• NatSec worm Source code --- Lets discus...

    Author : "vinnu"
    Developer : "vinnu"
    Team : Legion Of Xtremers
    Year : 2006-2007
    IDE : VC++ 6.0
    Type : win32.dll layer worm
    Damage : None, rather has performance boosters

    NatSec (project name) worm was my one of most interestign and efficient worms in the past with its infections in nearly every continent but in very secret manner and very few.
    I m going to reveal its diminished (trimmed) varient for educational purpose with most of its functionality removed, but still can do enough infections.

    It does not damage any data or system resources. Even the cpu and memory utilization is very carefully controlled to keep the system running smoothely.

    The infected system started to talk in PAHARI language but intelligently they keep quite when the sysop listens music or watches movies.
    This worm was developed using fusion technique, i mean by fusing several techniques, like it was developed in c but it had vbs modules too.

    Now let us discus the prerequisites of a worm structure, which are most essential for an artificial life.

    A typical worm structure:

    1. Main circuit - This circuit is responsible for controlling all the activities of different modules. This circuit makes sure which module should be fired at exactly what time and whether is the fired module properly executed.

    Note: Some worms do not let other clones of itself to be executed on same prey. So the main circuit takes care of that, in several ways: in one technique the older executing sibling checks for the reinfection and destroys the reinfecting routines, in another the youngest sibling kills the older (elder) already executing clones. But in case of scattered tentacles in several other prey processes (hijacked processes) the later technique is not reliable and is difficult to implement as it may destabilize the system. So the first technique is used in which the main circuit takes care of the reinfection and kills it.

    Important note: All my other worms too behaved in similar manner. All this stuff and techniques are the general properties and behaviours exhibited by my worms and i am not discussing the behaviours of other's artificial lives every artificial life developer has his own recipe so don't blame me for other's techniques if they are different...."vinnu"

    The main circuit is also called as motherboard as analogous to hardware motherboard of any system.

    2. Displacement circuit: This circuit is most important and cares for placing the necessary parts at their appropriate positions depending upon the privileges of the prey.
    This circuit must execute in the first priority and before most other circuits, it is necessary to call this circuit from main (motherboard) circuit in multithreaded environment.
    It will generate and place all the necessary modules at their proper places.

    3. Process hijacker : Being a dll layer worm, it is most necessary to hijack the victim system's appropriate processes and inject the required code into them. Every hijacked process will be zombied and will carry out a different and distinct activity.

    4. Auto trigger circuit: This is also one of the most important circuit. A worm with only this circuit is enough to survive in a single prey.
    The auto trigger circuit actually a looped circuit which keeps on writing the triggers which are responsible for triggering the worm trigger file at the time of system restart.

    Note: All loops (worms have 99% indefinite/infinite loops) must have sleep times into them, otherwise the system will get unresponsive soon. this is most avoidable situation.

    The sleep time must be chosen in such a way that it doesn't clog up the cpu and not so much to even defeat it from a simple command consoles for loop to defeat the worm.

    5. Feedback circuit: ..............................................

    Read more
    This article was originally published in forum thread: NatSec worm Source code --- Lets discus..."vinnu" started by "vinnu" View original post
    Comments 1 Comment
  • G4H Facebook

  • G4H Twitter