1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Gotta laugh.

Discussion in 'BlackHat Lounge' started by JustUs, Nov 21, 2013.

  1. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    609
    Likes Received:
    451
    I have been installing Windows 8.1 in a virtual machine to see what can be done with it. I am on my sixth install. On each install I used an online activator. In each of those activators, there have been numerous pieces of malware, rootkits, and browser hijackers installed while failing to activate the install.

    This makes me wonder just how far some of you will go to make a buck. All of the malware redirected to ad engines and installed unwanted software. Don't people understand that this is one really good way of turning people off on the very software you are trying to make a buck off.

    The smart thing to do would be to give an option decline to install the malware (PUPs) and actually honor the decline and not surreptitiously install that malware. But then people are not smart.
     
  2. Nigel Farage

    Nigel Farage BANNED BANNED

    Joined:
    Feb 8, 2012
    Messages:
    563
    Likes Received:
    1,495
    That goes for the people attempting to activate the install, also. The best (worst) ones are the Operating Systems that WILL activate, and appear to have no malware installed at all, but after install they become part of a 'bot net. This is where all those "free proxies" come from.

    I toy with the idea of distributing what appears to be a good, working and hacked version of Windows via P2P. It's just a form of internet marketing, and it shouldn't be very difficult to make a cracked, enslaved version of an O/S appear to be legitimate and desired by a well-informed public.

    There's one I like in particular, but some Norwegian guy. His O/S installs with a whole bunch of nice, freeware apps already installed. Like WinAmp, WinRar, K-lite Codec Pack, etc... and he advertises it as being "tweaked" and a time saver. It's nice. He has a nice, cool desktop picture and the whole thing looks real nice. Thought about doing something like that, as I think my judgement on what's nice to have already installed is better than his, and use the distribution of the O/S as a means to create my own 'bot net.
     
    • Thanks Thanks x 1
  3. MafiaBoss

    MafiaBoss Elite Member

    Joined:
    May 5, 2012
    Messages:
    1,522
    Likes Received:
    1,031
    Occupation:
    Currently Un-Occupied
    Location:
    In granny's Basement
    Home Page:
    [​IMG]
     
  4. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    609
    Likes Received:
    451
    I have legitimate Windows 8, however, I like to play as well, especially when I am stuck in a programming problem and need time away. I have been thinking of tracking all the malware that many of the torrents place in the activators and post comments informing of just what is installed and the sha for each piece.

    On the upside, malwarebytes has a rootkit detector/remover in beta on their site. Malwarebytes needs to tweak it because it picked up legitimate programs that install hooks as a rootkit, which it is by design.

    As far as botnets, rotsa ruck.

    Once you install Classic Shell, Modern Mix, UXThemes with a decent theme and dump all the band width hogs, Win 8 is not that bad, but I do not think I would use it as my primary OS because it tattles too much and I have not had the time to determine how to shut the chatter off. Funny thing about WireShark and bridged network connections.
     
  5. Nigel Farage

    Nigel Farage BANNED BANNED

    Joined:
    Feb 8, 2012
    Messages:
    563
    Likes Received:
    1,495
    Great idea. Comprehensive list of why all the other O/S download options are bad, and why yours is good. Throw in a few "Malwarebytes says this O/S is INFECTED with the xyz123.sys trojan." with a few more "No it's not; that's a false positive." and the back & forth ought to mask any truthful reports of what really IS there.

    My understanding is that most AV's will not alert on software that has been voluntarily installed on a computer, say for example if you were to modify a freeware version of "SymantecPCAnywhere" so that it loads invisible, I doubt any scan would reveal it.

    You have the sense of where I'm going with the Classic Shell, etc... Sell the O/S as being a modified, "User Friendly" version, with special tweaks added for those that really hate the Win8 GUI but what the increase is speed, security and reliability of Win8. "I installed this for my mom after she couldn't use the brand-new laptop I bought her, and now she loves Windows 8. Says it's must faster than her Vista ever was! Thanks JustUsH4x04R! XOXOXOX!!
     
  6. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    609
    Likes Received:
    451
    I has been my experience that most AV and other malware detectors will alert on user installed programs in a full scan. If a person wanted to get around the detection, all they would have to do is insert a few NOP, JMP and garbage instructions in the header of the executable or dll to destroy the signature and throw off heuristic detection. Many programs check the Sha sum of the program during load though, so you might have to find that section of the code and either jump around it or otherwise defeat it. Not hard, but assembly language or psuedo assembly is beyond most people ad programmers today.

    Supporting your assertion on the other hand, my primary computer became infected with Search Conduit. I had to reinstall FF and Chrome. IE, I only had to change the landing page back to where I have it. I noticed that my mouse was lagging and that my modem was TXing when it should have been silent. So I booted malwarebytes and found out it was corrupted. I reinstalled the detector and ran it. It found three pieces of malware related to Search Conduit. My mouse was still lagging and the modem was still busy when it should not have been. As a result, I booted into safemode and ran malwarebytes again. This time malwarebytes found 106 pieces of malware all related to Search Conduit. Several pieces were found in the System32 and SysWOW64 directories where it should not have been able to install. Search Conduit used some pretty good cloaking technology. If this would not have worked, I would have removed the hard drives, booted from a pen drive and tested the drives with a USB adapter.

