Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security The Internet Programming IT Technology

Custom Trojan Creation Tool Sold Online 121

Finch writes "Net Security.org is reporting on the surprisingly sophisticated 'virus in a can' software called Pinch. Pinch is a tool sold on several online forums and designed to create Trojans. It allows attackers to specify the data that Trojans steal. One of the interface tabs, PWD, allows malicious users to select the type of password to be stolen by the Trojan: from email passwords to passwords kept by the system tools. It is possible to order the Trojan to encrypt this data when sending it, so that nobody else can read it. 'Pinch also lets users carry out other actions: turn infected computers into zombie computers, pack Trojans to make detection more difficult, and kill certain system processes, particularly those of security solutions.'"
This discussion has been archived. No new comments can be posted.

Custom Trojan Creation Tool Sold Online

Comments Filter:
  • obligatory (Score:2, Funny)

    by Anonymous Coward
    Yes, but does it run on Linux?
  • by Anonymous Crowhead ( 577505 ) on Friday July 20, 2007 @05:13PM (#19932801)
    How much is it and where can I buy it? For, uh, research purposes.
  • nothing special (Score:3, Informative)

    by sub7 ( 187049 ) on Friday July 20, 2007 @05:14PM (#19932807)
    they were distributing trojans like this in the 1990s... sub7 anyone? ;)
    • Re:nothing special (Score:5, Informative)

      by KillerCow ( 213458 ) on Friday July 20, 2007 @05:31PM (#19933023)
      Or the venerable Virus Creation Laboratory [netlux.org], ala '92.
      • by dave562 ( 969951 )
        You beat me to it. VCL was a great starting point for learning how to write virii. It was the first thing that I thought of when I read saw the article. [nostalgia]Sometimes I miss the days of Digital Decay and the NuKE vs YAM flame wars.[/nostalgia]
      • VCL... Didn't "Nowhereman" set that up?
      • Virus Creation Lab did not work. Does this one work?
    • Re: (Score:3, Informative)

      by Afecks ( 899057 )
      I'm a trojan author so I'm getting a kick out of these replies...

      No seriously, this is not a new idea. There was Senna Spy Trojan Generator [megasecurity.org] many years ago. However, unless the generator actually generates the source code so you can compile it, I would call it a highly customizable backdoor, nothing more.
      • Re: (Score:3, Funny)

        by UncleTogie ( 1004853 ) *

        I'm a trojan author...

        Pardon my asking, but isn't admitting to that rather like stuffing bloody meat down your shorts and swimming with sharks?
        • More like swimming with goldfish. Very, very few people actually have the willingness to jump through the awkward and painful hoops needed to act against crackers, especially to convict them. For every Kevin Mitnick who gets convicted, there are dozens and hundreds of far less aggressive and arrogant crackers who play in that world and just never draw that much attention.
          • I have a different theory : the more trojans and viruses get created , the more people will become security minded and install antivirus and firewalls .

            So the people that write malware indirectly cause increased security.
            So this is good news .
            • I see. And drunk driving leads to other people wearing seat belts and benefits their safety, right?

              It's a very, very small silver lining on a very dark and expensive cloud that you're describing. The money wasted on expensive and system slowing virus software of limited usefulness could easily go to a backup system and the professional time to administer it, if the onslaught of malware weren't so amazingly aggressive and pervasive. It's especially bad in "public" networks, such as your average Starbucks wi-
              • by Afecks ( 899057 )
                I said trojan author, not user but yes the typical attitude aimed at malware authors is very damning. Being on "the list" isn't very fun either. Especially when nobody believes that you would write a backdoor but not use it or want people to use it in a nefarious manner.

                You can draw many parallels between the gun control issue and malware. You don't blame the gun manufacturers for every gun related death do you? Well maybe you do but that's a moral question not a legal one (yet). However, removing all malwa
                • You can draw many parallels between the gun control issue and malware. You don't blame the gun manufacturers for every gun related death do you?

                  No, but firearms have a lawful purpose: to defend your homestead. Malware, other than a learning exercise, has no lawful purpose.
                  • Well, I will admit that a worm can have a lawful purpose: to survey a corporate network for vulnerabilities and report back to owners of the network which machines are vulnerable. I've certainly broken into user accounts simply to demonstrate that their password practices and software configurations were unsound. By casting all such tools as malware, you're in danger of alienating people who do, in fact, simply poke around.

