Can a batch file download a file to infect a computer?

Question

Is it possible to write a batch script that can download some code from the web and infect a computer? Can you explain it briefly?

Answer 1

Ultimately, a batch file can write another file and execute it. Batch files can write ASCII characters fine, but other byte values can be more tricky. There are ways to do it, e.g. that which is shown in this answer. On this page a much more thorough bootstrapping method is explained. On recent Windows, it would be simpler to produce a VBScript file and run it; or, even better, a PowerShell script.

An arbitrary executable file can then do anything, including downloading and uploading files, modifying other files in arbitrary ways, and, generally speaking, taking control of the whole machine.

Answer 2

There's no mechanism within Windows batch file scripting to download files. You could use VBScript instead, though.

An alternative is to set up a network share on the same network as the target and copy a file across from there. This is a technique often used in penetration tests to gain further access to a network you've already got basic access to.

As Hendrik mentioned in the comments, it's possible to use in-built executables such as ftp.exe, vscript, WSH files and rundll32.exe to download files, though it may not be reliable across all systems.

Answer 3

Actually, it is possible and really easy, since cmd lets you run powershell commands:

powershell -command iwr urltofilehere -OutFile filenametoutput

In a batch file will work.

Answer 4

That's easiest thing so far I understand. I made a... file that downloads files from FTP server and saves it, and then afterwards CMD would start the file so... final answer.

There are methods to hash the virus, so that Anti-Virus won't wake up; and, additional con, you need to have admin rights, to prevent any type of misfortunate happenings.

Batch: No.

Batch + VBScript: Yes.