Aldi Bot – Build A Botnet For $15!

Psst – wanna build a Botnet – one that can launch a DDoS attack, steal passwords saved in Firefox, steal passwords for Pidgin, remotely execute any file, or use a victim’s computer as a proxy?

No big deal if you haven’t a clue when it comes to the intricacies of coding, or programming – doesn’t matter if you don’t have any hacking skills – if you’ve got just €10 (about $15) to spare, you can buy Aldi Bot …..

Screen shot published by the malware creator.

…. and, create your very own Botnet. Of course, you’ll need the underground forum addresses where this sly tool is available (no, you won’t get those here).

In an over the edge example of “let’s see how far I can push the envelope” – the kiddie script creator will provide hands on installation instruction for those who need it. According to researchers at GData, who discovered Aldi Bot –

“Chat logs, posted by the malware author, reveal that he actually provides personal assistance for the installation and implementation of the bots, even to malware rookies, so-called noobs, who do not have the slightest idea of how to work with the malicious tools. He even uses TeamViewer to make his customers happy and ready to attack.”

Aldi Bot in action.

In case you might think that this type of do-it-yourself malware creation kit is a new or an unusual phenomenon; it isn’t. Downloadable malicious programs, like this, have been available for some time. Examples of DIY malware kits we’ve covered here in the past, include –

Facebook Hacker

T2W – Trojan 2 Worm (Constructor/Wormer)

Constructor/YTFakeCreator

BitTera.C

I find it discouraging that wannabe cyber crooks, whose technical skills never got past the thumb-texting stage, have such ready access to such powerful malware creation tools. A rather sad reflection on the lack of resources available to the law enforcement community.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Malware Attacks – How Much Disclosure Are You Entitled To?

I’m an advocate of full disclosure. I demand transparency (not always successfully), in every area that has the potential to impact my life at any level. Period.

Since cyber crime has the potential to affect me at a fundamental level, I expect that every aspect of all security vulnerabilities will be released by those you have access to this information. I’d be surprised if you felt differently.

As a reputable Blogger, I’m regularly updated by many of the leading security developers on recently discovered or pending security issues, so that my readers can stay current with changing malware conditions.

In fact, the objective of my Tech Thoughts Daily Net News column, is to do just that – notify readers of a seemingly never ending list of new security issues, as quickly as possible.

From time to time though, a security issue needs to be explained more fully. As an example, last week, BitDefender let me know of a so called Kiddie Script – Facebook Hacker, which can be used by amateur cyber crooks to construct malware designed to steal login credentials.

Based on the available information, I wrote an article “BitDefender Says Facebook Hacker: A Do-It-Yourself Kiddie Script Is On The Loose!” Not the first time, I might add, that I’ve reported on the availability of Kiddie Scripts, and the impact such freely available hacking tools can have on unwary Internet users.

I was not alone in reporting on this issue. Other tech sites that reported on Facebook Hacker included; hackinthebox, softpedia, itbusinessedge and techworld. As well, scores of prominent tech news aggregators, linked back to BitDefender’s original Blog post on this issue.

Imagine my surprise then, when I received a series of emails from a security developer executive, who argued that BitDefender, and by extension, me, had broken some sort of hidden rule – that it’s better to keep computer users in the dark with respect to certain security threats.

I must admit, I was taken aback by the implication that by reporting on Facebook Hacker, I was now part of the malware problem, and not part of the solution.

I’m on the far side of 50, and I’ve been at this game a very long time, so an insinuation that suddenly I’m part of the malware problem, definitely provoked a slow burn. Nevertheless, I was prepared to let this go. But, a security developer who can’t allow an alternative opinion, suggests a deeper issue exists.

Keeping computer users in the dark, at least in this security developer’s opinion, is less harmful than letting computer users know what they’re really facing in their increasingly difficult battle to stay safe against cyber criminals.

The gist of his argument was this – BitDefender, and again by extension, me, by reporting on Facebook Hacker, had told “every dickhead in the world where to find it.” So, I should have kept you in the dark.

