------------>CreaTing Outlook Mail Account With Vb Scripts<-------------- Author:KaGra,for Brigada Ocho Group e-Zine#2 Ok folks,haven't U thought that a typical Outlook Worm can spread much further if users that haven't put an account in MS-Outlook (meaning they don't use Outlook,allthought they have it installed),had one?This article says the way to catch a mail account from Outlook Express if there is one,and put it in MS-Outlook if Outlook has not one.If there is not an account in Outlook Express,we can create one in MS-Outlook directly with a vbscript. All the trick resides in Windows Registry.By simply copying 10 registry values from one place (Outlook Express registry place) to another (MS-Outlook registry place) we can copy-paste a mail account.But where in registry do these values exist?The next ten lines shows where a typical MS-Outlook mail account (using both a POP3 and SMTP Server) resides. "HKCU\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts\00000001\Account Name" -------------->REG_SZ "HKCU\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts\00000001\Connection Type" ---------->REG_DWORD "HKCU\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts\00000001\POP3 Prompt for Password"--->REG_DWORD "HKCU\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts\00000001\POP3 Server"---------------->REG_SZ "HKCU\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts\00000001\POP3 Use Sicily"------------>REG_DWORD "HKCU\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts\00000001\POP3 User Name"------------->REG_SZ "HKCU\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts\00000001\SMTP Display Name"---------->REG_SZ "HKCU\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts\00000001\SMTP Email Address"--------->REG_SZ "HKCU\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts\00000001\SMTP Server" --------------->REG_SZ "HKCU\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts\00000001\POP3 Password2" ------------>REG_BINARY Let's explain a bit.The default key that contains all values of the account is : HKCU\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts\ The key "00000001" says how many times has a new mail account created.If we have create 11 accounts till now (either they exist or not) this value would have been "0000000b",witch is 11 in hexadecimal.So,if U want to read the sub-keys of this key,U have to make a loop in order to try and find it's value,because U won't be able to know if it is "00000033",or "00000011" ,or anything else (numbers here are rendomly chosen by me,it's an example).Just try to read from "00000001" and adding an "1" each time.The time there would be no error when reading,means that U fount it's valid value,and U can proceed reading the 10 magic values. The 10 values are similar in Outlook Express registry mail account entry,for a similar typical mail account (with POP3-SMTP server).The place to find those values is the following key: "HKCU\Software\Microsoft\Internet Account Manager\Accounts\00000001" Here also the "00000001" key means how many times has the user created a mail account in Outlook Express,and all things I've said for MS-Outlook are just the same for this occasion. Attention:Those things I've said occur when the mail account is a typical POP3-SMTP mail server account.If there is another type of account (let's say hotmail,where this is an only HTTP mail server account),U cannot copy the registry values from Outlook Express to MS-Outlook,simply because those values I give U do not match.But U can make experiments, meaning U can create an Http Account and watch the Main key,and see what other keys(except from those ten I give U) are created,and copy them,that refer to the HTTP account(or other type of account). So the trick is fairly simple:Check if one of the ten MS-Outlook refered registry values exists.If yes,means that there is already an account.In this case,just mass mail.But if there is not such a value (empty value) then check if there is in Outlook-Express registry mail account place.If there is,read all ten values and copy-paste them in MS-Outlook,and then mass mail with Outlook.If there is not any value in Outlook-Express,just add 10 values in MS-Outlook registry mail account place,with value keys predifined from an account U will have already create.But be careful to have checked this accoutn works just fine.This should be a typical POP3-SMTP mail account.Also becareful the binary password value U will create. The way U will make it is just create the accoutn in MS-OUtlook manually in your PC,read it's value and tranforme it to dec.Then U'll have to pass it as a hex again with your vbs code. Creating this value,doesn't make U capable to read the password,but U 'll see it appear with stars in the mail account,when opening manually MS-Outlook This way makes ALL people that do have MS-Outlook in their PC,victims of VB worms.But folks, don't forget the reality:In Windows XP,when a script tries to pass MS-Outlook in any way, pop's up a message that says that a program is trying to pass Outlook and asks permission. Unfortunatelly,this is not a patch,but the operating system.I've tried this with MS-Outlook 2000 and it really exixts.And don't fool ourselves:Outlook in XP is dead.Try to find new ways of spread,or improve the existing one's.I think this article succeeds the second one. With Respect to All Readers, KaGra 14/12/2002 Contact me at:roallercoaster2@hotmail.com