Vulnerability Development mailing list archives
FW: MSS-Virus-Report: [Priority 1, W2000/Kpmv]: KPMV Word 2000 Macro Virus -- New Macro Virus Released by Kalamar [of the "Virii Argentina Group"].
From: "Patrick R. Mullen" <prmullen () dreamscape com>
Date: Tue, 13 Feb 2001 16:33:57 -0500
MSS Virus Report: KPMV Word 2000 Macro Virus -- New Macro Virus Released by Kalamar [of the "Virii Argentina Group"] Date: February 12, 2001 Virus Report Priority: 1 [out of 1-3] Virus/Trojan Name: W2000/Kpmv [temporary name, for ID purposes ONLY] Sample Name: W2000.Kpmv.Poly.zip [SEE ALSO: "VX-by-Kalamar.zip"] Binary name: Kpmv.do0 Password: "java-sucks" Comments: From the author's DOC files: _______________________________________________________________________ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Kpmv.W2000.Poly By [K] - Virii Argentina - http://www.virii.com.ar February 2001 _______________________________________________________________________ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ All i'm gonan sy is that the poly engine is based in two of the Vicodines poly engines. The firs one is the "Vic's Advanced Macro Poly (VAMP)", and replace all varibles inside a macro with a new random string. It has a few changes that i've made to make it work with this macro and because it think that they were better. The second one is in the "VicodinES Class.Poppy Construction Kit" and is called "Enhaced Random Formulas". That this one does is add/replace lines adding random code, but the code isn't added as a comment, it is added as a comand. I.E.: a= s + q + f + r The variables are not used in the macro so what it does doen't make the macro had erros. This part has also been modyfied by me, ading some improbements. All the other part of the code is fully written by me, the infection is based a new infection method that i'm working in, but has some modyfications due to the poly stuf. _______________________________________________________________________ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Thsi macro is for educational purpose only, if you do something else, is all your fault. _______________________________________________________________________ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ [K] - Virii Argentina - http://www.virii.com.ar _______________________________________________________________________ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Attachment:
W2000.Kpmv.Poly.zip
Description:
Current thread:
- FW: MSS-Virus-Report: [Priority 1, W2000/Kpmv]: KPMV Word 2000 Macro Virus -- New Macro Virus Released by Kalamar [of the "Virii Argentina Group"]. Patrick R. Mullen (Feb 13)