Conveniently, the fact that  a Google search on “Facebook Hacker”, returns 24,900,000 results was not mentioned.

Curiously, in one email the following observation was made –

Until a couple of days ago Facebook Hacker was a low key (almost unknown, in fact) problem because very few people knew it existed….

Thanks to recent publicity there are now 34 anti-malware programs detecting the original … up from 20 a couple of days ago … up from a mere handful a couple of months ago.

So, you’d think that would be the end of the argument – that reporting on this issue was the right thing to do, since more antimalware applications are now  detecting malware produced by this kit – but no.

There was a further point that had to be made. One which negated the value of shining the light on this security threat.

If the grubs stay true to form there will almost certainly be more “upgrades” in the pipeline, and unlike the original which had limited distribution, a relatively minor payload, and little chance of success because most people aren’t silly enough to run an unsolicited email attachment, some of those “upgrades” might hit the mainstream as undetectable autorunners carrying vicious payloads.

Irresponsible “disclosures” telling perps where to download live malware ALWAYS do more harm than good!

Two questions need to be answered here:

First: What’s the point in paying for antimalware software unless there’s an implied agreement that the security vendor will do all that is necessary to seek out, and identify harmful threats, and develop an appropriate defense against these threats?

In this particular instance, that doesn’t seem to have been the case. Why did it take “recent publicity” before additional antimalware programs began detecting this malware?

Second: Why would cyber criminals need me, or anyone else for that matter, to point them to malware creation tools? The fact is, the Internet is awash in hacker sites. Pointing out that fact, was part of the purpose in writing the article.

I’ll restate my view, as I expressed it, in replying to these emails –

Being aware of danger is a prerequisite to preparing a defense against the danger. No, I’m definitely on the other side of the fence on this one. I expect full disclosure and access to information, not only in this type of situation, but in all areas where the information is required for me to adequately assess an issue.

I have a problem with anyone who sets themselves up as a arbitrator of what’s in my best interest. I don’t think I’m alone in recognizing that withholding information is rarely, if ever, in the public interest.

Do you see the value in full disclosure? Do you agree that antimalware vendors have an obligation to release information on threats that potentially can impact your Internet safety?

Or, would you rather remain unaware of existing, or impending security threats, and just take your chances with remaining malware free?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

The Teenage Hacker – Fact Or Myth?

Do teenage hackers exist in any significant number? More to the point – do they constitute a threat to your security on the Internet?

Hard statistics are understandably difficult to come by. But, in a study released last year by Panda Security, which looked at the Internet habits of adolescents between 15 and 18 years olds, we may have seen a least a partial answer.

Some of the general statistics brought out by the survey included the following:

More than 50% of those surveyed between 15 and 18 years old, use the Internet daily

Average weekly On-line connection time 18.5 hours

On-line studying activity accounted for 32% of this time

The remaining time involved leisure activities, such as playing games online, watching videos, listening to music, chatting, etc.

These statistics seem real and not unexpected, based on my own experience. But additional statistics generated by the same survey, may be cause for concern.

Two thirds of the survey participants stated they had, at least once, attempted to hack a friend’s instant messaging, or social network account.

As an Internet Security Blogger, the following statistic though, was particularly concerning – According to Panda “17% of adolescent users claim to have advanced technical knowledge, and are able to find hacking tools on the Internet. Of these, 30% claim to have used them on at least one occasion. When asked why, 86% said that curiosity had led them to investigate these public tools”.

See today’s article – BitDefender Says Facebook Hacker: A Do-It-Yourself Kiddie Script Is On The Loose!

I can tell you, based on reader responses to a number of articles I have written on so called “Kiddie Scripts”, and the background research for those articles, the tools referred to by these young people are readily available on the Internet.

I suspect that the typical Internet user would be outraged to see how readily available these free, and in many cases sophisticated hacking tools, really are.

The final statistic from Panda’s survey that interested me was the following, spoken to by Luis Corrons, Technical Director of PandaLabs.

