Custom Trojan Creation Tool Sold Online

Finch writes "Net Security.org is reporting on the surprisingly sophisticated 'virus in a can' software called Pinch. Pinch is a tool sold on several online forums and designed to create Trojans. It allows attackers to specify the data that Trojans steal. One of the interface tabs, PWD, allows malicious users to select the type of password to be stolen by the Trojan: from email passwords to passwords kept by the system tools. It is possible to order the Trojan to encrypt this data when sending it, so that nobody else can read it. 'Pinch also lets users carry out other actions: turn infected computers into zombie computers, pack Trojans to make detection more difficult, and kill certain system processes, particularly those of security solutions.'"

Re:

[Victor Antolini]

This is news? There was a trojan generator, created in Brazil, by the name Senna Spy. It was created in 1999.

obligatory

[Anonymous Coward]

Yes, but does it run on Linux?

Re:

[phoenixwade]

Yes, but does it run on Linux?

Better yet, Is it cross platform?

That sounds like fun

[Anonymous Crowhead]

How much is it and where can I buy it? For, uh, research purposes.

well you're obviously not the intended market

[JeanBaptiste]

anyone who would use one of these would likely download a pirated version.

Re:well you're obviously not the intended market

[morari]

Which is, itself, a Trojan...

Re:well you're obviously not the intended market

[X0563511]

Please stand by as space-time folds in upon itself.

Re:

[TeknoHog]

Or as a Trojan unfolds upon my, you know.

Re:

[gasmasher]

No. I don't know :(

Re:

[Antique Geekmeister]

And provides its own virus protection from itself?

I've actually heard that proposed, to send out worms via common holes to go block those holes on unsuspecting victim's computers, as being more effective than making them download patches.

Re:

[Elite_Warrior]

is the call toll free ??

Re:That sounds like fun

[Electrum]

I know you're joking, but what sort of fool would trust the seller with their own CC#?

Why does the card holder care? Your liability is limited to $50 by law, or zero by many card issuers. Merchants are the ones who lose with fraud, not the card holders or the credit card companies. In fact, the card company profits from fraud by hitting the merchant with a charge back fee in addition to reversing the transaction.

Re:

[FreyarHunter]

Not if you are a member of Key Bank. Bounced check deposits (from a paycheck no less) are removed as a "chargeback" with their wonderful fees thrown at the employee, who isn't... a... merchant. Seems a fun way to screw over your underlings for christmas, yeh?

Re:

[Whiteox]

Hey does anyone know how to read Russian?

nothing special

[sub7]

they were distributing trojans like this in the 1990s... sub7 anyone? ;)

Re:nothing special

[KillerCow]

Or the venerable Virus Creation Laboratory [netlux.org], ala '92.

Re:

[dave562]

You beat me to it. VCL was a great starting point for learning how to write virii. It was the first thing that I thought of when I read saw the article. [nostalgia]Sometimes I miss the days of Digital Decay and the NuKE vs YAM flame wars.[/nostalgia]

Re:

[UncleTogie]

VCL... Didn't "Nowhereman" set that up?

Re:

[Corwn of Amber]

Virus Creation Lab did not work. Does this one work?

Re:

[Afecks]

I'm a trojan author so I'm getting a kick out of these replies...

No seriously, this is not a new idea. There was Senna Spy Trojan Generator [megasecurity.org] many years ago. However, unless the generator actually generates the source code so you can compile it, I would call it a highly customizable backdoor, nothing more.

Re:

[UncleTogie]

I'm a trojan author...

Pardon my asking, but isn't admitting to that rather like stuffing bloody meat down your shorts and swimming with sharks?

Re:

[Antique Geekmeister]

More like swimming with goldfish. Very, very few people actually have the willingness to jump through the awkward and painful hoops needed to act against crackers, especially to convict them. For every Kevin Mitnick who gets convicted, there are dozens and hundreds of far less aggressive and arrogant crackers who play in that world and just never draw that much attention.

Re:

[kdemetter]

I have a different theory : the more trojans and viruses get created , the more people will become security minded and install antivirus and firewalls .

So the people that write malware indirectly cause increased security.
So this is good news .

Re:

[Antique Geekmeister]

I see. And drunk driving leads to other people wearing seat belts and benefits their safety, right?

