[ Batch Worm Generator History ] * version 5.03 - 16.02.2003 Fixed a little bug in the LNK-files dropping The most BWG 5.02 worms were detect, because LNK-dropping and the poly engine started the Crypt.BWG. Because of that I changed these two parts. No the Crypt.BWG don't starts, and the result is, that no worm is detect. :) A big problem was the poly-engine! every worm generated with polymorphism is detect, so i deleted it! But, this polimorphism was just silly! so it's no big problem! * version 5.02 - 12.12.2002 Killed the KAV heuristic alarm TYPE_BAT i you only choose Bat-infection Fixed a bug in the poly-generator: The program wrote "ead if" instate "end if" Fixed two bugs in the IRC-part And changed the set's, if you don't use poly. * version 5.01 - 29.09.2002 Killed I-Worm.BWG.f Killed Trojan.BAT.KillAV.h Worked 2 hours, because it was hard to kill the Crypt.BWG!! * version 5.00 - 22.09.2002 I tried to find and fix every bug, and it looks like I succed: One in the BAT-infetion ( the poly-variable was a number instead of a string ) One in the end of the code ( forgot the poly-string ) One in the JS-dropping Tree bugs because of the fuckin' SPACE after a set option Made JS-dropping random And the major change this version: The output is .txt not .bat anymore, because looking to the source is easier that before. I Hope, U will like it. * version 4.11 - 10.09.2002 Fixed a silly bug in AV-killing Added JS dropping * version 4.10 - 02.09.2002 KAV detect the BWG worms in the same way like version 4.08: Crypt.BWG Now the Crypt is really very good, because of that, it's not possible to kill the viruses. But don't worry, I was clever ;-)! I killed the Crypt.BWG! Hope, it is good! Now no virus is detect, because KAV don't include the set-OP! * version 4.09 - 13.08.2002 Killed I-Worm.BWG.d (KaZaA - REG dropping - VBS dropping - LNK dropping) Little changes in the REG dropping part * version 4.08 - 10.08.2002 Fixed a bug in the REG file dropping Fixed a bug in the mIRC spreading Killed I-Worm.BWG.a (win.ini - pIRCh) Killed I-Worm.BWG.c (eMail) Killed I-Worm.BWG.d (system.ini - registry key - eMail - vIRC - VBS dropping - PIF and LNK dropping with polymorphism) Killed I-Worm.BWG.f (polymorphism) Killed IRC-Worm.generic.bat (mIRC) Killed Trojan.BAT.KillAV.g (AV deleting with polymorphism) Killed Trojan.BAT.KillAV.h (AV deleting with polymorphism) OK, you'll ask "Why BWG worms were detect with so much viruses?". The answer is the "Crypt.BWG". KAV changed it, because of that all the BWG worms WERE detect. ;-) Thank you to Eugene and his team, it was really funny to rewrite my program +fg+ * version 4.07 - 09.08.2002 Added KAZAA spreading (Thanks 2 VorteX) ;-) Fixed a major bug is U choose polymorphism. Some small changes in the end of the worm codes. * version 4.06 - 08.08.2002 You can choose if the worm use polymorphism or not. Killed KAV alarm I-Worm.BWG.f Fixed Bugs: 1 in pIRCh 2 in REG dropping 2 in mIRC * version 4.05 - 18.07.2002 Add a new technique: Undeletable folder (seen in Trojan.NoDelDir) The worm makes a new folder in the WinDir with e special name. You are not able to delet this folder in Windows. The worm copies itself into this folder. If the registry key see, that the system is uninfect, it will start this copy of the worm. I think, it's a good technique ;-) * version 4.04 - 04.07.2002 Added Fake Lines at the beginning of the code, because I found out, that KAV only search in the first 1.000 Bytes! So you can include this 1.000 Bytes in the worm. * version 4.03 - 02.07.2002 Replaced the AV-Killing part to the beginnig of the code (VorteX's idea)!! Killed KAV alarm I-Worm.BWG.c Killed KAV alarm I-Worm.BWG.f Fixed a bug in the mIRC part * version 4.02 - 27.06.2002 Fixed 4 bugs in the AV-killing part, because I forgot the "~1" after "progra"! Changed many lines, because MS-DOS see a different between "" and " "?!? Killed I-Worm.BWG.f * version 4.01 - 22.06.2002 Fixed bugs: 11 bugs because I forgot the "% EEEE %" or "% DDDD %" or smth else 1 bug in mIRC 1 bug in the vbs-part: the Subject was everytime nothing ;-( Changed the file "poly.exe". Now the worms are harder to detect by AV's Heuristic! * version 4.00 - 21.06.2002 Fixed a bug, because of the randomness in the vbs-part: One in three the BWG wrote: Mail.attachmentss!! Delete the FakeLines, because of an "HardCore" bug! :-( The most important from this version: REAL POLYMORPHISM!!! Ever activation, the worm chance it's body. The secret is vbs-randomness! But I think, there are some bugs, so I'll search for them! * version 3.02 - 16.06.2002 Included a new Anti AV technique: Fake Lines! (seen in Duke's Advanced Batch Mutator v1.3) The ABM crpyted its batch virii in the same way as my BWG! * version 3.01 - 12.06.2002 Killed the suspection from Duke/SWF's BAT Checker 1.5 I think, BC 1.5 is the best BAT heuristic ever! Fixed a silly bug in the eMail routine! Fixed a bug in the vbs routine, because of the randomness! Made PIF dropping random! * version 2.09 - 06.06.2002 