220
TCPizza
23d

assignment: use winAPI to create a "virus" that put itself in autorun and does nothing.

me, a curious student: does the assignment and adds a heap corruption code just as a joke.

after sending the assignment to the teacher I realized that I have sent the real virus.

result: teacher comes next lesson without a computer and stares at me silently and viciously.

we'll see what happens next
any idea on what's going on in his head?

Comments
  • 45
    Are there no antivirus measures on the computers? 🤔
  • 158
    "today's class is about the importance of virtual machines"
  • 18
    @irene there are but he ignored them because the assignment was harmless, anything that uses autorun gives out a warning
  • 5
  • 6
    @jespersh what if your virtual machine is connected to your host via virtual lan? 🤔
  • 13
    @irene the heap is individual for each computer, if the virus doesn't distribute itself through lan it will still be harmless
  • 11
    I'm curious about this heap corruption mechanism.
  • 21
    @tacticalKimchi in C you can expand your let's say array on you heap using malloc and realloc, so you just spam them and insert nulls to the entire heap, and sonetimes it can run over other programs and if there's a windows update on startup it can even corrupt some files
  • 3
    @TCPizza is it overflowing a kernel-space heap?
  • 3
    @beegC0de usually a warning will pop up and stop the program if it tries reaching down there but on some accations it will do it because it's saved in the registry
  • 5
    Mind sharing the code?
  • 7
    @irene https://pastebin.com/qvZY7ZXQ
    it's not that complicated and you have to run it as administrator
    for compiling it with gcc use --windows
  • 9
    @jespersh never use a virtual maschine to test a virus. There are so many vulnerabilities discovered ever year to escape a VM it's ridiculous.

    Always use a second pc not connected to the network. Best is an iso which works only in ram and is cleared after shutdown
  • 6
    @pain
    I was not aware this was remotely possible. Holy shit mate
  • 4
    @jschmold yes - that was my response as well. And Linux (host) is not safe either.
    So far I never saw a virus capable of but it just takes one...
  • 4
    Now this is my kind of rant.

    @pain thanks for the tip.
  • 4
    @pain I believe you should not test such hardcore virus at all 😁
  • 3
    @irene well you are of course right with that one :D. But some of us have a job to do ;)
  • 2
    @irene yeah but if you write a virus, you have to test before distribution
  • 1
    @TCPizza or do you? 🤔🤔🤔
  • 0
  • 1
    I'm not even sure what to say. But thanks for sharing. That story went right into my favorites.
  • 1
    @NeedsMoreDivs ☺☺☺☺☻☺☻☺☻
  • 0
  • 8
    Reminds me of my auto Hoffer I created as a joke on a colleague. At the company I was working for we'd set a David Hasselhoff in speedo photo on your desktop background if you left your pc without locking it. As he almost never forgot locking it I took my chance that one time he did forget. Quickly created console app that would set one of 4 embedded hasselhoff pictures on desktop at logon/unlock. Disguised it as some legit Windows process, also in auto run in registry. This was awesome. He couldn't figure out what was Hoffing him constantly, even when locking his system.
  • 3
    @CodeMasterAlex sounds fun, ill try it
  • 5
    When I was around 10 I made a virus that simply created empty files until it was terminated. I gave it a meaningless name, and forgot about it. Then sometimes later I naively ran it to find out what that exe was. By the time I managed to kill it it made 15000 empty files on my desktop... it took me 2 hours to delete all of them 😂
  • 8
    malloc() would at some point simply return NULL, when the virtual memory manager can't allocate a new 100 byte slice.

    That is not a heap corruption. 😉 It is just a monster leak on purpose. Which is evil enough, however. It will freeze the computer once all available memory is allocated. Maybe it will lead to a BSoD, too? 😈

    To be a memory, corruption, your code has to try to use memory beyond the memory that was allocated, a buffer overflow, for example.

    To make it a heap corruption, a function has to allocate memory on its stack, and then write over its boundaries and thus into the programs heap. 😉
  • 3
    @Yamakuzure so you're saying I need to use recursion the worst way possible
  • 2
    @TCPizza just "forgetting" to add the exit condition won't do it. The program would simply crash with a recursion depth error. (too many stacks)
    And when the program is gone, the virtual memory manager will eventually clean up the unclaimed pages. Even on Windows. (since Vista. XP would go haywire over that, its VMM was crap.)
  • 1
    My conclusion - you get a job offer at Evil Corp
  • 2
    @Yamakuzure I made a recursion that checks if the answer of malloc(100) isn't null it will run again and once it is null the computer will shut down
  • 0
    @TCPizza was it on Linux? O_o

    On Linux your program will be forcefully shut down with OOM error but won't crash the whole system.
  • 1
    @irene nah its windows
  • 0
    Torture being WinAPI may only be answered with torture. :')
Your Job Suck?
Get a Better Job
Add Comment