SLAM.007: How to optimize your macro virus
HOW TO OPTIMIZE YOUR MACRO VIRII
Ok, this one may not be very long but I think it's effective enough to put it in here.
As with every sort of virus there is a rule that if something is smaller it will go faster. With macro virii it doesn't really matter how fast the virus works because when you work on a Pentium 166 with a load of memory you will not notice the virus is even active, but there are other reasons to make your virus smaller. For instance, If your virus is 10k big and it infects a journalists network, and all the journalists together will create 250 documents in a day I'm sure somebody will notice that in 10 days the harddisk space is increased with 25 megabyte, so if you can make your virus 9k big the lost harddisk space in 10 days is only 22,5 megabytes.
2,5 megabytes with just 1k decreasement.
I hope you get the point, now I will give you a couple things to decrease your virus length with.
Never put any comments in the actual virus, I mean, don't put any comments in the virus you will spread. If you put a virus in a magazine or something, it's better to put comments in it.
-----------------------------
Also, use as much strings as possible. I've tested it with a simple test:
Create an empty template, and create a macro in that template.
Now delete the Sub Main and End Sub commands and type a line like this:
'Welcome to the SLAM magazine issue 1, the Document X'
Then select the line and use copy and paste to copy the line for about 50 times. When that's done select all the 50 lines and use the edit-->copy command. Then save the template with the macro as 'Test1.dot'.
Then create a second empty template and also create a macro in that template and delete the Sub Main and End Sub commands. Then paste the 50 lines to the empty macro. After that use the find replace command
and type at find: Welcome to the SLAM magazine issue 1, the Document X
and type at replace: A$
Check to see if every line is changed in A$.
then type this at the top of the macro:
A$ = "Welcome to the SLAM magazine issue 1, the Document X"
And finally save the template as Test2.dot.
Now go to dos and check the length of both files. See any differences?
And don't use long labels, see the following example:
In stead of using this:
-----------------------------------------------------------
Sub Main
CheckNumber = 0
Check_CheckNumber:
If CheckNumber = 5 then goto CheckNumber_is_5 else goto Checknumber_is_not_5
CheckNumber_is_not_5:
CheckNumber = CheckNumber + 1
goto Check_Checknumber
CheckNumber_is_5:
MsgBox "CheckNumber is 5", "Finished"
End Main
-----------------------------------------------------------
You could use this:
-----------------------------------------------------------
Sub Main
C = 0
F:
If C = 5 then goto A else goto B
B:
C = C + 1
goto F
A:
MsgBox "CheckNumber is 5", "Finished"
End Main
-----------------------------------------------------------
You got it now? Ok, it won't make your virus more readable with it but it's smaller. And what the fuck do you care if some AV-pussy can't understand it :)
I think you can make up other things to decrease the size of your virus.
Be creative.....
--- Neophyte ---
