The Perfect Trojan Horse

Discussion in 'Security+' started by Tcat, Dec 8, 2005.

  1. Tcat

    Tcat Bit Poster

    15
    0
    28
    A Romanian mafia group put out a Social Engineering (domain 1.6?) a few months ago with an email from "Microsoft.com" It was so heartfelt. :twisted: It even had "Bill Gates" personally signing the email.

    The attachment is the runtime for the Perfect Keystroke Logger software. All my Security+ students agree this is the "best" software option available.

    The mafia hides this in System32 under the Timer folder. From there is goes several sub folders down and names the Perfect runtime win.exe.

    The beauity of this attack is a small ftp client they named winr.exe
    Every 15 minutes or so it does a FTP to the mafia's site.
    It then sends (if there is new data) 2 HTML files that Perfect created. One is web sites visited. The other is keystrokes (user name and password). Of course its sorta dumb so it also records the fact you typed google.com and searched for XYZ.

    Its a pretty awsome piece of work (from a tech standpoint).

    I have made a 4 min. 800x600 flash movie of this with a couple port monitors running.

    Please be advised that:

    1. the password revealed contains profanity. I warn this up front in the movie and put in a flash question to continue or not, just before the nasty word.

    2. it is just over 6MB. I have put it up at ftp://tcat.net in the folder Trojan Horse.

    3. This is NOT for broadcast. I am not paying for the bandwidth for public downloading.

    4. the movie is FREE to distribute. You do not need my permission, it is granted in the video clip.

    I am telling the folks here (only) to get it out like a virus of its own. Copy all five (5) files once and educate your users. It is preferred to have audio, but not required.

    If my traffic gets too out of hand, I will remove the movie. I am not sponsered by anyone. I am setting up deals for mirrors but it hasn't occured yet.

    It is my hope that your ""nobody would want me" users get that $200 in that part of the world is a lot of money and yes, they do want that $200.

    HTH
    Tcat
     
    Certifications: Cannot count.
    WIP: Creating new ETA-I certs.
  2. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    Thanks for that Tcat. The movie runs a bit too fast to be able to see exactly what you were doing but I got the gist and will watch it a few times.

    I am impressed 8)

    I must get into that port monitoring software, it looks excellent.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  3. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Great, thanks :thumbleft
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  4. Tcat

    Tcat Bit Poster

    15
    0
    28
    I have a challange with flash (the most universal format). The larger the file, the larger it need a machine to run it. That is why I have the slider bar to pause and replay. Open Ports is freeware. The other is commerical.

    I'll be making a larger movie in MOV (quicktime) but that will have to be CD.
     
    Certifications: Cannot count.
    WIP: Creating new ETA-I certs.

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.