conficker1994
Üyelik tarihi : 11/12/10 Nerden : internetten Mesajlar : 1 Aldığı Rep Sayısı : 10
| Konu: Ünlü Conficker'in Virüs Kodları Bakın Yapın Perş. 16 Ara. 2010, 20:48 | |
| Arkadaşlar bu virüs pclerde kendini durmadan kopyalar ve usb lere bulaşır solucan türevindedir yani ve şu özellikleri vardır : Kendilerini kopyalayabilen zararlı kodlardır. Bunu yapmak için bilgisayar ağından faydalanırlar. Virüslerin aksine, herhangi bir yazılıma veya uygulama dosyasına bağlanmazlar. Güvenlik açıklarından faydalanırlar ve işgale başlarlar. uh778Iuıg Gibi masa üstünde düzensiz isimli ve isimsiz dosyalar oluşturur. Onların asıl amacı, ağ bağlantısı ve pc zarar vermektir. Bant genişliğini daraltmak, kullandıkları yöntemin başındadır. 1Hafta geçtikten sonra otomatik pc'nin hal.dll'sini silip pc çökerttir. IP adresleri üzerinden de sık sık saldırıda bulunurlar ve başınızı belaya sokabilirler. Virüsler ve truva atlarına kıyasla, daha çook tehlikeli olarak nitelendirilirler. En tanınmış üyelerisi:Conficker'dir. İşte bu virüs'ü veriyorum size önce c++ derleyip çalıştırdığınız andan itibaren çoğalmaya başlar [Linkleri görebilmek için üye olun veya giriş yapın.]programı indirdikten sonra bu kodları yazıp derleyip istediğiniz pc çalıştırın kısa vürede tüm ağdaki pclere ve usb lere dağılacaktır hadi hayırlısı - Kod:
-
#include <stdio.h> #include <stdlib.h> #include <string.h> #include <stdint.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h>
typedef union { int16_t s16[8]; uint16_t u16[8]; int32_t s32[4]; } result_t;
typedef union { int64_t s64; int32_t s32[2]; uint32_t u32[2]; int16_t s16[4]; } var_t;
uint32_t portBlacklist[64] = { 0xffffffff, 0xffffffff, 0xf0f6bfbb, 0xbb5a5ff3, 0xf3977011, 0xeb67bfbf, 0x5f9bfac8, 0x34d88091, 0x1e2282df, 0x573402c4, 0xc0000084, 0x03000209, 0x01600002, 0x00005000, 0x801000c0, 0x00500040, 0x000000a1, 0x01000000, 0x01000000, 0x00022a20, 0x00000080, 0x04000000, 0x40020000, 0x88000000, 0x00000180, 0x00081000, 0x08801900, 0x00800b81, 0x00000280, 0x080002c0, 0x00a80000, 0x00008000, 0x00100040, 0x00100000, 0x00000000, 0x00000000, 0x10000008, 0x00000000, 0x00000000, 0x00000004, 0x00000002, 0x00000000, 0x00040000, 0x00000000, 0x00000000, 0x00000000, 0x00410000, 0x82000000, 0x00000000, 0x00000000, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000008, 0x80000000 };
#define IS_PORT_BLACKLISTED(x) (1 << ((x >> 5) & 0x1F)) & portBlacklist[x >> 10]
/* NB: the portgen() function below is endian-dependent, and reverse-engineered for a little-endian (e.g. x86, VAX, Alpha, etc.) machine. Changes will be required for the array offsets in the unions to run on a big-endian (e.g. most SPARC, Power(PC), MIPS, etc.) machine. Other than the endian issue, this implementaiton should be portable. */
int portgen(int ip, result_t *res, int week) { var_t v; int64_t KONST = 0x15A4E35; int i;
memset(res, 0, sizeof(result_t)); v.s32[0] = ~ip;
/* Generate fixed ports */ do { do { v.s64 = KONST * v.u32[0] + 1; res->s16[0] ^= v.s16[2];
for (i=1; i < 10; i++) { v.s64 = KONST * v.u32[0] + 1; res->s16[(i%2)*2] ^= v.s32[1] >> i; }
} while (IS_PORT_BLACKLISTED(res->s32[0]));
} while (IS_PORT_BLACKLISTED(res->s32[1]) || res->s32[0] == res->s32[1]);
v.s32[0] = week ^ v.s64;
/* Generate week-dependent ports */ do { do { v.s64 = KONST * v.u32[0] + 1; res->s16[4] ^= v.s16[2];
