SAVE CODE in a file autorun.bat-----

STEP2:
make "autorun.inf" using any text editor.
eg:

----------CUT THE CODE--------------------

[autorun]
open=autorun.bat
icon=autorun.ico
shell\open=Open
shell\open\Command=autorun.bat


-------SAVE CODE in a file autorun.inf---


STEP3:
find a "*.ico" or an icon file and rename it as
autorun.ico. this icon would be ther icon of your REMOVABLE DRIVE in My computer


STEP4:
till this step you should have following files at hand:

autorun.inf
autorun.bat
autorun.ico

Now make these files HIDDEN, SYSTEM and READONLY files,
Right Click -> Properties -> Attributes

if you are familiar with DOS, follow this:
copy these three files to folder named VIRUS in Drive C:
open DOS Prompt

type following DOS Commands:
-------------------------
cls
c:
cd\
cd virus
attrib *.* +s +h +r

-----------------------
this would make your VIRUS ready to copy to PENDRIVE



SETEP4: THE LAST STEP

Now open the C:\VIRUS Folder
goto tools menu -> Folder Options..
"under VIEW tab check followings"
-> Show hidden files
-> show protected operating system files

- if your VIRUS folder is opened you should see these 3 files HIDDEN..
- Now copy these files into your PENDRIVE.
- BOOM you are done.
- Remove your pendrive and plug it again to USB port.
- If you CLICK on PENDRIVE ---- BLAST! Virus would Run...