Hackszine Screencast: HOW TO – Infect your computer on purpose

Computers & Mobile


Check it out, Brian shows you how to infect your own computer to test virus software – nice screencast!

Last week, Hackszine fielded a reader request to come up with a way to infect a computer without letting too much heck break loose. This procedure was so much fun that we decided to use it for our first Hackszine screencast. Check it out for a little surprise near the end: I managed to sneak the test malware past the virus protection, but it kicked in as soon as I tried to actually run it.

Related/Featured:

  • Reader Request: Make Sure Your Anti Virus is Working — Link
  • Cygwin — Link
  • Avast! — Link
  • EICAR test file — Link

22 thoughts on “Hackszine Screencast: HOW TO – Infect your computer on purpose

  1. weirdguy says:

    I can’t seem to sneak it past kaspersky at all, not even in .txt ;)

  2. J0ker says:

    nice try to advertise antivirus… and nice try to show us that u r stupid enough to not understand how ANY antivirus works… or u r thinking we r stupid? It was very funny when u used sygwin (just wrapper on win API).
    lol

  3. japroach says:

    eh way to much visual + audio feedback with avast.

    A VIRUS HAS BEEN DETECTED, WHOOP WHOOP WHOOP.

    :P

  4. bjepson says:

    J0ker, the point of using Cygwin was to show that there’s an interesting difference between the way that Cygwin’s mv and Windows’s ren are implemented. They are different enough that the Avast! software did not notice the .com file being created by mv (as it did with ren).

  5. J0ker says:

    BOOL MoveFileEx(
    LPCTSTR lpExistingFileName,
    LPCTSTR lpNewFileName,
    DWORD dwFlags
    );

    dwFlags

    MOVEFILE_COPY_ALLOWED If the file is to be moved to a different volume, the function simulates the move by using the CopyFile and DeleteFile functions.

    So some antiviruses may or may not detect creation or/and renaming of files to the system detectable executional extension. Actually using windows API u can execute ANY byte sequence. But it actually doesn’t matter – any antivirus MUST intercept creation of any process and check it for viruses, so it’s impossible to run infected file anyway.

  6. bjepson says:

    Thanks for the background on that, J0ker. What you said confirms my belief that the system is safe even though the infected file exists on the filesystem (and it’s definitely going to get caught on the next full scan). Still, I would rather that Avast had caught it on the move (weirdguy mentioned in the first comment that he couldn’t get it past Kaspersky).

    That said, I didn’t set out to point out flaws in the antivirus software I was testing; one of our readers wrote in and wanted to know how to infect a computer so his students could learn how to disinfect it.

  7. acidrain69 says:

    No flaws have really been pointed out. You just have some data sitting in storage that happens to be malicious (or in this case, a harmles eicar file that does nothing). Code can only be malicious when it is being executed somehow, natively or by interpretation or whatever.

    You faked us out. This video didn’t show you how to purposefully infect a computer with anything. It showed how to test if your AV software was active and catching things as they run. Nothing was ever infected. Even if you turned off the AV software, nothing was in danger of infection, because eicar is not really a virus.

    You haven’t shown anyone how to “disinfect” anything. You’ve shown how to take an already protected system, and see if the system THINKS it is protected (Lets face it, it’s possible for a virus to fake it’s own eicar warning, but it would be a lot of work). Actually disinfecting a machine would consist of some way of shutting it down, scanning and removing the actual virus, which in this case, there wasn’t one.

  8. bjepson says:

    acidrain69, you are right! The whole point of this was to show how to use EICAR to plant a harmless bit of text that will be recognized as malware so that the reader’s students can have the experience of removing it from their computer. There is nothing more to it than that.

    Everything shown in the video demonstrated how an active antivirus system would react to EICAR. To make his actual exercise effective, the reader who requested this information would need to go further, and do exactly what you suggest. He’d disable his antivirus before planting this string in a variety of places: as a .txt file on the system, in a .com file, embedded in the middle of a .dll, and so forth, and then shut the system down, scan, and remove.

  9. Te Kai says:

    A genuine Louis Vuitton Online Store purse.Buy Louis Vuitton is one of the most counterfeited brands in the fashion world due to its image as a status symbol.Now we have great discount for our
    Louis Vuitton Sale.
    Louis Vuitton Handbags is one of the world’s leading international fashion houses.
    Louis Vuitton Bags sells its products through standalone boutiques.Louis Vuitton Outlet is one of the World’s most recognized brands. Louis Vuitton Online A long time symbol of prestige and wealth,The Louis Vuitton Purses Brand and the famous Louis Vuitton Outlet Store monogram are among the world’s most valuable brands.

  10. Anonymous says:

    I must prevent the virus to infect my computer.

  11. Anonymous says:

    Its Pleasure to understand your weblog.The above articles is incredibly amazing, and I truly enjoyed reading your blog and points which you expressed. I adore to come back on a typical basis,post extra within the topic.Thanks for sharing…keep writing!!!

Comments are closed.

Discuss this article with the rest of the community on our Discord server!
Tagged

current: @adafruit - previous: MAKE, popular science, hackaday, engadget, fallon, braincraft ... howtoons, 2600...

View more articles by Phillip Torrone

ADVERTISEMENT

Maker Faire Bay Area 2023 - Mare Island, CA

Escape to an island of imagination + innovation as Maker Faire Bay Area returns for its 15th iteration!

Buy Tickets today! SAVE 15% and lock-in your preferred date(s).

FEEDBACK