readme.txt

蠕虫—绿色代码的源程序

*DISCLAIMER:
* The standard disclaimer applies to this code.
* This code is viral/worm- code and was designed for educational purposes only;
  use it at your own risk!
* The author of this code can't be held liable for any damages arising from
  the use or the modification of any files included in this package.
	(Feel free to do anything you want to do with it,
	but don't blame me, if this code leaves your box and hits some cisco routers.)

Included Files:

	AntiCodeRed.asm:
		The code of this asm file is included in CodeGreen_Variablen.INC

	ACR_Vars.INC:
		Include file for AntiCodeRed.asm

	CodeGreen.asm:
		The main file; see debug instructions for details.

	CodeGreen_Variablen.INC:
		Include file for CodeGreen.asm

	README.TXT:
		this file

what the initial code does:
A) sends one version to local iis (debug purposes)
B) starts randomly (?) searching for hosts with port 80 open
C) posts found IP to other threads
D) threads will scan IPs, increasing by one
E) every 30 seconds, main thread will post to propagation
	threads to start random scanning again

what CodeGreen does:
A) loads needed function via msvcrt.dll's import table
B) checks for local atom "CodeGreen"
	B1) will go to infinite wait loop if found
	B2) will set up CodeGreen atom if not found
C) sets up "CodeRedII" global atom; your iis should not get reinfected with CRII
D) renames existing explorer.exe in drive C:\ and D:\
E) writes new explorer to drive C:\ and D:\ [AntiCodeRed.asm]
	(this one will try to erase root.exe and mapping backdoors)
F) determines system language
G) builds download url and downloads patch
H) builds new copy of CodeGreen
I) starts 50 propagation threads (in preassembled version)
J) tries to apply the patch (works on german systems; only tested there)
K) propagation threads will try to find new systems

DEBUG INSTRUCTIONS:
	read CodeGreen.asm

please walk through the code first (labels should be self-explanatory),
in case you should have some questions.

greets: bdg, whale, droeschdowitsch, dschoggy, foley, trinki and STEVIE-ALTER.

... have to sleep,
Der HexXer.