ллллллллл лл лл лл лл i O L O G i C A L лллллллл лл лл лл лл ллллллллл лл лл лл лл A R f A R E лл лл лл лл лл лл лл лллллллл лл лл Virus Creation Kit Version 1.00 by MnemoniX 1994 LEGAL DEPT. MnemoniX is NOT responsible for any damages that may result from using this program or any code that is generated by this program. Such damages are your problem, not mine. This program is for educational purposes only; the code generated by the program is NOT to be distributed without the knowledge of the recipient. This program is not for idiots! If you are unfamiliar with programming or the workings of your PC, you should definitely not be using this program. And please don't remove the "[BW]" signature from the code. It's not that much to ask. REVISION HISTORY 0.90с Beta Test version. 1.00 Fixed minor superficial bugs and added support for the Biological Warfare Mutation Engine. ABOUT BIOLOGICAL WARFARE Biological Warfare is, of course, a virus creation kit. The program will generate assembly source code for a fully functional virus according to the specifications you give it. The assembly code generated is specifically designed for Turbo Assembler; it should work with MASM, and perhaps other assemblers as well, although it may require slight modification. Its selling points include : * COM & EXE infection * Resident & non-resident viruses * Anti-trace code * INT 24 handler * Directory stealth * Encryption, both standard and basic polymorphic (via the Biological Warfare Mutation Engine) When Biological Warfare is run, it will give you a menu with a list of options pertaining to the virus. You manipulate the options as directed to create the virus to your specifications. Any options that do not pertain to the configuration you choose are ignored. The options are : A) Text - Any text you wish to appear within the virus, up to 60 characters. B) Resident - Specifies whether virus will be resident in memory or not. "Y" specifies a resident virus. C) Infect - Either COM, EXE, or both. Infects the corresponding files. D) Encryption - This determines the type of encryption to be used by the virus. This can be either None, Basic, or Polymorphic. If None is chosen no encryption will be used. If Basic is used, the program will use one of a number of encryption algorithms at random. If Polymorphic is chosen, the code will be written to include the Biological Warfare Mutation Engine. More on this later. E) INT 24 Handler - "Y" specifies that the virus will steal DOS's critical error handler to avoid write protect errors. F) Anti-Trace - "Y" specifies that the virus will includes routines to thwart trivial debugging or tracing. G) Maximum Size - Either Y or N. If "Y" is selected, the virus will not infect any .COM file too large for it. (.COM infectors only) H) Traversal - "N" specifies that the virus will only infect in the current directory; "Y" specifies the virus will move upwards in the directory tree. (Non-resident viruses only) I) Infections/run - Maximum number of files to infect each run. Selecting "0" will cause all possible files to be infected. (Non- resident viruses only) J) Avoid COMMAND - "Y" specifies that the virus will not infect COMMAND.COM. (.COM infectors only) K) EXE Marker - Two characters used to indicate an infected .EXE file. (.EXE infectors only) L) Overlay check - "Y" specifies that the virus will not infect .EXE files with internal overlays. (.EXE infectors only) M) Time stamp - This is used by either directory stealth or polymorphism. (You can't use both directory stealth and polymorphism.) If you select polymorphism, infected files are marked with this timestamp. If you are making a resident virus and polymorphism is off, this timestamp is used to hide the file size increases from a directory listing. All infected files have their seconds field set to the given number. Absence of this number indicates that no directory stealth or polymorphic function will be included. N) Infect on - Specifies what conditions the virus infects under. "EXEC" specifies that the virus will infect on execute; "OPEN" specifies that it will infect on file opening; and if both are given, the viruses infects on execution and file opening. (Resident viruses only) O) Activate - If "Y" is chosen, the virus will include space for an activation routine in the code. P) More directory stealth - This may be only used in conjunction with directory stealth; it will make the increase in file size invisible from any file managing programs in addition to a DIR command. If "Y" is chosen this feature is added. (Resident viruses only) After these options are set, enter "V" to create the virus source code, and "Q" to quit. The source code can be compiled and then linked to create a fully functional virus. BIOLOGICAL WARFARE MUTATION ENGINE (BWME) The BWME is a polymorphic encryption engine that will make your virus more difficult to scan. It will create a different encryption algorithm each time it is run and create a new copy of the virus, with very little similarities between copies. I should mention at this point that this a VERY basic polymorphic engine. Modifications and additions are encouraged, as this is meant to be a learning tool. You can use it in your own viruses as well, but please don't remove the "BWME" signature. I included the BWME as a separate file - BWME.ASM. When you compile a virus created with the kit that uses BWME, this file must be accessable by the assembler. Your can call it within your own programs as follows: DS:SI points to code to encrypt ES:DI points to area to store resulting code CX is size of code to encrypt in bytes DX is the offset at which the resulting code will be RUN in memory Use by entering: call _bwme and include, at some point in the file, the line: include bwme.asm IDIOTPROOFING This program is, as I have said, not for idiots. For this reason I have password protected the program; if you received this program from the right places, you should have been given the password. I have not been overly protective about hiding the password, but hopefully it will prevent the knobs out there from using it. BUGS, SUGGESTIONS, AND OTHER HOUSEHOLD HAZARDS I hope to have weeded out most of the bugs in the virus creation engine; I personally am disgusted by the many non-functional virus creation kits out there. If you find bugs with a virus created, I would like to know; please tell me, giving all the information you can, perhaps even a copy of the program it screwed up on (no commercial programs, please). With your help I hope to perfect the engine. Suggestions are always welcome as well; input would be greatly appreciated. IN THE FUTURE A large percentage of the virus creation kits out there come with documen- tation saying "Next version I'll add these fantastic new features, etc." when it's unlikely there will even BE a next version. Nonetheless, in future versions of this kit, I intend to optimize the code more (right now, some of the code comes out a bit bloated, although still functional) and include : * More stealth abilities * Anti-AV techniques * Boot sector infection, if I'm feeling ambitious So there it is : Biological Warfare. Enjoy. - MnemoniX 1994