8

8 comments

To put it simply, Domas' God Mode takes you from the outermost to the innermost ring in four bytes.

Amazing, really. I wonder what started this guy on his search.

[–] ScorpioGlitch 2 points (+2|-0)

Curiosity. I wrote a virus out of curiosity when I was trying to create a desktop that was more than just a wallpaper. There's a reason MS abandoned the Active Desktop and gadgets... the desktop was pure html.

I will forever and always be in awe of you tech geniuses. I'm studying software engineering, but the more I learn the more I realize how fucking little I know about this field. What did your virus do, by the way?

[–] ScorpioGlitch 1 points (+1|-0) Edited

As soon as you keep it as a mantra that someone always knows more than you do, you'll enjoy it more.

It was supposed to be a thing that let me have shortcuts to frequently used programs as icons as an actual part of the desktop (along with an embedded text editor with a save button), an embedded alarm clock, and an embedded media player (audio and video). You could turn icons off, rearrange them, whatever, and my stuff would stay there right where they were intended. If you used a regular html document as the background, it always asked if you wanted to save or run the program and I wanted it to behave like a normal icon. I discovered that the HTML doc that was the desktop ran under system level privileges and wouldn't even ask you for permission to download and run a file from the internet.

Once I put all that together, it was a simple little script that copied over your actual desktop shell file with the default windows bliss background, injected a download command (at any URL I wanted, any executable I wanted, and silently), then logged the user off to make the changes stay. When the user logged back on, the desktop would load, run the script and therefore download the file I specified, run said file, and all invisibly. To infect your computer, all you had to do was browse to any page where the kickoff script was embedded. To be clear, the web page would rewrite a system file and log you off. That's not a small thing.

I never actually released it and developed it under the watchful eye of a college professor because writing a virus is a serious offense. I wanted someone who knew what was going on and could back me up if something happened. Once the virus was complete, I filed a report with Microsoft pointing out the vulnerability and the research I had done about if this was a known avenue of attack (there was only and exactly one virus already in existence that exploited this). I never got a response but maybe 8 months later, they released Vista.Could have just been interesting timing but I'm sure they didn't respond because they already knew of the problem (hence the reason Vista and later only have simple desktop background options).