MDL - Mass Destruction Library Version 0.10b Written by Evil Avatar Table of Contents ----------------- Table of Contents...................................................1 Greetings...........................................................1 License.............................................................2 What is MDL?........................................................2 How MDL works.......................................................2 Using the MDL.......................................................2 Source code availability............................................3 Problems............................................................3 The Future..........................................................4 Virus Toolkit History...............................................4 Greetings --------- Greetings go out to Dark Angel, Hellraiser, the rest of the Phalcon/Skism group, and Dark Avenger, who are, in my humble opinion, the greatest virus authors today. MDL is dedicated to John McAfee, for he will benefit the most from this package. MDL Documentation -1- Evil Avatar 1993 License ------- The author hereby releases this program as freeware. You are free to use the MDL in viruses. It is prohibited to use it in other ways (i.e. Trojan Horse). You may distribute this archive and associated files only to virus programmers. What is MDL? ------------ MDL is a library that can be linked to any virus. MDL has been written using Intel 8086 assembly language. MDL is used as an easy method to destroy data on a disk without having to do all the tedious coding. How MDL works ------------- MDL is distributed with many routines, seven of them intending to destroy data. Some are very basic; some are fairly complex. One routine that is not destructive is a random number generator. This is used by some routines in the library. This can also be called for your own use to create random numbers for an encryption system. Using the MDL ------------- MDL consists of several modules. I assume you are using assembly to write your virus. If you are using a high level language then you are on your own. At the beginning of your virus put this: .model tiny .code extrn kill_br: near, pot_shot: near, pt_trash:near, sec_buf:near extrn screw_file: near, alter_fat: near, fat_fuck: near, rip_hd: near extrn rnd_num: near, load_sec: near Then you just write your virus. When you are ready to kill some data, you have several options, explained in detail below. Parameters are passed in registers. All is left is to link MDL.LIB to your virus. All registers are preserved. Now to create havoc! 1. KILL_BR This is your first option. This call to the MDL will overwrite the boot record of any disk you specify with data that you get to specify. All parameters are mandatory. They are as follows. AL - Drive number (i.e. A=0, B=1, C=2, etc.). DS:BX - Start of text/code you want the boot sector to be overwritten with. You can get real creative with this. You can kill the disk with the right text. You might even want this to point to a new boot record of your own! 2. POT_SHOT This option will destroy a sector of your choice on the default drive. You can also choose a random sector to destroy. AX - Sector to destroy (to get a random number, call RND_NUM just previous to calling this command). MDL Documentation -2- Evil Avatar 1993 3. PT_TRASH With this routine, you can kill the Partition table on the hard disk. This will make all data there inaccessible. There are no parameters to this routine. 4. SCREW_FILE The fifth option will open a specified file and overwrite it with random data. There is only one parameter. DS:BX - Offset to the name of the file to screw. Note: The file name cannot be a wildcard. Changes are also made to the date/time stamp, so if you want stamp kept the same, you will have to do it yourself. I thought that this would help in flexability. 5. ALTER_FAT This will change random bytes in both FATs. This will irrevocably cause crosslinks. There are no parameters. 6. FAT_FUCK This routine will overwrite both copies of the FAT with random data making the data on the disk inaccessible. There are no parameters. 7. RIP_HD Last of the destruction routines, RIP_HD will overwrite the contents of the entire disk, making recovery of data impossible. Once again, there are no parameters. This command does not return. It keeps formating until the computer locks up, or there is an exception error. 8. RND_NUM This routine will generate 16-bit random numbers. The random number is returned in ax. 9. LOAD_SEC This routine will load a specified sector into a buffer. This routine has two parameters. AL - Drive number (i.e. 0=A, 1=B, etc.). DX - Logical sector to read. This option returns with ES:BX pointing to the start of the sector buffer. Source code availability ------------------------ Source code is made available partly because I think by the time this program is a threat to anyone, the virus scanners will be able to detect it, partly because It'll help you learn how to create your own malicious code, and partly because it'll help me out by allowing others to check for bugs in my code. This code is to be used as a learning tool. It is to allow real virus writers to spend their time on stealth techniques and other things then having to worry about activation routines. This is not to be used with PS-MPC or any other code generator and distributed. That is not virus writing. This program was written in Turbo Assembler 2.02. I trust that you will not alter it and re-release it as your own. Problems -------- This code was written over a weekend and very hastily. It is not very MDL Documentation -3- Evil Avatar 1993 optimized. Also, I didn't give it alot of testing (I don't have a spare hard drive to kill). However, I did test some routines on floppy disks and they worked fine. This code is bound to have tons of bugs (note the 0.10b release). Report any bugs to Evil Avatar. If you can, please suggest alternate code (you will be given credit for it). The Future ---------- For the future of MDL, I plan on fixing all bugs. I also plan on adding any other routines that come to my head (one that comes to mind is a file crosslinker). I don't plan on spending too much time to this project as I don't endorse the idea of trashing every hard drive in existence. I made MDL to see if I could do it. I am only releasing it in hopes that someone can learn from it. Remember the most memorable viruses don't always have malicious code! For my future, I plan on releasing more toolkits (i.e. polymorphic engine, construction kits, etc.). I also plan on joining a virus group and creating more viruses. Virus Toolkit History --------------------- GENVIR - This was the first attempt at a virus toolkit. If was written in 1990 by a French virus writer. It was never released as a functional program. Virus Construction Set (VCS) - VCS was written in 1991 by Verband Deutscher Virenliebhaber, a German group. VCS is very primitive compared to modern construction kits. MuTation Engine (MtE) - MtE was written in 1991 in Bulgaria by Dark Avenger. It is a polymorphic engine that allows a virus to exist in over 4 billion variants. Virus Construction Lab (VCL) - VCL was written in 1992 by Nowhere Man of NuKE. It uses a graphical user interface to allow a user to create a virus. Phalcon/Skism Mass Produced Code Generator (PS-MPC) - PS-MPC was written in 1992 by Dark Angel of Phalcon/Skism. It is based on VCL, however, it creates more compact code than VCL. Instant Virus Production Kit (IVP) - IVP was written be Admiral Bailey of YAM (Youngsters Against McAfee). It is rumored to be a rewrite of PS-MPC with some rudimentary changes. TridenT Polymorphic Engine (TPE) - TPE was written in late 1992 by the TridenT group. It is similar to MtE. G2 (G squared) - G2 was written in 1993 by Dark Angel of Phalcon/Skism. It is the most powerful construction kit to date. It allows the use of different code packages to do different tasks. Evil Avatar's Mass Destruction Library (MDL) - MDL was written in 1993 by Evil Avatar. It is a library that allows easy destruction of data. MDL Documentation -4- Evil Avatar 1993