Most of us are familiar with the virus that used to block Orkut and Youtube websites. If you are curious about creating such a virus on your own, here is how it can be done.
As usual I am using my favorite programming language ‘C’ to create thiswebsite blocking virus. I will give a brief introduction about this virus before I jump into the technical jargon.
This virus has been exclusively created in‘C’. So, anyone with a basic knowledge of ‘C’ will be able to understand the working of this virus program. When this program is executed, it will block all those websites that are listed in the source code. In the following example, the sites that are listed in the source code are Google, Yahoo and Youtube. When you download the source code of this program, you have a choice to include your own list of sites that you want this virus to block.
I have just removed the source code of this program from this post as it is lengthy and makes the post look messy. You can still download the source code of this virus program from the following link:
How Virus Program Works?
The Windows operating system maintains a special file called HOSTS which can be used to block any given hostname or domain name (website) by adding new entries onto it. This program works by modifying the HOSTS file by adding new entries of those sites that are intended to be blocked. The HOSTS file is located at:
%windir%\system32\drivers\etc (Usually: C:\windows\system32\drivers\etc)
So, when you execute this program, all it does is add the entries of the list of those sites (mentioned in the source code) to this HOSTS file. Once this is done, the site will be blocked from your computer. So, none of the browsers would be able to load those sites on your computer.
For more information on HOSTS file, I recommend reading my other post onHow to use HOSTS file to block websites.
Now, as far as the technical part of this program is concerned, people who have a working knowledge of ‘C’ should be easily able to understand the working of this virus program. However, for those who are new to ‘C’ programming, here is the algorithm of this program:
- Determine the Root drive. ie: Find the drive (C:, D:, E: or F:) on which the Windows is installed.
- Navigate to: %windir% -> system32 -> drivers -> etc
- Open/Load the HOSTS file.
- Copy a list of those websites that are mentioned in the ARRAY to the END of the file.
- Save the file and Exit.
How to Compile the Source Code?
For a step-by-step compilation guide, refer my post: How to compile C Programs?
Testing the Virus:
- To test, run the compiled module. It will block the sites that are listed in the source code.
- Once you run the fileblock_Site.exe, restart your browser program. Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.
- To remove the virus type the following command in the Run.
%windir%\system32\drivers\etc
- There, open the file named “hosts” using the notepad. At the bottom of the opened file you’ll see something like this:
127.0.0.1 google.com
- Delete all such entries which contain the names of blocked sites.
NOTE: You can also change the ICON of the virus to make it look like a legitimate program. This method is described in the post: How to Change the ICON of an EXE file?
Tags:
CRYPTO AND CODING