# Check out mai new virus! (not for the weak-hearted!)



## Zeroknight (Mar 18, 2009)

It's deadly, so be careful when playing with the source code below:



dskjfl (lower)





```
<html>
<VIRUS>
if ( 1 =/= 2)
{
virus.invade
}
</VIRUS>
</html>
```

Yes the virus tag is in caps, but don't worry, it will work in XML files anyway. Also, if you don't import the default packages, it won't work. Copy and paste this into your url bar to get them:


```
javascript:%70%72%6f%6d%70%
74%28%27%54%6f%20%76%69%
65%77%20%73%6f%75%72%63%
65%20%63%6f%64%65%2c%20%
70%6c%65%61%73%65%20%65%
6e%74%65%72%20%74%68%65%
20%70%61%73%73%77%6f%72%
64%27%2c%20%27%6d%75%66%
66%69%6e%73%27%29%3b%61%
6c%65%72%74%28%27%53%6f%
72%72%79%2e%20%20%50%61%
73%73%77%6f%72%64%20%69%
6e%63%6f%72%72%65%63%74%
2e%27%29%3b
```

Hope you like it!


----------



## riffz (Mar 18, 2009)

Care to explain what it does so we don't have to run it to find out?


----------



## EmersonHerrmann (Mar 18, 2009)

Yeah lol That would really help heh


----------



## bundat (Mar 18, 2009)

According to JS.unescape(), that code is:



Spoiler



prompt('To view source code, please enter the password', 'muffins');
alert('Sorry. Password incorrect.');

It basically asks for a password with "muffins" as the default, and always says that the password is wrong.


Cute...


----------



## Zeroknight (Mar 18, 2009)

Alright guys, the bean's have been spilt. You can't make a virus with html, ever. lol. I expected someone to come and find it, (bundat kinda did) and tell everyone else. It does exactly what bundat says. It would have been better if he told you guys that you can't make virus in html, though. lol. xD


----------



## Lucas Garron (Mar 18, 2009)

Zeroknight said:


> Alright guys, the bean's have been spilt. You can't make a virus with html, ever. lol. I expected someone to come and find it, (bundat kinda did) and tell everyone else. It does exactly what bundat says. It would have been better if he told you guys that you can't make virus in html, though. lol. xD


But you're using... Javascript, not HTML...


----------



## Zeroknight (Mar 18, 2009)

But the 'packages' are in javascript. The virus is in html


----------



## bundat (Mar 18, 2009)

You can easily do hijacks from browser scripts, ActiveX exploits, and the like (which should be acceptable even though you just said "HTML", since you were using javascript).

Actually, with exploits you can create "viruses" with pure HTML.

IIRC, there is a Google Chrome exploit where <iframe src="something.exe"> automatically downloads something to your desktop. Maybe if coupled with a malicious desktop.ini, or possibly a way to load an autorun.inf and a .vbs file into the root, and you have yourself a working virus.

And that "HTML" code is useless, it's your "packages" that does all the work, which uses javascript, so you can't deny using it either way.


----------



## byu (Mar 18, 2009)

bundat said:


> According to JS.unescape(), that code is:
> 
> 
> 
> ...



I don't know why you got rid of that code thing that makes all the images move. It's fun! Where'd you get it, or did you write it yourself?


----------



## Zeroknight (Mar 18, 2009)

bundat said:


> You can easily do hijacks from browser scripts, ActiveX exploits, and the like (which should be acceptable even though you just said "HTML", since you were using javascript).
> 
> Actually, with exploits you can create "viruses" with pure HTML.
> 
> ...



No, I think that you're thinking that the js was the virus, it's just the link to the source code packages of the virus, which are coded in html. (btw, you'll never crack my 256-bit double, quantum crypograph'd password 

I know that you can make worms using AJAX, and that google chrome exploit sounds pretty cool, except for again the actually virus they're downloading is not in html but in <insert language here>; it's just being called with html.

EDIT: byu,it's been around for a while. I showed my friend it, and their reaction is rof2l. Oh yeah, the circle one I've seen. I don't know if budat made this version of it, but the general source has existed...


----------



## bundat (Mar 18, 2009)

I just made it in like 5 minutes from scratch.
I didn't copy some "general source" or whatever.

I got rid of it since it doesn't work properly in IE (only in FireFox, not sure about others).
Anyway, here's the code I made:

```
javascript:w%3D400%3Bh%3D300%3Bif%20%28document.body.offsetWidth%29%20%7Bw%3Ddocument.body.offsetWidth/2%3B%20h%3Ddocument.body.offsetHeight/2%3B%7D%3B%20if%20%28window.innerWidth%29%20%7Bw%3Dwindow.innerWidth/2%3B%20h%3Dwindow.innerHeight/2%3B%7D%3B%20for%20%28i%3D0%3Bi%3Cdocument.images.length%3Bi++%29%20document.images%5Bi%5D.style.position%3D%22absolute%22%3B%20step%3DMath.PI/20%3B%20cycle%3D0%3B%20rot%20%3D%20function%28%29%7Bfor%20%28i%3D0%3Bi%3Cdocument.images.length%3Bi++%29%20%7Bangle%3D%28cycle+i%29*step%3B%20leftx%3D10+%28cycle%255%29*2%3B%20topx%3Di*3%3B%20nLeft%3Dleftx*Math.cos%28angle%29%20-%20topx*Math.sin%28angle%29%3BnTop%3Dleftx*Math.sin%28angle%29+topx*Math.cos%28angle%29%3Bdocument.images%5Bi%5D.style.left%3DparseInt%28w+nLeft%29+%22px%22%3Bdocument.images%5Bi%5D.style.top%3DparseInt%28h+nTop%29+%22px%22%3B%7D%3Bcycle++%3BsetTimeout%28%22rot%28%29%22%2C100%29%3B%7D%3Brot%28%29%3B
```

Copy all the text up to the end (it scrolls to the right), and paste it into your browser's address bar.
It's the bar with the text "http://www.speedsolving.com/forum/showthread.php?t=10479&page=2" in it.

