1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Super Blackhat...#$@!

Discussion in 'BlackHat Lounge' started by xeninc, Jul 4, 2011.

  1. xeninc

    xeninc Newbie

    Joined:
    Apr 16, 2011
    Messages:
    20
    Likes Received:
    30
    So, I noticed some connections to foreign IP Addresses on port 80 on one of my PCs today.

    I knew exactly what it was...some software somewhere installed a proxy or something on it when I ran it.

    To my surprise I couldn't find a process, but then I found the Service, actually Two of them. Clever.

    I decided to investigate the windows firewall as well, and sure enough it planted itself about 8 open ports in the exceptions list. That's contradictory to your stealthy service move.

    I will not say the software, but it is a product being sold, all over the web, and it's essentially using your computer as a small Apache web server to send pingbacks & backlinks through.

    It's a good idea. I wouldn't do it myself, for fear of legal action & my own morals. But if you're ballsy, it's been done before. It is common practice amongst programmers to put backdoors into their software for their own private use, or plant easter eggs for their amusement & to also prove, if the need ever arises, that they were the original proprietor or perhaps that they can both make & break their creations.

    Whatever the reasoning, it's a low-down dirty trick if ya ask me and shame on any of you doing this to fellow hatters.

    Check your ports.

    Start > Run > CMD > netstat -n

    Good luck.

    -xen

    edit:
    its not the software that you should be looking for, check your SERVICES & your NETSTAT & your FIREWALL EXCEPTIONS
     
    • Thanks Thanks x 1
    Last edited: Jul 4, 2011
  2. madoctopus

    madoctopus Supreme Member

    Joined:
    Apr 4, 2010
    Messages:
    1,249
    Likes Received:
    3,498
    Occupation:
    Full time IM
    why don't u just say what program it is? also is it legit/original or cracked? thats important
     
  3. Alexfrance

    Alexfrance Regular Member

    Joined:
    Jul 26, 2010
    Messages:
    337
    Likes Received:
    73
    Occupation:
    Intel Pentium I 75 Mhz Processor
    Location:
    Somewhere in France, 20 km from Belgium
    also wanna which program it is? Is it AVG? or some other popular program?
     
  4. xeninc

    xeninc Newbie

    Joined:
    Apr 16, 2011
    Messages:
    20
    Likes Received:
    30
    i do not want to get banned, and not sure if whomever developed / distributes it is on this forum.

    i am simply trying to pass knowledge on to people so they are aware of these types of practices and they check for themselves, to make sure they are not being duped by anyone.

    as far as legit, cracked, paid for etc. - i couldn't tell you WHICH piece of software it came from, or if it was something i clicked on that installed the software. the computer that i discovered it on, is one i use exactly for this reason, to verify software & websites are legitimate before using them on my legitimate PCs. i've been marketing since the 90's & i know most software is made by some kid in his basement, and well, you can't trust anyone, especially kids who can program sophisticated software suites.

    what i discovered on my PC was an "SEO" software that i don't remember installing, or using, or downloading. upon searching i did find sales copy all over the web & the software has been well developed. i am lead to believe that it was some website utilizing a browser exploit (firefox) or that it was from some software i installed.

    considering all i've done since March when i set the PC up was read about SEO & test SEO software & whatnot...i figured i'd shoot over here and turn some people on to some knowledge about shady blackhat practices so they too can protect themselves...

    edit: i use AVG as the antivirus, and Malware Bytes. the soft in question is an SEO package for website optimization, search engine analysis, link managing, website managing, etc. It's something someone created to sell, and they have sales copy all over the web on many different domains. I am not going to point fingers, like I said. I am not here to "Police" anyone.
     
    Last edited: Jul 4, 2011
  5. angelas111

    angelas111 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 4, 2009
    Messages:
    1,570
    Likes Received:
    1,016
    Location:
    ohio
    here is what i got when i ran that command that you said. i am running senukex with 10 threads and clad genius and i have utorrent and about 5 firefox tabs open. is this normal?

    [​IMG]

    Uploaded with ImageShack.us
     
  6. scraper1

    scraper1 Regular Member

    Joined:
    May 28, 2011
    Messages:
    214
    Likes Received:
    207
    Location:
    Kontiki
    Home Page:
    Just cough the name. I hope you double checked before making such affirmations. Do you have a sniffer log to prove?
     
  7. xeninc

    xeninc Newbie

    Joined:
    Apr 16, 2011
    Messages:
    20
    Likes Received:
    30
    angelas111, its not really possible for me to tell you that without knowing a whole lot more information & frankly i just don't have the time to help you troubleshoot / double check.

    scraper1, why do i need to prove anything at all? i didn't point a finger because i don't want to answer questions like yours, or post screen shots, or get into a battle over who's right and who isn't. i don't care to see who's pissing stream shoots farther.

    this thread was intended for people that aren't aware of things like packet sniffing or trace route or header information or base64 encoding or backdoors or easter eggs. obviously if you know about things such as these don't need any of my help.

    the knowledge put forth was "be wary of the software that you think is working for you, because may also be working for someone else".