Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: what is *.bat file

  1. #11
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    ikalo,

    It could be a virus with a .bat extension, as MsMittens said. But here's a twist I suspect nobody has thought of:

    It would not be hard to write a virus in, let's say C or even VBscript that would infect your computer and then call the command interpreter to run a batch script that contains the line "format c:"

    What a great way to hide the virus from semi-knowledgable computer users. Do you feel like this: Just think about this for a minute.

    The virus writer knows that the newer versions of windows have system file protection and lock files when they are in use, so he knows that when the format subroutine is called, the windows kernel will kick it out and return an error that the format cannot complete, and this error will be visable to the user.

    The quasi-knowledgable user will see this and think....that batch file just tried to format my PC and will proceed to delete the batch file and will probably not think twice about the whole episode. Others will run chkdisk or check the recycle bin to see what was deleted, not even thinking that they may have just infected their computer!

    What do you think of that! Anybody want a proof of concept?

  2. #12
    Senior Member
    Join Date
    Sep 2003
    Posts
    126
    sometimes 576869746568617's thinking is just scary no need to see proof of concept I think you are on to something just glad you are a white hat.
    you are a white hat aren't you?
    [Shadow] have you ever noticed work is like a tree full of monkeys you look down and all you see is monkeys below you then you look up and all you see is a bunch of *******s above[/shadow]

  3. #13
    Senior Member
    Join Date
    Jan 2004
    Posts
    124

    Thumbs up

    576869746568617

    good thinking... that is why I asked neohunk to send that .bat file so we can see what is inside...
    correct me if I'm wrong, but you will need two files attached to run this scenario.
    If you embed VBS in HTML body of message how can it detect that you started .bat?
    and if script does all dirty work, why does it need .bat file? I mean, if it can be done silently, why to raise alarm... it would look just like some spam.

    wait, maybie I got it... VBS drops another file on your HDD, then you need .bat to run it? but then why not run it emediately???

    damn, if I just could see the code I would figure it out.
    Ikalo
    ------
    Make your knowledge your deadliest weapon.

  4. #14
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    Acturally, ikalo, you don't need the batch file. In at least C/C++, with some basic header or another included, you have access to the "system();" function. It takes a string argument and pretty much executes that in MS-DOS or the Command Prompt. So you can have it execute anything you want it to, including the format command and anything else you can do from Command Prompt.

    With that, you can simply have the .exe, you can probably even give it a icon resource to resemble what a .BAT file looks like, and might even be able to name it .BAT, although I don't know if the .BAT can be a binary executable. Without opening it and seeing that the information isn't TEXT, it could have done anything including that simple format command to simply produce an error so the user deletes it without looking or examining the .BAT file (which is really a renamed .EXE) Again, I don't know if the .BAT file can have binary executable data, but if it did this would be a reason you would want to examine what happened, and then realize "CRUD! This isn't plain-text..."

    Basically the goal would be to scare the user into thinking "DELETE IT!" so they can't see what happened. I mean, if you see that error box, you think "I'm soooooooooooo luck it failed," when it could have been done on purpose to trick you and hide the real work...

    Hope that clears it up. No idea if .BAT can be binary executable though and still work...

  5. #15
    Junior Member
    Join Date
    Jan 2004
    Posts
    1

    Smile

    Originally posted here by rcgreen
    Do yourself a favor and add a little tweak to your context menu.

    http://www.dracon.net/regedit/reg04.html

    Then you can right click any unknown file and open it in notepad.
    I never double click unknown file types, but have several
    custom options in my right click "context" menu like notepad, debug.exe,
    hex edit, etc. The default action for BAT files is to execute
    the commands contained in it. Not exactly the safest way to open
    an unknown file.
    Thank you very much!
    It's convenient.

  6. #16
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    PoSer:

    think you are on to something just glad you are a white hat. you are a whitehat aren't you?
    I don't know.....lets find out! Type my handle out. Add the digits 400 to the end. Now treat it as a hexidecimal string and convert each byte into ASCII text. If you do it properly, you'll get an answer to your question.

    I used to code in assembler, so I know hex real good!

  7. #17
    Banned
    Join Date
    Jul 2002
    Posts
    877
    576869746568617400 = Whitehat

    Tisk* tisk* For every guy getting hyped up with over the top news attention about some new open source software or a break-in another kid will fallow simply because they want belonging, to look cool, or to simply gain a label. Which as we all know these things have nothing to do with computers.

    Its the same way with punk in some ways. I like the old school hardcore punk but I don't call myself punk because this would mean that I would have "conformed" to something... which kinda rather goes agianst what alot of the hardcore stuff was about in the first place. Kinda crazy now that I think about it. But compair the average Joe Blow kiddie with some blink182 fan and you'll see what im saying.

    The point of all this is to me... it seems by calling yourself something your actually just contradicting yourself later on. Esspecially when the label you choose to call yourself is a popular label yet has no true meaning to anyone now days.

    49207375636B207768656E20706C6179696E6720776974682041534D2E00

  8. #18
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Suck huh? LOL!

    I see your point about the labeling....That's deep

    I guess a more fitting label would have been "I exsist".

  9. #19
    Senior Member
    Join Date
    Sep 2003
    Posts
    126
    ASM ??????????????????????????????????
    sorry for the one liner but wtf.
    [Shadow] have you ever noticed work is like a tree full of monkeys you look down and all you see is monkeys below you then you look up and all you see is a bunch of *******s above[/shadow]

  10. #20
    Banned
    Join Date
    Jul 2002
    Posts
    877
    This has gone off topic but ahhh damn those acronyms and abbreviations!!

    ASM (Assembly) and on occassions you'll run into:
    MASM (Macro Assembler).
    or NASM (Netwide Assembler).
    or even worse HLA (High Level Assembly).
    Are you seeing a pattern now? Then for disassembly they'll usually throw in DASM on the end. The list of things that I can uhhh... list, can go on and on.

    I have also seen a few companies & things that have shortened the names down to ASM. As said before some labels are just messed up. Well there is that and the fact that when im doped up on meds im the only person who can understand what I say

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •