I know this isn't the point you are trying to make, but the following
is an extract from step #2:
"2.Go to Notpad and type erase C:\WINDOWS (or C:\LINUX if you
have linux)"
Now where did a put my Notpad... Oh yeah. I left it on my Linux C:\
drive...
I don't believe too many users of Linux systems have much to fear from
step #2.
FWIW
--
1PW
The guy makes a simple delete bomb and calls it a virus. I suspect the
"binary" code becomes an ASCII text string of ones and zeroes which are
meaningless in an exe file. He would have been more like (Devastator
Pax/Condor?) had he just substituted another message for the text in an
EICAR comfile.
...I still have devastator kicking around somewhere.
Well, what did you expect for a 50 byte string of ASCII ones and zeros?
It's not large enough or even the correct format to be an executable.
Even when converted to binary its only 6 bytes + 2 spare bits.
<http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp>
--
1PW
> Do you have any idea what the binary string does?
It depends on what machine interprets the string as viable code, or
rather it's 'instruction set', to have it *do* anything - at least
anything useful.
[...]
> Maybe instead of [exe] you could call it [elf]?
There are many more differences between those executable formats than
just their filename extension.
Taking off the last two zeroes will let it translate to textual
gibberish - but you still have no idea what the destination for the
supposed code was. The command interpreter would expect ASCII text
command and program names and see it as ASCII text zeroes and ones
anyway.
...but you make me wonder what would happen if you submitted a batchfile
to VT that prepended the string "@autoexec" to the autoexec.bat file.
> http://tinyurl.com/Virus-Creation
> I followed the instructions in #3 and copied the binary number and named
> it blogspot.exe, zipped it, then submitted it to jotti to see what is's
> supposed to do and got a universal response of "nothing found" from all
> the various scanners. Is this some kind of destructive code that doesn't
> have any distinct signature, or perhaps it's nothing? The date of the
> posting was 2007 so it can't be 0-day by a long shot.
> Maybe it's some destructive sequence like Dalton Shelby's batch file he
> called Brittneys Tits that formatted a "D" drive if it existed.
this site is all bullshit...
it was written by a complete ignorant that even thinks linux have a c:
drive...
there's no drives in linux at all.
LOL then what is hda0?
nothing, hda0 doesn't exist
hda = master disc on primary ide
hda1 = first partition of hda
hda5 = first logical partition of hda
and so on...
none of these is acessible by a drive letter, like happens on limited
systems
No drive letters, but it still has drives.
Z:\ you fool :]]
some linux(or maybe all linux) not support running windows .exe files,
lol. and on that stupid website, its a batch command. lol.
exe's only run in emulated enviroments