It's a very, very small silver lining on a very dark and expensive cloud that you're describing. The money wasted on expensive and system slowing virus software of limited usefulness could easily go to a backup system and the professional time to administer it, if the onslaught of malware weren't so amazingly aggressive and pervasive. It's especially bad in "public" networks, such as your average Starbucks wi-

Re:

[Afecks]

I said trojan author, not user but yes the typical attitude aimed at malware authors is very damning. Being on "the list" isn't very fun either. Especially when nobody believes that you would write a backdoor but not use it or want people to use it in a nefarious manner.

You can draw many parallels between the gun control issue and malware. You don't blame the gun manufacturers for every gun related death do you? Well maybe you do but that's a moral question not a legal one (yet). However, removing all malwa

Re:

[UncleTogie]

You can draw many parallels between the gun control issue and malware. You don't blame the gun manufacturers for every gun related death do you?

No, but firearms have a lawful purpose: to defend your homestead. Malware, other than a learning exercise, has no lawful purpose.

Re:

[Antique Geekmeister]

Well, I will admit that a worm can have a lawful purpose: to survey a corporate network for vulnerabilities and report back to owners of the network which machines are vulnerable. I've certainly broken into user accounts simply to demonstrate that their password practices and software configurations were unsound. By casting all such tools as malware, you're in danger of alienating people who do, in fact, simply poke around.

The difference is well illustrated by the infamous Robert Morris worm case. It was wr

Re:

[Afecks]

Malware, other than a learning exercise, has no lawful purpose.

Well you just named 1 pretty big exception in the middle of your rule. I can name others.

Key loggers and traffic loggers are used by many parents to monitor their kids' activities and employers to monitor their employees.

Tools like Sub7 and Optix Pro can be considered merely unpolished, insecure versions of VNC, RemoteAnywhere, etc.

Rootkit-like behavior such as API hooks is used by Firewall and Anti-cheating software such as GameGuard.

Worms and viruses though don't have much of a use other t

Nothing New

[KermodeBear]

There is nothing new here.

I remember back in my script kiddie days I was able to download programs that would put together a trojan or virus together from the various options the user selected. Press a button and viola! It generated an executable. This was ten years ago.

What's so new here? That fact that someone is commercializing it?

Well, good. If you have to shell out cash at least it will keep my 16 year old self from downloading it and causing annoyances.

Re:

[geekoid]

Because no one would ever, never, ever put a free copy online somewhere?

Only 10 years? How about 1992?

[khasim]

http://vx.netlux.org/vx.php?id=tv03 [netlux.org]
I still remember the password was chiba city.

Re:

[drspliff]

Oh the days :)

"Mum, look I created my first virus"

They bearly worked and I understood nothing about the internals, but VCL is definately a prime example that this has been done many times before and is nothing new.

Re:

[dbrecht]

Sub 7 Defcon I think it was advertised as a free tool to remotely control a computer. But it also allowed you to have the remote computer send an email or ICQ message whenever it was online with its current IP address. Then you could connect to it and do a variety of things: Delete/Move/Upload/Download Files Print things Run any programs Change system settings Open/Close Optical Drives Or so I heard...

Re:Nothing New

[Anonymous Coward]

Yeah, Sub7 was great. I thought the most entertaining feature was being able to quickly and easily set the user's desktop wallpaper image. It didn't take long to sniff just enough of the Sub7 protocol to be able to develop a tool that would a) scan huge swath of netspace for Sub7 b) login c) download a .jpg d) set wallpaper. A lot of people back in the late 90s woke up to find that overnight, their wallpaper had changed to a photo involving a cucumber and a very hairy receptacle.

Being able to pop custom modals was pretty fun, too. "ERROR: Insert penis into CD-ROM drive to continue operation! [OK]," followed by the CD tray immediately ejecting itself, probably freaked a few people out.

Oh, to be young again, those were the days...!

Re:

[Rideak]

oh man, what about looking at people on their webcam and using the text to speech tool to speak to them over their speakers. ahh the day's of windows 98.

Re:

[misleb]

Ahh, Virus Creation Lab. What memories. Brings me back to the days when viruses were pleasure, not business.

Re:

[nurb432]

Yes, the fact its now a "business" is what is ( sort of ) new here.

It also makes it all that more irritating and pathetic.

Difference between Good and Evil

[HomelessInLaJolla]

I had to modify the following post to take any direct references as I have no way of knowing if you, personally, actually made use of your exploits outside of your own private testing environment...

I guess that's the difference between real tao programmers and script kiddies.

