VCL's also tend to give the beginning virus "writers" a false sense of their programming abilities." />

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

The Virus Creation Labs

Horny Toad
CodeBreakers [1]
October 1997

[Back to index] [Comments]

I would like to share my feelings on virus creation labs in an attempt to put them in a certain perspective for the beginning virus writer. With just a cursory glance around the underworld of hacking and virus writing, one can not avoid the subject of these code generators that essentially allow anyone, regardless of their programming experience, to create working virii. The general consensus of most virus writers is that these programs blow ass and have no purpose other than to flood the world with easily scanable and weak virii. It is true that, for the most part, virtually every AV program on the market will pick up these creations, in their unaltered form. The VCL's also tend to give the beginning virus "writers" a false sense of their programming abilities.

All of the negative points that are presented are for the most part true. Although, I would like to interject that virus creation labs are a useful tool in the education of virus writing and should continue to be written and used, but not abused. One thing that annoys the shit out of me is when a beginning virus writer approaches me and says that he thinks "The Facked-Up Virus Writing Machine" is bad. How do you know that, Joe Newbie? It tickles me silly when that same person tells me that this program produces poorly written code because of such and such. One of the traits of a good virus writer is to be able to look at a piece of code and analyze its effectiveness.

I'd rather not plug any one virus creation lab over another; they all have their good points and bad points. What I suggest that you do is enter very simple parameters and take a look at the output. I would seriously advise against allowing the vcl to automatically compile the virus. I like to have a look at the generated ASM file and make sure that the virus will do what I told it to. With some of the labs, routines are left in the virus that were not specified in the parameters, a very dangerous mistake. Another thing that you will find is that the code that the vcl creates, for the most part, is severely unoptimized. The virus that you create yourself will also have a better chance at not being detected due to the over familiarity that the AV community has with the labs.

Creating a virus writing lab. By all means create one if you have the know-how. It is a definite programming challenge due to the enormous amount of output possibilities when you consider the different options that the user can choose. Spo0ky and Arsonic are currently writing a lab for the Codebreakers. Knowing their ideas and experience, you can look forward to a kick-ass generator. Successfully written labs are a testament to the programming abilities of the individual.

As you can tell, the main problem that I have with the virus creation labs is that people are creating virii with them and trying to pass them off as their own. Lame ass motherfuckers! We even had a lamer who was unfortunately a member of our organization and submitted a number of virii to the group. We though that he was going to be very promising by the amount of code that he was putting out. Then Spo0ky decided to read some of his code and the fool fucker had left:

; ______.ASM
; Created with Nowhere Man's Virus Creation Laboratory v1.00
; Written by "Joe Lame Fuck"

on the beginning of his code. Needless to say, the bastard was dropped immediately. I'm not trying to say to discard everything that the virus creation labs make, quite on the contrary, learn from them. If you see something that you like in them and decide to use it in your code, give credit where credit is due. For example:

        mov     ax,5700h        ; save file date/time
        int     21h             ; thanks MnemoniX!
        push    cx dx
        mov     ah,3Fh
        mov     cx,28
        lea     dx,[bp + read_buffer]
        int     21h

Let's say that I decided to use a portion of MnemoniX's code from Biological Warfare. In the code, I would at least give credit to the original author. Also, I have a number of virus "skeletons" that I have written that I use quite often. A virus skeleton is a generic structure for a certain type of virus that I want to write. For example, let's say that you want to improve upon my Toad instructional virus that is presented in Lesson 1. If you add a bunch of routines to it and change the way that it works, the new virus IS written by you, but you might want to mention that some of the code was taken from Horny Toad's instructional virus. Here I am talking about virus writing ethics, what is the world coming to? No really, we need to have ethics and a code of virus writers. The virus community is very tight. Most of us genuinely respect one another.

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka