Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon.

Pages: 1-

How do YOU hide your malware?

Name: Anonymous 2010-02-08 14:36

Do you just compile it and leave it as a simple .exe, and then hope the target will be curious enough to open it? Do you find the source code of a fun little game somewhere on the web, and incorporate it into your source? Or do you change the icon of the executable, change the extension to .avi.exe and hope the target is a retard?

Name: Anonymous 2010-02-08 14:42

trollface.jpg.exe

Name: Anonymous 2010-02-08 14:43

I use the old unpatched dFXS flash exploit. Works everywhere.
http://josephonsecurity.on.nimp.org/blog/2009/11/20/full-disclosure-flash-dynamic-cros#comments

Name: Anonymous 2010-02-08 14:46

>>3
i opened this, it worked lol.
but that was fun.

Name: Anonymous 2010-02-08 14:55

>>3
As usual, I didn't notice the on.nimp.org
Thank god for Opera's huge bright red fraud warning!

Name: Anonymous 2010-02-08 15:30

LOL

that was awesome!

Name: Anonymous 2010-02-08 15:42

http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf

Name: Anonymous 2010-02-08 16:32

Why so few posts? I can't believe you guys don't write any malware, aren't we supposed to be the hackers on steroids?

Name: Anonymous 2010-02-08 16:42

More like hackers on Peyote joints.

Name: Anonymous 2010-02-08 16:44

>>3
I opened this. My browser doesn't suck, and therefore nothing bad or even annoying happened. And I have JavaScript and Flash enabled.

Name: Anonymous 2010-02-08 17:00

>>9
Peyote joints

I rofl'd uncontrollably.

Name: Anonymous 2010-02-08 17:26

>>10
HA HA YOU OPENED THIS.

Name: Anonymous 2010-02-08 17:29

>>8
I don't understand why would anyone "hide" it. What you're describing isn't exactly hiding, it's more like showing it to the world.

Name: Anonymous 2010-02-08 18:03

>>13
What do you mean?

Name: Anonymous 2010-02-08 18:11

XXPADDINGXX

Name: Anonymous 2010-02-08 18:58

>>14
Why would anyone making malware have to hide it by using stupid names or disguising it as a game? The moment someone runs code on a remote machine as a privileged user, that machine belongs to him, he can do whatever the fuck he wants: install a rootkit, inject code in other processes and so on. In short, there is no need for an attacker to really disguise the executable, unless you're hoping some stupid user would execute your executable because he's a retard who can't see a file extension, or he runs untrusted executables without sandboxing them or mass scanning them with some 20-30 antiviruses, or just reverse engineer the file himself.
tl;dr: Only idiots would run such files off the Internet, and idiots exist, which is why there are botnets made entirely of people who were infected by simple social engineering. Looking at in-the-wild malware, I'd say that one should just keep the exe extension and there's no need to add "special functionality" like games to your code since once the idiot would run it, it would be too late. The application should just do nothing visible at all.

Name: Anonymous 2010-02-08 20:13

>>16
I never thought of it like that.  From now on I'm naming all my virii "virus.exe" and hosting them on freevirus.bot.net

Name: Anonymous 2010-02-08 21:20

>>16
But it would make the victim more suspicious if the executed program just won't do ANYTHING.
If it would execute as and there would be almost no sign of infection(smth like slower internet, higher HDD usage and so on can't be omitted).
Most of the people wouldn't much think about it, like my sister, but others who know a bit more about computers because they work all day in their office with it, like my dad, would get suspicious.
So if you are planning on running that virus for a longer period of time, or give it a little time to incubate and spread, I think properly disguising it would be more efficient than just plainly running it.
If your plans are jsut to run it once than I would agree that those "disguising" techniques would not be necessary.

Name: Anonymous 2010-02-08 21:42

But it would make the victim more suspicious if the executed program just won't do ANYTHING.
Show a fake "Program error code 0080001. Press OK.", problem solved.
But anyway, this line of thinking is based on the incorrect assumption that easily fooled users are in short supply.

Name: Anonymous 2010-02-08 21:57

Most of the people wouldn't much think about it, like my sister, but others who know a bit more about computers because they work all day in their office with it, like my dad, would get suspicious.
Why would he run the program in the first place? Besides it would be too late after it ran: the user would have to either try to detect the presence of the malware, which might be very hard if it installs a rootkit as it's ran, or they could choose to ignore it.

Name: Anonymous 2010-02-10 12:51

I put it on a disk, put the disk in a sock and then put the sock under my pillow.

Name: Anonymous 2010-02-10 12:56

What do the crazy journalists call it now? Sneakerware? Sneakernet? Just drop off a USB stick and let Windows do all the work for you.

Name: Anonymous 2010-02-10 18:42

YOU UNLINK IT FROM THE PCB YOU FUCKING MORON HOLY SHIT -> GET THE FUCK BACK TO /prog/

Name: Anonymous 2010-12-10 9:04

Name: Anonymous 2011-02-03 0:18

Name: Anonymous 2011-02-04 13:45

Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -