Challenge 3 By Horny Toad This challenge is going to be slightly different than the challenges in the past. This one will take some research. A while ago, someone told me that there was a virus which hid inside of an image file and, when viewed, infected the host system. As far as virus delivery systems go, yes, this would be nice if it was possible, but what he was actually describing to me was a virus that had been uuencoded into an image file. Get on the net and download a copy of Wincode. Here is an excerpt from the description of this program: Wincode is a Windows 3.1 program which converts 8-bit BINARY (EXE, COM,GIF, etc) files to 7-bit ASCII (Text) files (and vice versa) through a process known as bit-shifting. Wincode currently supports UU/XX and Base64 (MIME 1.0 conformant) coding. This BINARY/ASCII conversion allows you to send and receive binary files via e-mail or any other ascii-based communications system. It provides a quick and easy way to distribute programs to people all over the world (it takes a few minutes, on average, for e-mail to reach across the world). UUcoding is a common practice on many Internet NewsGroups in which users wish to exchange binary data. Base64 coding is used by MIME (Multipurpose Internet Mail Extensions) conformant e-mail software as a method for attaching binary data to ascii e-mail. Both methods perform the same overall function (i.e. allow binary data to be safely transmitted through e-mail) but require different formatting algorithms. In the future, Wincode will also support BINHEX coding and *may* even handle the actual "e-mailing" of the data... In order to apply this to a virus delivery method, you would need to attach the virus code to the end of an image file. Then put the image+virus through Wincode and transform it to a file named tits.uue. Upload this file to one of the sick pedophile boards on the newsgroups. When the sick dumb bastard downloads the file and tries to double click on it to open it up, the file converts from a 7 bit to an 8 bit binary file. If the conditions are right, both programs will launch. In other word, the image file will open up in a graphics editor, depending on the extension, and the virus will simply execute. It doesn't always work because the person in question might have the auto execute function turned off. But there are plenty of people that you can catch out there. Beware that there are several AVer's who only job in life is to scan the groups looking for these types of virii. The cool thing is that there really isn't much written about this technique, so you can be proud when you have developed one successfully and nuked some shit head child molester. Good Luck! As always in the past challenges, continue to develop your simple virii into formidable creations. Armed with the knowledge from the tutorial, get to work at creating residency routines for your old COM appending virii.