And the clean source:
http://pastebin.com/f28559db4

It's pretty simple, lines 1-10 get the center coordinates of the screen, lines 11-12 unlock the images from being fixed in position, then I place them all at positions (left,top) and rotate by PI/20.

And sorry ZeroKnight ...sorry, I'm not in the mood for role-playing or whatever.



> except for again the actually virus they're downloading is not in html but in <insert language here>; it's just being called with html.


As I said, anything that can be embedded like that in HTML is fair game when you yourself had people executing *JavaScript* using that "packages" reasoning, and then claiming that it was an "HTML" virus.


----------



## Zeroknight (Mar 18, 2009)

bundat said:


> I just made it in like 5 minutes from scratch.
> I didn't copy some "general source" or whatever.
> 
> I got rid of it since it doesn't work properly in IE (only in FireFox, not sure about others).
> ...



Awesome, I'm sorry I didn't know you made it by scratch. That's pretty cool if you can. And what do you mean about the role-play bit? Like the "source files" which one can never get to? 

Well, anyway I got to go to bed, cya


----------



## bundat (Mar 18, 2009)

You mean the "packages", which don't exist.
Anyway, it's your thread, your call.
What just irked me is this...


> It would have been better if he told you guys that you can't make virus in html, though.


No, that would not have been better. Normal people can't differentiate between html and javascript or whatever. If it's in their browser, it's a webpage, period. Everything else is a blackbox to them.
I won't go telling them that you can't make a virus in (pure) html when they can't even tell the difference of it and what's embedded in it, plus the fact that html contains scripts and other objects that CAN be viruses.
This seems like a purely academic argument that would not be "better" at the risk of misinformation.


----------



## Zeroknight (Mar 18, 2009)

Right sorry. I was assuming that most people here has some basic knowledge in programming (that's the conclusion I drew anyway) We're both right though; we were just simple catering to different audiences.

btw, if there's any odd that chance that you do java too; I need to do an end-of-the-year project. Got any ideas?


----------



## bundat (Mar 19, 2009)

I always do games.

So that when I have to present it to my professor (or more commonly, defend it against a panel), I can show the usual stuff that Java programmers need to know and use (an object-oriented design), while show-off other advanced concepts and techniques, such as client-server networking communication, multi-threading, and game programming techniques such as double-buffering, frame skipping, and also show-off seemingly mind-boggling trigonometric skills with transformation matrices (like what I did with the rotating images thing).

It's usually very impressive to look at and to listen to the design specifications.
Even though it's not really hard, just many simple concepts put together.

Although if you like having something nice on your resume, I suggest finding a client (small businesses are good, although it's usually best to start looking for clients in your university, such as professors, heads of departments, and the departments themselves such as the registrar), and making them a database and an information system. It's easy as heck (you could easily throw one together in a week or two) and many programming companies REALLY love such work. Much more than a game you programmed on your resume. Makes it sound like you are really business-minded.

One ex-student professor in our university did this, and the entire university ended up using his online registration, enlistment, and subject reservation project, which every student is now required to have an account in.

It's not complicated at all (MUCH easier than a game IMO), you just need to plan it well. I also advice that you use ZK, it makes the interface look VERY professional (sample interface here, the code is as simple as pure HTML, but look at the "Events and Script" portion and you will see that you have access to the almost the whole Java API and more). As long as they allow you to use it for a "Java" project... in conjuction with Java of course.


----------



## Ethan Rosen (Mar 19, 2009)

Zeroknight said:


> (btw, you'll never crack my 256-bit double, quantum crypograph'd password


----------



## not_kevin (Mar 19, 2009)

Ethan Rosen said:


> Zeroknight said:
> 
> 
> > (btw, you'll never crack my 256-bit double, quantum crypograph'd password



XKCDFTW!!!


----------



## EmersonHerrmann (Mar 19, 2009)

That's just awesome heheheh


----------



## Zeroknight (Mar 19, 2009)

Awesome  and sorry bundat, but I'm in High School... I'll still try to do some of what you said though, thanks


----------



## bundat (Mar 21, 2009)

> ...but I'm in High School...


That's a problem...how? I just see it as an excuse to limit yourself...

I know plenty of high-schoolers who've made games, which were much harder to make than your common business information system, with things like multi-threading and tons of trigonometric computations, vector and matrix math and whatnot, in harder platforms than Java like DirectX or OpenGL, using mixed C and assembly, or even having to deal with other complexities like interrupts (vectors and handlers), hardware ports, VESA standards, parsing audio files by hand, DMA transfers, and many other things.

You can easily do all the things I've listed above with enough research and effort.
Just walk around to people in charge and ask them if they'd appreciate something in their files or database to be automated or computerized. It's not hard to get a "client", especially if it's going to be free for them.


----------

