We live in a do-it-yourself world. We’re encouraged to renovate our own homes, repair our own cars, publish our own newsletters, and more; all without the support of paid professionals.
It’s fair to say, that we are immersed in a DIY culture.
Not surprisingly then, if you want to create your own malware that will allow you to drop viruses, worms, adware, and Trojans on innocent people’s computers, you’ll find a thriving DIY culture on the Internet ready to help.
Regular readers of this site will remember “T2W – Trojan 2 Worm (Constructor/Wormer) – Script Kiddie Paradise”, and “Constructor/YTFakeCreator – A New Kiddie Script/Malware Downloader”, two previous articles that dealt with do-it-yourself malware creators.
One of the more recent so called Kiddie Scripts is BitTera.C. This application, which is driven by a point and click interface, makes it dead easy to construct hundreds of malicious codes, all without having to have any hacking skills, or programming knowledge.
Using this highly sophisticated do-it-yourself kit, there is no need for amateur cyber- crooks to be familiar with the intricacies of coding or programming. In the image below, you can see just how easy it is to create malware that can have devastating impact on a victim’s computer.
(Click pic for larger)
BitTera.C allows malware creators to customize features: type, effects, encryption, polymorphism, and so on.
Just some of the malicious actions this malware is capable of include:
Disabling the Registry, Task Manager, system recovery, security programs, firewall, and automatic system updates
Hiding the Start button, system clock, desktop icons, etc
Closing Internet Explorer every 10 seconds
Turning the computer off every 5 minutes
Formatting Hard Drives
In case you might think that this type of do-it-yourself malware creation kit is a new or an unusual phenomenon; it isn’t. Downloadable malicious programs, such as this, have been available for some time. Some well known examples include, WinNuke applications, Back Orifice, NetBus, Sub7, and ProRat.
These applications are so sophisticated that even advanced computer users computers, and business networks, have been successfully penetrated by amateur cyber-criminals using these malicious tools.
Curious as to why these kits are free and downloadable on the Internet? Well the accepted view is the “real” cyber-crooks create these free “services” in order to create a market for their pay services. Selling more sophisticated malware creation tools often customized to the user’s needs.
Regular readers of this Blog are very familiar with the following tips that offer a substantial level of protection against attacks created by malicious applications that are currently flooding the Internet.
Do not click on unsolicited invitations to download software of any kind.
Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.
Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.
Don’t open emails that come from untrusted sources.
Don’t run files that you receive via email without making sure of their origin.
Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a website designed to download malware onto your computer.
Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.
Never click on embedded cell phone links.
When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.
Keep your computer protected. Install a security solution and keep it up-to-date. For information on free security software and download links to that software read: “Need Free Security Programs? -10 of the Best”, on this site.
Bill Mullins' Weblog - Tech Thoughts 
Pingback: AWARD WINNING NOTICE « Tech–for Everyone
I’m looking at the choices (checkboxes) of options, and it has me pondering the psychology (um.. “mindset”) of the creator.
Some of these make a lot of sense.. they make removing the infection harder (if not impossible) — such as disabling System Restore, GPEdit, CMD+Run, etc.
But most of them are just spitefully annoying, and seem designed to just make the user (owner) not want to turn on their machine..
Open and close the CD tray?
Is the idea behind this.. “there’s too many people on the Web.. let’s get some of them off”???
And.. “format all drives” is just malicious.. it doesn’t benefit the attacker in any way. Why? (This is contrary to the intent behind most malware – theft.)
What would be an appropriate punishment for someone who thinks this is “kewl”?
It’s almost s if I’m looking at the work of an alien life form.. I just don’t ‘get it’.
I agree with your comment “But most of them are just spitefully annoying,
and seem designed to just make the user (owner) not want to turn on their
machine”
What a mess the Internet has become!!
The goal for any author or group who generates these tools is to have it adopted by as many users as possible. It is a form of marketing for many of the original developers who as Bill stated above charge for more advanced versions. Additionally Antivirus companies quickly create signatures for these tools, so a common for pay service provided by the authoring group is to create customized versions packed to circumvent antivirus detection. Money makes the world go round, and money is the prime motivation behind malware development. The days of the teenager looking for notoriety are long gone. Many more of these types of tools are available but are privately developed and distributed. Many underground sites that release privately developed tools face some pretty stiff retribution until the tools are removed, usually in the form of DDoS attacks. Basically a form of digital street justice.
