X-Message-Index: 389 X-Message-Prev: 386 X-Message-Next: 388 X-Thread-Prev: 394 X-Thread-Next: 046 From: "Matt Crawford" To: phage X-To: phage@purdue.edu Subject: Still looking for complete virus code? Date: Fri, 04 Nov 88 03:02:42 CST X-Date: Fri 04:02:42 04/11/1988 EST In the interest of going home someday, I've refined the mail trap. Now I send trapped mail through the script below and invoke a further-modified copt of the initial virus to save all the files. I hope that by morning I will have obtained the complete "genome" of the virus. If anyone can speed the hunt by drawing the virus' attention to oddjob.uchicago.edu in some way, that might help. Good night, all. : This is a shar archive. Extract with sh, not csh. echo x - trapmail sed -e 's/^X//' > trapmail << '!xxENDITxx!' X#!/bin/sh XFILE=/ob/matt/TRAPMAILER XDIR=/ob/matt/progs/virus/trapdirs/dir$$ X/bin/mkdir $DIR Xcd $DIR X Xecho "" >> $FILE Xecho "=============" >> $FILE Xecho "args: $*" >> $FILE Xecho "body:" >> $FILE X/bin/tee -a $FILE | /bin/sed -n -e '/^cc/s/^[^;]*;[x0-9]* *\([0-9. ]*\);.*/\1/p' > +args+ X../../tapfiles `cat +args+` > +stdout+ 2> +stderr+ Xexit 0 !xxENDITxx! echo x - tapfiles.c sed -e 's/^X//' > tapfiles.c << '!xxENDITxx!' X#include X#include X#include X#include X Xmain(argc, argv) Xchar *argv[]; X{ X struct sockaddr_in sin; X int s, i, magic, nfiles, j, len, n; X FILE *fp; X char files[20][128]; X char buf[2048], *p; X X if(argc != 4) X exit(1); X X bzero(&sin, sizeof(sin)); X sin.sin_family = AF_INET; X sin.sin_addr.s_addr = inet_addr(argv[1]); X sin.sin_port = htons(atoi(argv[2])); X magic = htonl(atoi(argv[3])); X X s = socket(AF_INET, SOCK_STREAM, 0); X if(connect(s, &sin, sizeof(sin)) < 0){ X perror("l1 connect"); X exit(1); X } X X write(s, &magic, 4); X X nfiles = 0; X while(1){ X if(xread(s, &len, 4) != 4) X goto bad; X len = ntohl(len); X if(len == -1) X break; X X if(xread(s, &(files[nfiles][0]), 128) != 128) X goto bad; X X unlink(files[nfiles]); X fp = fopen(files[nfiles], "w"); X if(fp == 0) X goto bad; X nfiles++; X X while(len > 0){ X n = sizeof(buf); X if(n > len) X n = len; X n = read(s, buf, n); X if(n <= 0) X goto bad; X if(fwrite(buf, 1, n, fp) != n) X goto bad; X len -= n; X } X fclose(fp); X } X X fp = fopen("+shell-input+", "w"); X while ( (n = read(s, buf, sizeof buf)) >= 0 ) X fwrite(buf, 1, n, fp); X fclose(fp); X fprintf(stderr, "Done. n == %d\n", n); X exit(0); Xbad: X fprintf(stderr, "bad\n"); X exit(1); X} X Xstatic Xxread(fd, buf, n) Xchar *buf; X{ X int cc, n1; X X n1 = 0; X while(n1 < n){ X cc = read(fd, buf, n - n1); X if(cc <= 0) X return(cc); X buf += cc; X n1 += cc; X } X return(n1); X} !xxENDITxx!