for (i=1; i < 10; i++) { v.s64 = KONST * v.u32[0] + 1; res->s16[(i%2)*2 + 4] ^= v.s32[1] >> i; }
} while (IS_PORT_BLACKLISTED(res->s32[2]));
} while (IS_PORT_BLACKLISTED(res->s32[3]) || res->s32[2] == res->s32[3] || res->s32[0] == res->s32[2] || res->s32[1] == res->s32[2] || res->s32[0] == res->s32[3] || res->s32[1] == res->s32[3]);
return v.s64; }
int main(int argc, char** argv) { int a1,a3; result_t res; int i, rc;
if (argc != 3) { printf("usage: conficker_ports <ip addr> <epoch week>\n"); exit(0); }
a1 = inet_addr(argv[1]); a3 = atoi(argv[2]);
rc=portgen(a1, &res, a3); printf("ports are TCP (fixed), UDP (fixed), TCP (week-dependent), UDP (week-dependent)\n");
for (i=0;i<8;i++) { if (res.u16[i]) printf("%d\t", res.u16[i]); } printf("\n"); return 0; }#include <stdio.h> #include <stdlib.h> #include <string.h> #include <stdint.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h>
typedef union { int16_t s16[8]; uint16_t u16[8]; int32_t s32[4]; } result_t;
typedef union { int64_t s64; int32_t s32[2]; uint32_t u32[2]; int16_t s16[4]; } var_t;
uint32_t portBlacklist[64] = { 0xffffffff, 0xffffffff, 0xf0f6bfbb, 0xbb5a5ff3, 0xf3977011, 0xeb67bfbf, 0x5f9bfac8, 0x34d88091, 0x1e2282df, 0x573402c4, 0xc0000084, 0x03000209, 0x01600002, 0x00005000, 0x801000c0, 0x00500040, 0x000000a1, 0x01000000, 0x01000000, 0x00022a20, 0x00000080, 0x04000000, 0x40020000, 0x88000000, 0x00000180, 0x00081000, 0x08801900, 0x00800b81, 0x00000280, 0x080002c0, 0x00a80000, 0x00008000, 0x00100040, 0x00100000, 0x00000000, 0x00000000, 0x10000008, 0x00000000, 0x00000000, 0x00000004, 0x00000002, 0x00000000, 0x00040000, 0x00000000, 0x00000000, 0x00000000, 0x00410000, 0x82000000, 0x00000000, 0x00000000, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000008, 0x80000000 };
#define IS_PORT_BLACKLISTED(x) (1 << ((x >> 5) & 0x1F)) & portBlacklist[x >> 10]
/* NB: the portgen() function below is endian-dependent, and reverse-engineered for a little-endian (e.g. x86, VAX, Alpha, etc.) machine. Changes will be required for the array offsets in the unions to run on a big-endian (e.g. most SPARC, Power(PC), MIPS, etc.) machine. Other than the endian issue, this implementaiton should be portable. */
int portgen(int ip, result_t *res, int week) { var_t v; int64_t KONST = 0x15A4E35; int i;
memset(res, 0, sizeof(result_t)); v.s32[0] = ~ip;
/* Generate fixed ports */ do { do { v.s64 = KONST * v.u32[0] + 1; res->s16[0] ^= v.s16[2];
for (i=1; i < 10; i++) { v.s64 = KONST * v.u32[0] + 1; res->s16[(i%2)*2] ^= v.s32[1] >> i; }
} while (IS_PORT_BLACKLISTED(res->s32[0]));
} while (IS_PORT_BLACKLISTED(res->s32[1]) || res->s32[0] == res->s32[1]);
v.s32[0] = week ^ v.s64;
/* Generate week-dependent ports */ do { do { v.s64 = KONST * v.u32[0] + 1; res->s16[4] ^= v.s16[2];
for (i=1; i < 10; i++) { v.s64 = KONST * v.u32[0] + 1; res->s16[(i%2)*2 + 4] ^= v.s32[1] >> i; }
} while (IS_PORT_BLACKLISTED(res->s32[2]));
} while (IS_PORT_BLACKLISTED(res->s32[3]) || res->s32[2] == res->s32[3] || res->s32[0] == res->s32[2] || res->s32[1] == res->s32[2] || res->s32[0] == res->s32[3] || res->s32[1] == res->s32[3]);
return v.s64; }
int main(int argc, char** argv) { int a1,a3; result_t res; int i, rc;
