VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Wrath-Rage - Worm for Windows by jalo

Worm for Windows

Show all viruses by this author


Download (690061 bytes) or browse online

Author's comments

I.Worm.Wrath-Rage is one of multiple worm that at this moment exits in the wild Internet. The damage that can make this worm is very little because the system of propagate is very simple and it difficultes the infection of new computers. On the other hand, the damage that the worm makes over the system, is minimium. In some dates, the worm actives the payload that will search files with extension ".mp3 , .part , .avi , etc" files, and fuck it with the intention of that couldn't be used anymore. Really, this fact, is part of payload, depends of the date, the worm, will show to user some msgs, or try to block the computer, reset..

A interesting characteristic of the worm is that can received "command-line" parameters. This parameters, determine the behavior of the worm. If no parameters given for example, the worm try to copy it in hard disk and write the registry with the end of startup the worm with Windows. Also tries to propagate with email system.

How work this shit?

Well, the basic funcionality of the worm was explained before.

In programm aspects, the worm uses functions of Win32 API in almost everything parts of the worm.

The worm, uses some algorithms not coded by me, concretely, base64 encoding and decoding. This algorithms were found in internet and molded to use in this worm.

One of the main characteristic is that the system used to compress the worm in Zip, is i think some inusual (miser). I put a char * buffer that contains the Base64 code of pkzip with the intention of encode it and create pkzip executable with the final intention of create a .zip archive that contains the worm executable.

To send it by email, it uses winsock to create sockets, the worm integrates a mini smtp client to send itself.

To obtains smtp servers with intention of propagate, the worms find in the registry smtp server, email address, and display name of outlook settings.

If worm dont find any smtp server to propagate, he tries to use the default smtp servers that i store in a array of the worm source. In this case, if dont have smtp servers, dont have email address, and dont have names to show. Then, the worm, generate a random number with the intention of obtain and random email address and name to show (how remitent).

The body email, subjets, and name of attachments are ever related. This options, are obtains from a random number also. If for example the body text are related with "sex", the subject will be related also with "sex", and the file attachment name, equal.

To obtain people to send via email, we use messenger api to obtain contact list from msn user.

For more information about this worm, see the source code.

NOTE: It's possible that some commentaries of the source code are in spanish, it is, because.. yeah!!! I'm spanish.

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka