Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Tuesday, May 30, 2006

Nasty Botnet Pr0n installer ahoy!

Here's a lovey little number I found in IRC - in fact, I obtained it while working on this Botnet deep-dive. Still, worse things happen at sea.

Anyway, let me get the usual safety-rant and ominous tones of doom thing out of the way first:

....never click links in IRC.....if it looks to good to be true, it probably is....general rant about ensuring safety is your first priority.....lame gag about ROFLcopters....

.....did I get them all?

Okay, cool.

On with the show....

...and what a show it is! First off, I get a PM from some loser in IRC - at this point, it's hard to tell if the other guy is a Bot or a live person, though I'd put money on this being automated. Anyway, click the link and you're taken to a website which demands you "download now, don't even think about it!!"

...is it just me, or is putting a warning up like that guaranteed to set off alarm bells in your brain that this might not be a good idea?

Sadly, no, because I happened to switch my brain off and download it anyway.

Running it presents me with the screenshot to the left, there (click to enlarge, etc).

It's not often I come across Botnet Trojans with a fully formed installer, but there's always a first time, right? And what a nice installer it is.

Ever so helpful, it asks you where you want to dump your program, how much space it'll take up, what colour pants you might want to put on today...but imagine my surprise (well, not really) when I clicked the "Finish" button and up popped a movie file so downright dirty that my eyes exploded and I felt an urge to write "BAN THIS SICK FILTH"-style letters to my local newspaper. In fact, the short movieclip was so over the top that all I could bear to paste in here from the film was this wonderful shot of a window:

Don't look at the window too long, or all your hair will fall out and you'll go blind.

Nice paint job they have, though.

Moving right along, you know this isn't the end of the story, yes? Because nobody is going to wrap a 200kb movie ripped from Hardcore Harry's House of Horrors in an installer without there being some kind of payoff.

And the payoff in this case is...have you guessed yet?....a Botnet!

Yep, numerous files are dumped on your PC that allow the bad guys to modify their commands on the fly and do various other nasty things if / when they feel like it. I'd have incuded a screenshot of the Botnet itself at this point, but there was nothing much going on and (frankly) would've been a waste of your bandwidth. This file seems to have been hosted elsewhere previously, so it's quite likely the Botnet itself is undergoing a similar overhaul.

The lesson here?

Always make sure you get your windows fitted by a reputable dealer. One time, we got this cowboy in and...hoo-boy!

posted by paperghost at 10:55 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.