I _could_ have engaged in the same things that script kiddies did, exploiting other people for personal amusement and/or gain, but made a conscious decision not to. I saw the links, I looked at the downloads, the ftp sites, and the web

Re:

[HomelessInLaJolla]

You haven't even asked for my resume, nor have you asked about my skills and experience, nor have you asked what I'm qualified to do, nor have you offered me a list of your available openings. All you want to do is rant. Tech companies can spend nearly a hundred thousand dollars bringing an H1-B applicant online but they can't give me a little boost out of this situation? Sounds like a fishbowl.

You qualify for the standard response...

Thank you for visiting Slashdot, yet again, to post a followup to my wr

I'm not scared...

[rob1980]

If anybody tries to install a trojan on my computer, I'll hit them back.

With Winnuke95.

Re:

[dave562]

I will see your Winnuke95 and raise you a Goldbug.

Re:

[Adambomb]

And a pepsi... .c

Re:

[Riceo]

I wrote the DaVinci Worm and totally hacked the Gibson.

Re:Scary stuff to be sure

[realmolo]

Eh. Trojans/rootkits/viruses built form these "kits" tend to all be very similar. Essentially, if you defend against one, you're defended against all the others.

Never mind the fact that it's a fucking KIT. If YOU can download it, so can the anti-virus people in order to figure out how to detect viruses made with it.

The interesting thing about modern viruses/trojans/whatever is that very few of them are really *viruses* anymore. They rely almost completely on simply getting a user to manually run (or at least give permission to the system to run) an obfuscated executable. It's sad that the technique is so successful.

After all those

[rrohbeck]

"1NCRE@SE Y0UR PEN1S S1ZE 25% 1N 2 WEEKS!" programs I definitely need custom Trojans.

Re:

[Jherek Carnelian]

1NCRE@SE Y0UR PEN1S S1ZE 25% 1N 2 WEEKS!" programs I definitely need custom Trojans.

Ah, that is unless you've followed the instructions from this oldie but goodie:

--

Follow these instructions EXACTLY, and in 3 to 6 weeks you will have received well over 50,000 inches of penis, all yours. This program has remained successful because of the inadequacy and vanity of the participants. Please continue its success by carefully adhering to the instructions.

Welcome to the world of Mail Order Penis Enlargement! This little business is a little different than most cosmetic surgery. Your product is n

"Do-It-Yourself Trojans"

[Fedorpheux]

A great slogan for this program, but I bet our latex buddies have an entirely different interpretation of that...

Re:

[Penguinshit]

"Don't go off unsafe; be cock-sure! Come prepared with Trojan Condoms!"

Aww yeah! Custom Trojan Creation Tool! Giggety!

[Greyfox]

I'm going to design mine with the ribs on the inside! For my pleasure! Aww yeah!

What I wonder...

[misleb]

I wonder who actually pays for these tools? Seems like such a tool would be freely downloadable after teh first purchase. I mean, it isn't like the author is going to try to sue you or anything (though maybe he'll DDoS your download site). It would be like a drug dealer calling the cops because someone stole his supply.

-matthew

Yeah, and no drug dealer would do that...

[benhocking]

Oh, wait... [cjonline.com] ;)

The price of the server is peanuts.

[symbolset]

It's the per client licenses that kill your budget.

I'd like to see the EULA

[NotQuiteReal]

Does anyone have a copy of the EULA for that software?

Re:

[CautionaryX]

EULA

By agreeing to the purchase and install of Trojan-o-Matic, hereby called the 'Software', you agree to host 'x' amount of porn or phishing sites. The amount is determined by the Software according to its use and the creator of the software. At any time, you submit your computer to be a host server for the Software Creator's Nigerian email server. That is all.... oh, and your bank account is empty.

Re:

[Havenwar]

EULA, Pinch, 2.60
I reserve the right to go ballistic on your ass if you rip me off. (But feel free to redistribute if you include your custom trojan in the file.)

EULA - most other software
[four to six pages of nonsense much of it in all caps, mainly stating the exact same as above with the exclusion of the parenthesis but adding a page or two basically saying "I can also castrate you with a dull wooden spoon if you do something I would rather you pay me extra to get done."]

Torrent?

[nurb432]

How long before someone pirates it and gives it away for free?

THAT would "show them".

Re:Torrent?

