26. March 1998
Joshua Zarwel recently expressed disbelief in the possibility of batch file viruses on alt.comp.virus. I was going to respond with the rumor I had heard about a virus which spreads by using the MS-DOS find command to extract itself, but I wondered about the details, so I went up a few cul-de-sacs before finding a method that allows the creation of a batch file virus.
Please note that I am not a "virus writer." Don't send me any email saying, "Hey, d00d, I need to crash my junior high library's computer!!! Send me an email viriiiiii that will turn it into slag." If I thought this virus was at all dangerous, I wouldn't have posted it. If you are going to play with it, keep in mind that you have to type the command in UPPERCASE to avoid an infinite loop. If anyone knows how to make the if string==string operation case insensitive, please write me. Create yourself a new directory with some simple batch files in it, so that you don't end up infecting yourself (although a few minutes with a text editor will let you remove the virus from your system).
The logical steps in the operation of a batch file virus are:
- Extract the virus portion of the host file
- Iterate through a selection of batch files to be infected
- Append the virus to each batch file
Extracting the virus portion of the host file is best done using the find command, which works much like Unix grep, allowing one to output all lines containing a search string. So, we have to make sure all lines of our virus contain the same search string that isn't likely to occur randomly (or the virus would pick up random lines of other files).
