I think this is a good way to spread.
The windows automatic update service. The data as to the file location of any file it finds on the windows update server is stored somewhere on the computer. I can't remember whether its in memory or registry. But its temporaily stored there. If our virus changes that path to a link to our virus file, windows update downloads the virus file and executes it. The user thinks they are downloading and installing an update because it comes from a program they trust but they are really downloading the trojan.
I am getting to work on this new virus when i get time.
What do you think of that? Would it spread quickly?
good thinking but u have lots of hard work to do so its best that you get started if you need help just pm me ok . i lots of ideas on viruses and trojans.
i dono. the windows update has a file integration check, to see if the files ar corupted or fucked, then he'll check the size, and the file ill prob be less than the fileexe. u can fix this, but i dono if thereis any md5 or another file check
the WnUp cant be edited while executing, like u cant change a exe folder while executing or delete a sql database while an app is using it
japabrz Wrote:i dono. the windows update has a file integration check, to see if the files ar corupted or fucked, then he'll check the size, and the file ill prob be less than the fileexe. u can fix this, but i dono if thereis any md5 or another file check
the WnUp cant be edited while executing, like u cant change a exe folder while executing or delete a sql database while an app is using it
I've thought of a work around for that. Its difficult but it might work. If they are using something that i need to modify then i freeze the application using a similar method firewalls do, unload the component i need to modify, then i modify it and re-load it. Then unfreeze the application.
I have no idea how to do any of this so i have a lot of Googling ahead of me.
That is a great idea and will def spread quickly. But you have to think about forcing the windows update to think that your virus is and update and download it instead of downloading a real windows update.
OXY Wrote:japabrz Wrote:i dono. the windows update has a file integration check, to see if the files ar corupted or fucked, then he'll check the size, and the file ill prob be less than the fileexe. u can fix this, but i dono if thereis any md5 or another file check
the WnUp cant be edited while executing, like u cant change a exe folder while executing or delete a sql database while an app is using it
I've thought of a work around for that. Its difficult but it might work. If they are using something that i need to modify then i freeze the application using a similar method firewalls do, unload the component i need to modify, then i modify it and re-load it. Then unfreeze the application.
I have no idea how to do any of this so i have a lot of Googling ahead of me.
OMG this ill be hard to do, not impossible though
if wanna help, we ar here.
lol
Edited: i think u might take a look at this:
Set USess= CreateObject("Microsoft.Update.Session")
u might take a look at Microsoft Script Host component
this might help u start