[Havenwar]

Oh, actually a search for "pinch" on emule turns up quite a plethora of results... although once you've sorted out the porn and downloaded a few exe files (yes I know, for most geeks this is the exact reverse of the normal process), for some odd reason antivirus warnings start to pop up... apparently two out of three pinch downloads was infected with "Win32/PSW.LdPinch.P4 trojan" and the third with some other crap that I forgot to write down.

You can almost see the scriptkiddies sitting there with their brand new trojan going... "hmm, now if only I had some program to trick people into downloading... something I could merge my trojan with to start off my botfarm. Something I could put on fasttrack, and maybe emule... something idiots would download and run even if their antivirus goes off. Hey wait a minute, I'm an idiot and I just ran pinch even though 'norton' told me it was bad for me!"

Re:Torrent?

[PCM2]

apparently two out of three pinch downloads was infected with "Win32/PSW.LdPinch.P4 trojan"

Did you stop to think that maybe the construction set was identified as a Trojan because it ... you know ... contained the code for a Trojan? As in ... if it tripped your antivirus then you probably had the right one.

Re:

[EVil Lawyer]

He did consider that. His point was that precisely because of what you're saying, people will run a file that's supposed to be Pinch, even if they see a virus warning. Therefore, it would make sense for people who want to create a botfarm to make a virus with Pinch, and then throw it up as a torrent and say it IS pinch. Get it?

Re:

[Havenwar]

Well, yes. Hence why I found it amusing that only two out of three downloads (of exactly the same files according to filename and versions and all... except filesize) warned about that particular trojan, which could logically be an indication of it containing the code it will later use. The third occasion warned for another trojan, which means that either that was the correct one, or it was infected with another trojan. Of course they were all infected, as was blatantly obvious hours later when I sandboxed

Re:

[nacturation]

Here's a handy search tip: let's say you want to look for the movie Harry Potter in Shareaza. Reverse the word order so you search for Potter Harry, apply the filter -"Potter Harry" and you'll get the results you're looking for minus all the viruses, spyware, and trojans which (at least presently) use the exact order of what you search for.
 

Re:

[Havenwar]

Good tip, but if I understand it right it would counter only malware that renames themselves to your search query, and I have yet to encounter any of that on the emule network. I guess it is predominantly on the fasttrack network? Or possibly a tip for those who have a server list infected with fake servers.

Re:

[nacturation]

Yeah, it seems to be the Gnutella2 network. I just did a search for: havenwar 867124 and here are some of the results:

1.20MB: tUboO @ havenwar 867124 1 (uCF)[x].zip
559KB: Angel havenwar 867124 1 [New Version] Vocal.wma
355KB: [LiveStream] havenwar 867124 1 @256kbps Extended.wma
1.30MB: (CDZ) havenwar 867124 1 (full)(Divx).zip

Status is all green checkmarks with multiple sources, reporting 16 or 24KB/s download speed, and some show a five-star rating.
 

Beginning of a glorious new industry...

[barwasp]

and soon BSA campaigns are screaming, You wouldn't steal a trojan creation tool...

Damn, yes I would

security solutions?

[Sloppy]

kill certain system processes, particularly those of security solutions.

If you run trojans, can it really be said you have a security solution to be killed?

Re:

[Sloppy]

You miss my point. If the user thinks it's ok to run untrusted software (even in cases where the software does not happen to be on anyone's blacklist), then they don't have a security solution. They just have a security illusion. That user could update their signatures 24 times per day, and they'll still be a sitting duck.

If I want you to run my trojan, why would I send a copy of my trojan to your malware-scanning software vendor first? That's like the Greeks sending the Trojans a letter the day before

slashvertisment?

[muszek]

it's the first slashvertisment that makes you search for the shop yourself...

Name change

[blueforce]

Either the black-hats or the condom company, but someone has to change the name of their product.

These subject lines are killing me.

Re:

[X0563511]

I would say the condom company.

Trojans (virus) have a lot in common with the Trojan Horse of mythology. What does Trojan Condoms have to do with Trojans? NOTHING. A BRAND AND LOGO.

I want Spartan Condoms!

Mod me flamebait, but

[postbigbang]

Since I have to take care of a lot of machines of people that get these things, my otherwise non-violent nature would like to find the authors, well, in a Turkish prison. Yes these things have been sold on the net for a long damn time, but I've also had to scrape, reformat, debug, and otherwise keep hapless unwitting people from the damage these things do. They're often chained to using Windows whether they want to or not.