    While your idea may be a good one, as you can see, there are many methods of removing malware and rootkits that do not involve reinstalling the OS. OTH, installing an OS is a job that is beyond many users today and the use of good cloaking technology would evade most users.

    BTW, that key logger came from a drive by at a Russian site where I should have been using a VM but was not because VMWare can crash this computer (VMWare bios does not play nice with the bios on this computer) and VBox passes some things through to the host OS.
     
  7. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    That's why when I go into a rough neighborhood on the Internet or if I am downloading questionable software I use my Linux box.

    Frankly, installing malware to make a buck really sucks being a karma type marketer myself.
     
  8. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    609
    Likes Received:
    451
    Linux is almost as susceptible to malware as is Windows. The latest piece of malware for Linux is troubling. Tomcat (Apache server) has a vulnerability that allows pawning the server. Primarily this has been used to install bots for Ddos, but.... One of the more serious complaints that I have with Linux is that there are very few browsers that are compatible with G Webmaster tools. FF tries hard but they are lacking. Chrome tattles to Google, IE is not workable on Linux, Safari is not secure, and so on.
     
  9. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,646
    Likes Received:
    3,492
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Royserpa
    Home Page:
    LOL dude :)
    That was not funny man
     
  10. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Yeah right, the hackers go after the server editions of Linux because that is where the money is, desktop versions are targeted no where near as much as Windows. It's a simple numbers game.
     
  11. lotus121

    lotus121 Newbie

    Joined:
    Nov 21, 2013
    Messages:
    15
    Likes Received:
    3
    I completely agree, I hate all that spyware
     
  12. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    609
    Likes Received:
    451
    While I generally agree with you that it is a numbers game, I would like you to think about something. While not targeted as much as the Windows environment, many Linux users are not competent and also believe the hype that Linux is immune to virus, trojans, etc. and often fail to use stringent security methods. Often this hubris leads to something they may not like, or even be aware of, and may make them an easier target. Some distro's even come with spyware installed: https://fixubuntu.com/ . Think about how much Canonical contributes to the Debian line and how many people use Unity. There are many known vulnerabilities, not just Unity.
     
  13. Patel

    Patel Senior Member

    Joined:
    Mar 1, 2011
    Messages:
    1,116
    Likes Received:
    1,503
    Location:
    On the coast
    Use sandboxie when dealing with those types of files
     
  14. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    609
    Likes Received:
    451
    But that is part of the game -- allow the VM to become infected and see what it was infected with.

    VM's are a sandbox in themselves. However, some have learned how to pass through the VM and infect the host. This is true of all sandboxing software.
     
  15. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Are you really saying Linux users are as a whole are less competent than Windows users? MAC users? Puhlease, give people a little credit for taking the path less taken! Of course there are foolish users on every OS but the low hanging fruit for hackers, particularly those that buy kiddie scripts, is still Windows.
     
  16. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    609
    Likes Received:
    451
    Let's take what you have written for granted.

    When was the last time you recompiled a kernel to remove all the extraneous functions that do not apply to your particular hardware.

    Mac/OSX users? Generally they come in as less competent than many Windows users. Then they fail to show some mental exercise by buying an over hyped under performing poece of hardware to escape Windows and end up virtualizing or running bootcamp because many of the programs they want to use only run under Windows. Many of the Mac users do not even understand that you can dump OSX entirely and install Windows only if you run the drivers down. I maintain a few Apple computers. With common software such as Word, the OSX version is feature incomplete when compared to the Windows version. Some penetration tools will not compile under Mach 3 BSD (OSX). Then again there are some sharp Mac operators as well, but this is not the general class of users.

    If you want the general user, then most OSX users are less competent than Windows users, who are in turn less competent than the middle and up user of Linux. The most competent, excluding OSX, are the BSD users. Excluding BSD, most users of any OS are lost when it comes to the command line and rely on the GUI. This is some what like a guitar, ask most players to strum a "G" or an "E" chord and they can. Ask them to show every "E" or "G" note between the open notes and the twelfth fret and they are lost. Then you have those players that can actually touch each of the above notes, ask them to play an A minor blues scale and they are again lost, then you have the play that has mastered the instrument.

    Computer users are like the guitar players above. The general OSX and Windows user just wants the computer to work. And this is why many Linux users gravitate to Ubuntu. The medium to better Linux user wants to tinker. I myself just want to get work done, and will use the tool that will most effectively accomplish that job.
     
  17. papercut

    papercut Junior Member

    Joined:
    Feb 22, 2015
    Messages:
    135
    Likes Received:
    7
    It's the issues of pirating software; you'll never win.
     
  18. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,228
    Likes Received:
    8,692
    the issue with old threads is some ass will find a way to post a useless comment
    oh there you are .