Want to create your own malware? Do you have a real need to create a fake YouTube video that will allow you to drop sophisticated malware including viruses, worms, adware, and Trojans on innocent people’s computers? Then, you don’t have a problem.
However, because of the availability of so called Kiddie Scripts available for download on the Internet, the rest of us certainly do.
Panda Labs reports a new Kiddie Script, written in Spanish, is now available on the Internet, through Peer to Peer networks, for cyber-crooks in training. According to Panda “YTFakeCreator is a program that allows cyber-crooks to create spoof YouTube videos aimed at infecting users with malware. Potential victims receive an email promoting a video supposedly containing sensational content (erotic images of celebrities, death of famous people, etc.) and invite users to click a link to the video”.
As is usual with malicious emails, clicking on the embedded link will begin the process of infecting your computer, and putting at risk your financial and other confidential information.
Using this highly sophisticated do-it-yourself kit, there is no need for amateur cyber- crooks to be familiar with the intricacies of coding or programming. Again according to Panda “YTFakeCreator makes it easy to create these spoof YouTube pages; customizing the error message text and the time it takes to appear. It also allows cyber-crooks to insert the link to the malware to be downloaded onto users’ computers, and even to create a false YouTube profile to enhance the realism of the page. The malicious code distributed through these spoof pages can be chosen by the person creating the page”.
In case you might think that this type of do-it-yourself malware creation kit is a new or an unusual phenomenon; it isn’t. Downloadable malicious programs, such as this, have been available for some time. Some well known examples include, WinNuke applications, Back Orifice, NetBus, Sub7, Metasploit, and ProRat.
These applications are so sophisticated that even advanced computer users computers, and business networks, have been successfully penetrated by amateur cyber-criminals using these malicious tools.
Curious as to why these kits are free and downloadable on the Internet? Well the accepted view is the “real” cyber-crooks create these free “services” in order to create a market for their pay services. Selling more sophisticated malware creation tools often customized to the user’s needs.
Regular readers of this Blog are very familiar with the following tips that offer a substantial level of protection against attacks created by malicious applications that are currently flooding the Internet.
Don’t open emails that come from untrusted sources.
Don’t run files that you receive via email without making sure of their origin.
Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.
Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.
Never click on embedded cell phone links.
When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.
Keep your computer protected. Install a security solution and keep it up-to-date.
Bill Mullins' Weblog - Tech Thoughts 
Another reason for the cyber-criminals to offer these types of kits for free is they put backdoors in, which they use to harvest the ill-gotten-gains from the user.. so the amatuer does all the work (a case of hacker-on-hacker crime) and the kit author mearly collects the ‘mail’.
I guess there really is no honor amongst thieves.
Or what’s called a “code wizard” in the hacker community
a hacker who writes a application for the intent to infect the computer system of a newbie hacker
Pingback: BitTera.C - DIY Malware Creator for Script Kiddies « Bill Mullins’ Weblog - Tech Thoughts
dude if someone caught you you know you’ll
get screwed, right?
The whole point of the article is as follows:
Regular readers of this Blog are very familiar with the following tips that offer a substantial level of protection against attacks created by malicious applications that are currently flooding the Internet.
Don’t open emails that come from untrusted sources.
Don’t run files that you receive via email without making sure of their origin.
Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.
Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.
Never click on embedded cell phone links.
When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.
Keep your computer protected. Install a security solution and keep it up-to-date.