I've seen them spend hundreds of dollars on both prevention and cure, only to get owned again. This isn't about Microsoft, this is about guys that are the seeming equivalent to those that might cut brake lines in a car. The outcome isn't injurious physically, just emotionally/mentally and financially.

My hacker instinct says always continue to hack and explore and try and break things, but selling trojans seems way over the top. No fucking 'let them download Ubuntu or get a second mortgage for a Mac' shit. This is real, this is vulgur, and this is a business plan for bright guys gone bad.... and I don't get paid for scraping this crap.

You fail it.

[symbolset]

You seem smart. Nevertheless you're solving the wrong problem. Solve the right problem and it will be ok.

Re:

[Corwn of Amber]

Well, install MacOSX on their PCs and tell them "it's as much like Windows as a new mobile phone's interface resembles an older one." Install MS Office too, so they won't even have to try OpenOffice (and then inevitably ask why the hell it takes half an hour to load).

I don't want to preemptively answer the counter-arguments to this. I'm right anyway. Normal people don't NEED windows. There is software to do e-mail, web, chat, office, HTPC, taxes, office, whatever - on Linux. And if they need Adobe or other

Re:

[Thing 1]

[...] and I don't get paid for scraping this crap.

<adam savage> Well there's yer problem! </adam savage>

Respectable

[neochromatic]

As much as I despise the concept, I respect the authors of this program. They are putting forth time and effort to create a product that can be used by others. Instead of whining about such a lack of a program on an online forum, or creating a conspiracy as to why such a program doesn't exist, they went out there and made it happen. I've seen and known quite a few people who would have done just the opposite. Instead of going out there and finding and creating a solution for their problems, they instead wo

Whoever wrote that and released it ...

[ScrewMaster]

needs to have his liver removed with hot pincers.

Re:

[mechapants]

removed yes, but in a donatable state would be best for everyone.

Ahhh

[hmmdar]

You know i was kind of disappointed to see this was about computer viruses, was hoping it was about Trojan the Condoms

Actually...

[His Shadow]

The question is does it run on *anything* aside from Microsoft Windows XP with IE and Outlook?

Because I find it amusing that they can write these articles and not give any useful information as to what systems are affected buy such a program.

But then I guess most of us already know the answer.

Free Trial

[plaxion]

You can get a free trial here [trojancondoms.com].

Oh, wait...

Any skilled Hacker

[perlhacker14]

Any skilled hacker could create their own trojan or malicious software. If a ninth grader can do it in a combination of Perl and MASM, I am sure that any smart person might be able to apply their brains to create anything. Of course, creating these are a waste of time and gain nothing, so...

The Future of Anti-Virus

[Nom du Keyboard]

I'm believing that the future of anti-virus/rootkit solutions has to be a live CD that runs fully independently of the host system and software being scanned.

Re:

[Urza9814]

They already have quite a few of those. I knew if you actually buy Norton anti-virus (not that anyone ever would...horrible software...I've had to fix so many computers that it totally fucked), the CD will boot to a virus scan. Problem is there's no real way to update the virus definitions.

Re:

[Corwn of Amber]

There is. The computer is connected by Ethernet to a DSL router in most cases, so creating a ramdisk to download updated definitions is very very possible. And all but a few computers that still run now have USB ports, so you can stick a key with up-to-date definitions in there too.

If the LiveCD is good enough, it will detect the minimal hardware needed to do its job ... read the defs from the 'Net or USB device ... scan, delete infected files ... reboot. The whole process could be made to be automatic and

Is it free and open source?

[WK2]

No? Then I'll just stick with bo2k. Free, open source, and probably more mature than the advertised program. Thanks for the spam, slashdot.

Custom Trojans

[coren2000]

I need custom Trojans because Im just so well endowed.

ahhh.... who am I kidding....??

Re:

[Lithdren]

Nobody

I like my trojan to have a custom fit too

[NoBozo99]

with ribbing to please the ladies. ;-)

Re:

[Lithdren]

Virii? YOU honestly believe Bush would know to use the term Virii?

Way to break the mood!

Re:

[rantingkitten]

Considering that "virii" is a made-up, non-English word, then yes, I can believe Bush using it and being mocked in the media the next day for another brilliant Bushism. The proper plural is "viruses".

Hate to be the one who bears bad news. And by the way, "boxen" is not a real word either.