Scribd
Upload
43 views

Foo Virus

The document describes a virus that targets .foo files and spreads via USB drives. It details how the virus works on both Windows and Linux by detecting removable drives, infecting files, and replicating itself. The document also discusses how an antivirus would likely respond by using heuristic analysis, real-time protection, quarantine, and removal to block the virus.

Uploaded by

krishna.sharma21b
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
43 views

Foo Virus

The document describes a virus that targets .foo files and spreads via USB drives. It details how the virus works on both Windows and Linux by detecting removable drives, infecting files, and replicating itself. The document also discusses how an antivirus would likely respond by using heuristic analysis, real-time protection, quarantine, and removal to block the virus.

Uploaded by

krishna.sharma21b
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

FOO VIRUS

A virus to infect .foo files and propagate via USBs

Krishna Sharma
2101104
CS31
INTRODUCTION

A virus is a type of malware that, when executed, replicates by modifying other


computer programs and inserting its own code.

The V.py file tries to emulate a malicious virus. The foo virus targets both Windows and
Linux systems, identifies removable storage devices, and performs unauthorized file
manipulations and self-replication.

FUNCTIONAL OVERVIEW

The virus consists of several functions that together enable it to detect removable drives,
infect files, and replicate itself across systems. The main operational features of the virus
are:

USB Drive Detection: The script discerns mounted USB drives by analyzing
system-specific mount points or drive types.

On Linux, it reads /proc/mounts to find mount points within /media or /mnt.

On Windows, it iterates through drive letters and uses the GetDriveTypeW function to
check for removable drives.

File Infection: It locates and appends the content of the executing script to all files with a
.foo extension within the user's Documents folder and on any connected USB drives,
effectively “infecting” them.

Self-Replication: The virus copies itself to any detected USB drives and a specified
subdirectory within the user's Documents folder.

Cross-Platform Functionality: It includes conditional checks to ensure it operates on


both Windows and Linux platforms.

1
ANTI-VIRUS RESPONSE

A robust antivirus program would likely respond to the virus as follows:

Heuristic Analysis: The unusual behavior of appending content to .foo files and
self-replication may trigger heuristic alerts.

Real-Time Protection: As the virus attempts to execute, real-time protection could


intercept and block its actions.

Quarantine: The virus file could be moved to a secure quarantine from which it cannot
execute.

Removal: The antivirus may attempt to remove the virus and any infected files from the
system.

User Notification: The user would be notified of the threat and the actions taken by the
antivirus program.

2
OBSERVATIONS

When the program runs on the host computer, The local antivirus software does not
block it. It searches for .foo files in the Documents folder for all the users and if any .foo
files are present, it appends the contents of the executing script to the .foo file.

3
After infecting the user's directory it searches for any attached USB devices and infects
the .foo files present in the USB and creates a replica of itself and places it in the USB.

When the USB carrying the virus is inserted to a new system and the user tries to
execute the virus or the OS tries to run the executable containing the virus, the
anti-virus stops the user and prompts for detection of malicious files.

4
CONCLUSION

The foo virus is a dangerous piece of malware with the potential to infect files and
propagate across systems. Its behavior would likely be detected by modern antivirus
software, which would take appropriate action to mitigate the threat. It is imperative to
maintain good cybersecurity practices to prevent such infections.

You might also like