Killed Norton AV's virus BAT.BWG@mm ;-) Killed the KAV heuristic alarm Type_BAT, if only choose bat-infection! Made REG dropping random Made VBS dropping random Made LNK dropping random Fixed a bug in the INTERNET-UPDATE routine * version 2.08 - 02.06.2002 Added PIF file dropping! Added LNK file dropping! I tryed to add HTM(L) dropping, but my HTM files won't execute .bat files, or .vbs files! * version 2.07 - 31.05.2002 wow... KAV worked a lot... but i didn't sleep: Killed ~~> I-Worm.BWG ~~> I-Worm.BWG.c ~~> I-Worm.BWG.d ~~> IRC-Worm.generic.bat I added Fake set lines! Added VBS file dropping! Fixed a bug in the pIRCh Part! * version 2.06 - 24.05.2002 Fixed a bug in the part AV killing Fixed a small bug in the mIRC random! AV killing is more random Added Virc spreading! Added REG file dropping! Added some other AV programs... The worm will be saved as the "mail-file-name"! * version 2.05 - 22.05.2002 Fixed a bug in the Registry Entry, but now does it work! Killed the KAV virus "I-Worm.BWG.c" Killed the KAV virus "I-Worm.BWG.b" Killed the KAV virus "I-Worm.BWG" Killed the KAV virus "IRC-Worm.BWG" Killed the KAV virus "Trojan.BAT.KillAV.b" Found out the secret of "Crypt.BWG" I have to say, that WAS nice *bg* Nice english in the program --> Thanks 2 VorteX Added system.ini infection! * version 2.04 - 18.05.2002 Fixed bugs! KAV tried it again! ;-) I-Worm.BWG! But i found a new funny technique: I make every word random, not only every line! Now there are only some major lines generated with this technique! But I try to make the whole code with this technique!! ;-) * version 2.03 - 13.05.2002 Added Registry Key Fixed a bug: If you choosed any option, then the BWG will include this lines in the next worms, because the variable was even positive ;-) KAV don't detect any worm, even with heuristic! ;-) * version 2.02 - 05.05.2002 KAV tried it again ;-) They detected some Worms as I-Worm.BWG.b Now the mIRC part is random! Fixed some silly bugs! Made the mIRC spreading better! * version 2.01 - 28.04.2002 Fixed a silly bug in the EICAR-file KAV detected the win.ini part, the vbs-part and the pIRCH-part as I-Worm.BWG (before as I-Worm.BWG.10) Now it's not possible for them to detect any virus, because I've made all of them random! I think BWG will have a nice future!! ;-) * version 1.11 - 16.04.2002 Fixed bugs: two in the "all file infection" function one in the "Internet Update" function one in the ".bat file infection" function one in the "logic hard drive" function * version 1.10 - 14.04.2002 All filenames like hamlet.bat are polymorph now! Fixed two major bugs in the vbs-part! * version 1.09 - 13.04.2002 Added INTERNET UPDATE Killed the virus I-Worm.pics the file email.vbs is a little bit random I think, KAV is really confused, because they find BWG 1.07 as Constructor.DOS.I-Worm.Pics!?! AntiVir find some of my Constructors, but no BWG worms ;-) * version 1.08 - 11.04.2002 KAV have found the vbs-worms of the BWG as I-Worm.pics.b, so I made the vbs-part very random! Added EICAR includeing! * version 1.07 - 09.04.2002 Added WIN.INI dropping! You are able to kill AV programs and write a message! Added THANKS AND GREETS! Made Disk infection better (no Error if there is no Disk) Made the BAT infection better (not only current dir) Fixed one bug in Windows infection! * version 1.06 - 07.04.2002 Killed the virus IRC-Worm generic.bat! mIRC spreading is shorther and better than before! KAV is very silly, because it warns for the Constructor.BAT.BWG.104 if I make a new version (not infection), but it doesn't find any BWG virus *fg* * version 1.05 - 06.04.2002 You are able to choose the Attachment from mIRC and pIRCh! Tricked the KAV Batch heuristic!! yeahh... ;-) Killed the virus BAT.Silly.d! Fixed some bugs! * version 1.04 - 04.04.2002 Fixed some bugs! Added to choose infection of .BAT files I've tried to trick the heuristic of KAV, but I haven't success yet. But don't worry, I work at this! ;-) Now KAV find all my BWGs *fg* School is very hard (for me) and I won't be negativ in my first year, so I won't have as much time to make the BWG as now. * version 1.03 - 30.03.2002 Added english start up infection! Outlook-spreading: You are able to choose your self subject and body! Fixed some bugs! * version 1.02 - 26.03.2002 I added some different stings! So every worm is different, also if the same has been choosen. Kaspersky Anti Virus find BWG 0.01 as Constructor.BAT.BWG.001 ;-) Fortunately it doesn't find the worm, which was made with BWG!! * version 1.01 - 24.03.2002 I've fixed all bugs in this program!! Now the program get some funny technics! ;-) * version 0.05 - 22.03.2002 Add a new IRC spreading: pIRCh * version 0.04 - 21.03.2002 Add MS-Outlook spreading! Now BWG looks very nice!! * version 0.03 - 20.03.2002 Add mIRC spreading! Slowly BWG becomes be good!! ;-) * version 0.02 - 19.03.2002 No more bugs! Add activating with a logic disk * version 0.01 - 15.03.2002 Only Basic Construction! Some bugs Only disk and data file infection