Hey Frenzz...
...
An expert in computer security Blinky Hynek (Hynek Blinka) of the company AVG has told an interesting story of how he had to talk to the author of the virus in the process of debugging programs. Hynek said that this happened the first time in his career.It all began with what has got into the hands of Blinky unknown, but clearly a malicious program that spreads to the battle.net forums in Taiwan. Specialist immediately began to study the code. He launched a malicious program on a virtual machine and discovered that he was knocking on a remote server on TCP 80 and downloads the new files to be installed.
This is a simple downloader / backdoor, which is not interested researcher, because his goal was to find a keylogger for Diablo III - has recently had problems with the mass abduction accounts of players, so Blinky set the task of finding this keylogger and see how it works.
When the program is to connect to remote server and start downloading new modules, Hynek Blinky was dumbfounded: the screen suddenly appeared a chat window with the message (translated from Chinese):
- What are you doing? Why are you studying my trojan?
This dialogue was not part of a program that is installed on a virtual machine. The window was caused by the backdoor. Surprisingly, the author of the trojan at this point has been online and noticed that someone is digging in its program. Blink decided to maintain a conversation with him in order to extract more information. He behaved very arrogantly.
Blink: I did not know that you can see my screen.Hacker: I would like to see your face, and, sorry, I have no camera.
He spoke the truth, the backdoor was really a function of control webcams, as well as mouse control, broadcast screencast, etc. Furthermore it is classified based on AVG antivirus as a variant of BackDoor.Generic.
Hynek continued his conversation with Blinky hacker, pretending that he wanted to buy the program, but he stopped the session. The specialist said that it was a great experience, he and colleagues of many years of studying these viruses, but rarely come to chat with their authors.
P.S. Incidentally, a similar story happened ten years ago, when security expert Steve Gibson has carried out reverse engineering the trojan and used the password from him to enter into a closed chat room, then Steve Gibson and his site GRC.com zaddosili.
0 comments:
Post a Comment