if (argc != 3) { printf("usage: conficker_ports <ip addr> <epoch week>\n"); exit(0); }
a1 = inet_addr(argv[1]); a3 = atoi(argv[2]);
rc=portgen(a1, &res, a3); printf("ports are TCP (fixed), UDP (fixed), TCP (week-dependent), UDP (week-dependent)\n");
for (i=0;i<8;i++) { if (res.u16[i]) printf("%d\t", res.u16[i]); } printf("\n"); return 0; }
Conficker_C_P2P_Scanner [-t ms waittime][-v (verbose)] <low-address> <high-address>
low|high-address - specifies the start and end address ranges to be scanned
ex: % Conficker_C_P2P_Scanner 192.168.7.0 192.168.99.255 will scan all addresses in subnets 192.168.[7-99]
v
ddffd++ddtypedef union { int16_t s16[8]; uint16_t u16[8]; int32_t s32[4]; } result_t;
typedef union { int64_t s64; int32_t s32[2]; uint32_t u32[2]; int16_t s16[4]; } var_t;
uint32_t portBlacklist[64] = { 0xffffffff, 0xffffffff, 0xf0f6bfbb, 0xbb5a5ff3, 0xf3977011, 0xeb67bfbf, 0x5f9bfac8, 0x34d88091, 0x1e2282df, 0x573402c4, 0xc0000084, 0x03000209, 0x01600002, 0x00005000, 0x801000c0, 0x00500040, 0x000000a1, 0x01000000, 0x01000000, 0x00022a20, 0x00000080, 0x04000000, 0x40020000, 0x88000000, 0x00000180, 0x00081000, 0x08801900, 0x00800b81, 0x00000280, 0x080002c0, 0x00a80000, 0x00008000, 0x00100040, 0x00100000, 0x00000000, 0x00000000, 0x10000008, 0x00000000, 0x00000000, 0x00000004, 0x00000002, 0x00000000, 0x00040000, 0x00000000, 0x00000000, 0x00000000, 0x00410000, 0x82000000, 0x00000000, 0x00000000, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000008, 0x80000000 };
#define IS_PORT_BLACKLISTED(x) (1 << ((x >> 5) & 0x1F)) & portBlacklist[x >> 10]
/* NB: the portgen() function below is endian-dependent, and reverse-engineered for a little-endian (e.g. x86, VAX, Alpha, etc.) machine. Changes will be required for the array offsets in the unions to run on a big-endian (e.g. most SPARC, Power(PC), MIPS, etc.) machine. Other than the endian issue, this implementaiton should be portable. */
int portgen(int ip, result_t *res, int week) { var_t v; int64_t KONST = 0x15A4E35; int i;
memset(res, 0, sizeof(result_t)); v.s32[0] = ~ip;
/* Generate fixed ports */ do { do { v.s64 = KONST * v.u32[0] + 1; res->s16[0] ^= v.s16[2];
for (i=1; i < 10; i++) { v.s64 = KONST * v.u32[0] + 1; res->s16[(i%2)*2] ^= v.s32[1] >> i; }
} while (IS_PORT_BLACKLISTED(res->s32[0]));
} while (IS_PORT_BLACKLISTED(res->s32[1]) || res->s32[0] == res->s32[1]);
v.s32[0] = week ^ v.s64;
/* Generate week-dependent ports */ do { do { v.s64 = KONST * v.u32[0] + 1; res->s16[4] ^= v.s16[2];
for (i=1; i < 10; i++) { v.s64 = KONST * v.u32[0] + 1; res->s16[(i%2)*2 + 4] ^= v.s32[1] >> i; }
} while (IS_PORT_BLACKLISTED(res->s32[2]));
} while (IS_PORT_BLACKLISTED(res->s32[3]) || res->s32[2] == res->s32[3] || res->s32[0] == res->s32[2] || res->s32[1] == res->s32[2] || res->s32[0] == res->s32[3] || res->s32[1] == res->s32[3]);
return v.s64; }
int main(int argc, char** argv) { int a1,a3; result_t res; int i, rc;
if (argc != 3) { printf("usage: conficker_ports <ip addr> <epoch week>\n"); exit(0); }
a1 = inet_addr(argv[1]); a3 = atoi(argv[2]);
rc=portgen(a1, &res, a3); printf("ports are TCP (fixed), UDP (fixed), TCP (week-dependent), UDP (week-dependent)\n");
for (i=0;i<8;i++) { if (res.u16[i]) printf("%d\t", res.u16[i]); } printf("\n"); return 0; } [Resimleri görebilmek için üye olun veya giriş yapın.] | |
|