Generators of evil
Thursday, May 10, 2018
Do relentless hackers craft all these viruses every day
with their own hands? I'm just trying to assess the
magnitude of their work.
A question from an Anti-virus Times reader
Creating an operational malicious file requires skill, experience, and time. But today’s malefactors who lack those things are after easy money. This is how those who can't write malicious code themselves get involved in cybercrime.
Lately, along with the unprecedented increase in the number of malicious programs, we’ve observed the intellectual degradation of the programs’ makers. Nowadays, no special programming skills are required to write a malicious program—one merely needs to know how to boot up a system and understand simple phrases in English in order to use a Trojan generator.
Here is another anti-virus developer’s definition of a Trojan generator. We think it’s a satisfactory definition (except for certain terminological nuances such as the difference between viruses and Trojans and the fact that tools of this kind may occasionally produce peculiarly designed malicious samples).
A Trojan generator is a special program that enables unskilled users to design their own viruses, worms, or Trojans.
Of course, a Trojan generator is not a sentient being, and it doesn't create anything new—all the samples of malicious code incorporated into it have been put there by its creators. A user can only adjust some parameters or select the features they need from a list, nothing more. Thus, what’s output by such a generator usually contains the same code and can be detected using one malware signature.
Important! We strongly advise users against searching for and downloading malware toolkits—many sites distributing Trojan generators are blocked by Dr.Web for a reason.
Nonetheless, sometimes the outcome of someone using Trojan generators may be quite impressive. Take the Anna Kournikova worm, for example. According to Wikipedia, the worm was written by the Dutch programmer Jan de Wit on February 11, 2001. In fact, this is not quite so.
A twenty-year-old user calling himself OnTheFly claimed responsibility for crafting the Anna Kournikova worm. On February 14, he turned himself in to the police in the Dutch city of Leeuwarden. In his defence, OnTheFly wrote a somewhat interesting letter, claiming that he wasn't a hacker and possessed no programming skills whatsoever. He said he’d designed the worm in just a few minutes using the worm generator Alamar's Vbs Worms Creator, which he’d downloaded from the Internet.
Vbs Worms Creator was crafted by an Argentinian hacker who was going by the handle Alamar and living in a Buenos Aires suburb at that time. To create AnnaKournikova in Alamar's generator, the Dutch student only had to specify the worm's name, a distribution method, and the actions it was to perform on an infected computer.
And by the way:
The ILOVEYOU outbreak happened before AnnaKournikova was created. This worm also sent out emails using contact information from Microsoft Outlook. When ILOVEYOU was unleashed into the wild, Microsoft released a security patch to prevent the malware from using the address book and sending emails. But many corporate and home users failed to install the update.
Sixteen years have passed, and users are still neglecting to apply security updates as soon as they are released.
As the generator's name suggests, it produced malicious scripts. For example, AnnaKournikova didn't exist as an executable file—the code was executed using the Windows Scripting Host tool.
Why was it implemented that way? We’ve already mentioned in past issues that scripts can easily be modified and are much more difficult to detect.
It is sad that generator writers are so irresponsible. To them, it's just a business. For example, after the AnnaKournikova outbreak the generator's author came up with the following statement:
The Argentinian hacker Kalamar, the person behind VBS Worm Generator which came to fame after the outbreak of the Anna Kournikova worm, released a new version of the worm toolkit. The program's size is only 208 KB. It is available for download from several servers in Argentina. Like the previous version, VBS Worm Generator 2.0 is available completely free of charge, and thanks to its user-friendly interface and detailed help, it enables any inexperienced user to craft a worm of their own.
The second version also incorporates bug fixes and a number of new features. Now, along with VisualBasic scripts, it produces executable files and equips the resulting malware with more sophisticated evasion techniques.
Meanwhile, Kalamar himself claims that he created the program solely for educational purposes and says that those who use it must understand that the responsibility for the possible consequences of its usage rests solely on them, not on him.
The Anti-virus Times recommends
Trojan Development Kits (TDKs) can be employed to craft malware for mobile platforms. To generate a Trojan, a malefactor only needs to fill out a form by selecting required parameters from pre-defined lists.
Trojan Development Kits (TDKs) can be employed to craft malware for mobile platforms. To generate a Trojan, a malefactor only needs to fill out a form by selecting required parameters from pre-defined lists.
Sadly, no special skills are required to create ransomware for Android. Everything from the ransom demand message to the unlock key is customisable. Not a single line of code needs to be written. Once they’ve entered all the required information and adjusted the parameters, cybercrime rookies just need to press the Create button, after which they’ll be invited to subscribe to the service. The application lets users chat with the developer online and negotiate payment terms.
Trojan generators are substantially contributing to the ever-growing number of malware programs being produced across the globe. With these generators, even inexperienced virus makers are coming up with new malware samples more quickly than anti-viruses can be updated. The latter require new technologies to detect malicious programs before their virus databases are updated. Dr.Web Cloud, which acquires updates instantly, Dr.Web Preventive protection, and other special features, including those that detect malicious scripts, do just that.
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
Неуёмный Обыватель
01:53:24 2018-07-30
vasvet
06:35:06 2018-06-24
Wolf_78
19:17:17 2018-05-11
This kind of equipment obviously was used & could lead to a young mind going any # of path's as they get older & more experienced! That is just scary to think of from a Security position