“Even though the percentage is very low, we still come across too many cases of adolescent cyber criminals, such as the recent high-profile case of the 17-year-old creator of worms for Twitter.

We estimate that just 0.5% of these are detected by the corresponding authorities. Those who are drawn into hacking out of curiosity may well end up discovering the financial potential of this activity, and becoming criminals themselves.”

So, is this type of teenage behavior a real threat, or just fanciful teenage thinking? I’ll leave it for you to decide.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

BitDefender Says Facebook Hacker: A Do-It-Yourself Kiddie Script Is On The Loose!

We live in a do-it-yourself world. We’re encouraged to renovate our own homes, repair our own cars, publish our own newsletters, and more; all without the support of paid professionals. It’s fair to say, that we are immersed in a DIY culture.

Not surprisingly then, if you want to create your own malware that will allow you to steal passwords, drop viruses, worms, adware, and Trojans, on innocent people’s computers, you’ll find a DIY culture on the Internet ready to help with a wealth of do-it-yourself malware kits.

The latest, so called Kiddie Script scourge, recently discovered by BitDefender, is Facebook Hacker – identified by BitDefender as Trojan.Generic.3576478.

Using this highly sophisticated do-it-yourself kit, there is no need for amateur cyber- crooks to be familiar with the intricacies of coding, or programming. In the image below, you can see just how easy it is to create malware that can have devastating impact on a victim’s computer. All of this without having to have any hacking skills, or programming knowledge.

According to BitDefender, Facebook Hacker is an application driven by a point and click interface, making it dead easy to construct malware designed to steal login credentials.

As the screen shot shows, there are only three fields that need completion – a disposable e-mail address, a password, and a target.

After clicking the “build” button, a server.exe file is created and deposited into the Facebook Hacker folder along with the initial files. This newly created malware (server.exe), is now ready to do its dirty work.

Here’s how BitDefender describes a Facebook Hacker attack:

Once run, the malicious tool will snatch the victim’s Facebook account credentials, along with all the usernames and passwords that we carelessly ask the browser to remember for us.

In order to successfully collect passwords, the malicious binary includes applications able to squeeze data out of the most popular browsers on the market, as well as of almost all instant messaging clients available.

To add insult to injury, the application also enumerates all dialup/VPN entries on the computer and displays their logon details: User Name, Password, and Domain.

To avoid detection, the Facebook Hacker will look for processes related to a security suite and kill them upon detection. It is important to mention that it is accessorized with a hard-coded list of processes associated with AV solutions that are to be checked and stopped, if found.

Last but not least, the piece of malware looks for network monitoring applications and terminates them. This is a safety measure that will prevent curious users from seeing their passwords leave the system.

In case you might think that this type of do-it-yourself malware creation kit is a new or an unusual phenomenon; it isn’t. Downloadable malicious programs, such as this, have been available for some time.

Some well known examples we’ve covered here in the past include, T2W – Trojan 2 Worm (Constructor/Wormer) – Script Kiddie Paradise, Constructor/YTFakeCreator – A New Kiddie Script/Malware Downloader, and BitTera.C – DIY Malware Creator for Script Kiddies.

These applications are so sophisticated, that even advanced computer users, and business networks, have been successfully penetrated by amateur cyber-criminals using these malicious tools.

Curious as to why these kits are free and downloadable on the Internet? Well, the accepted view is  – “real” cyber-crooks create these free “services” in order to create a market for their pay services – more sophisticated malware creation tools, often customized to the user’s needs.

Regular readers of this Blog are very familiar with the following tips, but they are worth repeating, which offer a substantial level of protection against attacks created by malicious applications that are currently flooding the Internet.

Do not click on unsolicited invitations to download software of any kind.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on that offers substantial protection against questionable or unsafe websites.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a website designed to download malware onto your computer.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

Never click on embedded cell phone links.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Keep your computer protected. Install a security solution and keep it up-to-date.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.