Win32.Blaireau.A - Coded by Xylitol

French vocabulary is really rich and there’s one thing that the textbooks won’t teach you, though: the weird and wonderful language of French insults.
Those of you who abide religiously by the more classic style of French dictionary might want to listen up.
This insult can be all too easily misconstrued.
'Blaireau' may be French for badger and shaving brush but it is also equally used as “a##hole” or “plonker”.

This small virus named “Blaireau” is something very stupid who do stupid dammages, “only a blaireau would use it”.
Coded with MASM32, Blaireau have a multiple infection stages
The more critical part is probably the destruction of the MBR.
The MBR will be replaced by a small red message.
Basically this is just a simple hello world bootloader with red text and width of the screen less the length of the string, divided by 2 and height row/column to center screen the text.

A malicious VBS is also throw on the system, this VBS will add a startup registry persistance inside HKLM, a new key “Derrick” is created.
Derrick is a reference to an old German TV series well know in France under the name “Inspecteur Derrick”.
The series centers on a detective (Derrick) who solve murder cases in Munich and surroundings.
Overall the VBS will just display a message box “T Niké” another wonderful French insult who can be translated as “You're f#cked”
I've chosen intentionally to generate a VBS instead of simply using RegCreateKey/Message Box etc...
I've found that more informative/fun to do in this way, the payload is reversed etc... more API and tricks are used, just look at my code you'll see :)

As additional fun, the taskbar and explorer will be hidden, when everything is loaded the virus will launch his self-destruct procedure and initialise a system reboot.
The infection can be also reported to an online panel, let's says it's a touch of new school virus mixed with an old school bad joke/infection style.
I've added a bunch of OutputDebugString, like that you can follow what's happened.

Blaireau.A is designed to run on Windows XP, the output size is about 6Kb and can be plugged into a Teensy or any other similar device to fuck-up everything.
If you plan to do a malicious USB device i've added an Arduino code who can be put on your teensy.
Your compiled payload should be put inside the folder 'disk'
The file '.VolumeLabel' is just here to name your USB device.
For example, here is a malicious Teensy.

This malicious USB will act as a HID device, it will not count like other autorun shit.
Many computers aren't protected against this type of attacks, actually HID device represent a huge danger and especially for public system who have a USB port.
It's just 'Plug and fuck-up' no action, no mouse, no keyboard needed.
Imagine you want to withdraw some money and your local ATM have a black screen with typed “I am virus! Fuck you” wouldn't this be awesome ?
I'm kidding for the ATM part, I do not condone destruction of material, just the challenge.
But writing a virus targeting ATM system is something i would like to try a day, feel free to contact me if you have any documentation/software/or even a physical ATM that i can work on it.
I know that some virus already exist targeting those platforms but i want to do it from scratch, reversing a malware to rip the code is lame.