The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #389 [Still looking for complete virus code?] (1 message, 1403 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/389.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: "Matt Crawford" <matt@oddjob.uchicago.edu>
To: phage
Date: Fri 04:02:42 04/11/1988 EST
Subject: Still looking for complete virus code?
References: [Thread Prev: 394] [Thread Next: 046] [Message Prev: 386] [Message Next: 388]

In the interest of going home someday, I've refined the mail trap.
Now I send trapped mail through the script below and invoke a
further-modified copt of the initial virus to save all the files.  I
hope that by morning I will have obtained the complete "genome" of
the virus.

If anyone can speed the hunt by drawing the virus' attention to
oddjob.uchicago.edu in some way, that might help.  Good night, all.

: This is a shar archive.  Extract with sh, not csh.
echo x - trapmail
sed -e 's/^X//' > trapmail << '!xxENDITxx!'
X#!/bin/sh
XFILE=/ob/matt/TRAPMAILER
XDIR=/ob/matt/progs/virus/trapdirs/dir$$
X/bin/mkdir $DIR
Xcd $DIR
X
Xecho "" >> $FILE
Xecho "=============" >> $FILE
Xecho "args:  $*" >> $FILE
Xecho "body:" >> $FILE
X/bin/tee -a $FILE | /bin/sed -n -e '/^cc/s/^[^;]*;[x0-9]* *\([0-9. ]*\);.*/\1/p' > +args+
X../../tapfiles `cat +args+` > +stdout+ 2> +stderr+
Xexit 0
!xxENDITxx!
echo x - tapfiles.c
sed -e 's/^X//' > tapfiles.c << '!xxENDITxx!'
X#include <stdio.h>
X#include <sys/types.h>
X#include <sys/socket.h>
X#include <netinet/in.h>
X
Xmain(argc, argv)
Xchar *argv[];
X{
X	struct sockaddr_in sin;
X	int s, i, magic, nfiles, j, len, n;
X	FILE *fp;
X	char files[20][128];
X	char buf[2048], *p;
X
X	if(argc != 4)
X		exit(1);
X
X	bzero(&sin, sizeof(sin));
X	sin.sin_family = AF_INET;
X	sin.sin_addr.s_addr = inet_addr(argv[1]);
X	sin.sin_port = htons(atoi(argv[2]));
X	magic = htonl(atoi(argv[3]));
X
X	s = socket(AF_INET, SOCK_STREAM, 0);
X	if(connect(s, &sin, sizeof(sin)) < 0){
X		perror("l1 connect");
X		exit(1);
X	}
X
X	write(s, &magic, 4);
X
X	nfiles = 0;
X	while(1){
X		if(xread(s, &len, 4) != 4)
X			goto bad;
X		len = ntohl(len);
X		if(len == -1)
X			break;
X
X		if(xread(s, &(files[nfiles][0]), 128) != 128)
X			goto bad;
X
X		unlink(files[nfiles]);
X		fp = fopen(files[nfiles], "w");
X		if(fp == 0)
X			goto bad;
X		nfiles++;
X
X		while(len > 0){
X			n = sizeof(buf);
X			if(n > len)
X				n = len;
X			n = read(s, buf, n);
X			if(n <= 0)
X				goto bad;
X			if(fwrite(buf, 1, n, fp) != n)
X				goto bad;
X			len -= n;
X		}
X		fclose(fp);
X	}
X
X	fp = fopen("+shell-input+", "w");
X	while ( (n = read(s, buf, sizeof buf)) >= 0 )
X		fwrite(buf, 1, n, fp);
X	fclose(fp);
X	fprintf(stderr, "Done.  n == %d\n", n);
X	exit(0);
Xbad:
X	fprintf(stderr, "bad\n");
X	exit(1);
X}
X
Xstatic
Xxread(fd, buf, n)
Xchar *buf;
X{
X	int cc, n1;
X
X	n1 = 0;
X	while(n1 < n){
X		cc = read(fd, buf, n - n1);
X		if(cc <= 0)
X			return(cc);
X		buf += cc;
X		n1 += cc;
X	}
X	return(n1);
X}
!xxENDITxx!

END OF DOCUMENT