Hey Blake,
Thank you for a great comment.
Your explanation has added another layer of information for readers; always
a good thing. Love the “Basically a form of digital street justice”.
Yeeees!!
BTW, thanks for this most recent link, and of course for all the previous
ping backs.
Bill
Anytime Bill, keep up the great writing, I always find your articles well written and very informative. It is my pleasure to direct our readers in your direction!
Blake
Pingback: Malware Tools for Newbie Cyber Criminals « Bill Mullins’ Weblog … | www.toolworld.ca
i’m thinking of job security Bill.
i could use the program you posted above and develop an evil virus, somehow load it onto my bosses computer, he complains, i come in and rescue the day in record time.
of course, if he got a real virus and called me in to save the day, i’d be screwed!
lol
Blake–
Thank you for that information. Building “brand loyalty” in the hacker underground… Business is business, and we know this is a big business.
Makes sense.
Sad. But a logical outgrowth.
I agree with Blake’s statement, “Money makes the world go round, and money is the prime motivation behind malware development.” I understand the pro cybercriminals that are “guns for hire” going after corporations, and even the disgruntled employees who have just been laid off attacking their former employers in retaliation or because of greed. Even the novice punk who does it for the thrill.
But what about the newer cyberterrorists who are politically motivated and well-funded by some shadowy group? IMHO, these guys pose more problems than just security, since they have the power to influence ideas.
Sure is more complicated than the old days of “War Games,” and tools like these make it easy to implement. Sirs, the game is afoot…
Safe surfing,
Deborah
Hey Deb,
Your points are well made; particularly the point on politically motivated
cyberterrorists. Typical computer users do well when they can lock down
their personal machines against the pervasive threats circulating on the
Internet. Since users are forced to take “personal’ responsibility for their
own safety, it’s not unreasonable then that Internet threats are seen as a
personal issue.
In a larger sense, your concern that politically motivated cyberterrorists
pose a threat, is an “unspoken”, “hidden”, and “shrouded” reality of the
Internet. Unfortunately, governments seem to view this reality through a fog
of confusion, and in a sense, most governments are in a state of denial on
this issue. Sort of like – after you Alfonse……
All of this despite recent examples of how the Internet can be used to
create, or modify, political philosophies. The recent Hamas/Israeli conflict
in which each party attacked the opponents web site, is just a small
sampling of what is yet to come.
Button up your overcoat and get your rain gear ready; it’s going to get
stormy!
Bill.
Pingback: Pages tagged "worm"
Back in the olde days before malware became what it is today, the script kiddies and other Netopaths ran rampant in the email and Usenet worlds. This was before the web really took off. And of course they dropped the occassional virus. This was also before the creation of _any_ of the tools we have today.
On the email side, they had free proggies like Avalanche which would create an email bomb and subsequent DoS for the recipient. (ISPs didn’t have many tools then either.) On the Usenet side various luzers had several tools created by a d00d named HipCrime. While many of the news (as in Usenet – not RSS) feeds are long gone or going, you can still do a search (i.e. google news) e.g. on JoWazzoo and/or Hipcrime and see some of the results of his and his tools exploits (Supercedes, Cancels, news-server ack bombs, RMGroup antics). At one point he alone was responsible for taking down all Net access to much of India.
Working as an Abuse person and email and usenet abuse fighter, I got into the head of HipCrime. Some of the above discussion brought back memories. Heh. He & I actually had a personal (obviously odd) relationship and conversed via email and other means. (pre-IM days) He was out to make $ and trash things and I was out to get him. (Neither me, others nor a 3 letter Warshintun DC org ever found him). (Hi Robert – send me and email some time :-))
People who write this stuff don’t think like you and I, they have a different sense of ethics. Buy note that the group that writes the software identified above is one group. Political cyber terrorists are a completely distinct group. The former for $ – the latter for a cause. There is very little cross-over.
To answer the ? why would these malware creation tools be distributed for free or for a small sum? Because the lower level workers need the upper level guys to handle things like converting credit card transactions into money. And the workers pay a hefty % for that. Nuff said. 🙂
ch33rs JoW
P.S. ? for the younger crowd – what was the pc type used by the young hacker in War Games?