                    The difference is well illustrated by the infamous Robert Morris worm case. It was wr
                  • by Afecks ( 899057 )

                    Malware, other than a learning exercise, has no lawful purpose.

                    Well you just named 1 pretty big exception in the middle of your rule. I can name others.

                    Key loggers and traffic loggers are used by many parents to monitor their kids' activities and employers to monitor their employees.

                    Tools like Sub7 and Optix Pro can be considered merely unpolished, insecure versions of VNC, RemoteAnywhere, etc.

                    Rootkit-like behavior such as API hooks is used by Firewall and Anti-cheating software such as GameGuard.

                    Worms and viruses though don't have much of a use other t

  • Nothing New (Score:5, Informative)

    by KermodeBear ( 738243 ) on Friday July 20, 2007 @05:14PM (#19932819) Homepage
    There is nothing new here.

    I remember back in my script kiddie days I was able to download programs that would put together a trojan or virus together from the various options the user selected. Press a button and viola! It generated an executable. This was ten years ago.

    What's so new here? That fact that someone is commercializing it?

    Well, good. If you have to shell out cash at least it will keep my 16 year old self from downloading it and causing annoyances.
    • by geekoid ( 135745 )
      Because no one would ever, never, ever put a free copy online somewhere?

    • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Friday July 20, 2007 @05:20PM (#19932895)
      http://vx.netlux.org/vx.php?id=tv03 [netlux.org]
      I still remember the password was chiba city.
      • Oh the days :)

        "Mum, look I created my first virus"

        They bearly worked and I understood nothing about the internals, but VCL is definately a prime example that this has been done many times before and is nothing new.
    • Sub 7 Defcon I think it was advertised as a free tool to remotely control a computer. But it also allowed you to have the remote computer send an email or ICQ message whenever it was online with its current IP address. Then you could connect to it and do a variety of things: Delete/Move/Upload/Download Files Print things Run any programs Change system settings Open/Close Optical Drives Or so I heard...
      • by Anonymous Coward on Friday July 20, 2007 @05:35PM (#19933061)
        Yeah, Sub7 was great. I thought the most entertaining feature was being able to quickly and easily set the user's desktop wallpaper image. It didn't take long to sniff just enough of the Sub7 protocol to be able to develop a tool that would a) scan huge swath of netspace for Sub7 b) login c) download a .jpg d) set wallpaper. A lot of people back in the late 90s woke up to find that overnight, their wallpaper had changed to a photo involving a cucumber and a very hairy receptacle.

        Being able to pop custom modals was pretty fun, too. "ERROR: Insert penis into CD-ROM drive to continue operation! [OK]," followed by the CD tray immediately ejecting itself, probably freaked a few people out.

        Oh, to be young again, those were the days...!
        • by Rideak ( 180158 )
          oh man, what about looking at people on their webcam and using the text to speech tool to speak to them over their speakers. ahh the day's of windows 98.
    • Re: (Score:3, Funny)

      by misleb ( 129952 )
      Ahh, Virus Creation Lab. What memories. Brings me back to the days when viruses were pleasure, not business.

    • by nurb432 ( 527695 )
      Yes, the fact its now a "business" is what is ( sort of ) new here.

      It also makes it all that more irritating and pathetic.
    • I had to modify the following post to take any direct references as I have no way of knowing if you, personally, actually made use of your exploits outside of your own private testing environment...

      I guess that's the difference between real tao programmers and script kiddies.

      I _could_ have engaged in the same things that script kiddies did, exploiting other people for personal amusement and/or gain, but made a conscious decision not to. I saw the links, I looked at the downloads, the ftp sites, and the web
  • by rob1980 ( 941751 ) on Friday July 20, 2007 @05:14PM (#19932825)
    If anybody tries to install a trojan on my computer, I'll hit them back.

    With Winnuke95.
  • by rrohbeck ( 944847 ) on Friday July 20, 2007 @05:19PM (#19932885)
    "1NCRE@SE Y0UR PEN1S S1ZE 25% 1N 2 WEEKS!" programs I definitely need custom Trojans.
    • Re: (Score:2, Funny)

      1NCRE@SE Y0UR PEN1S S1ZE 25% 1N 2 WEEKS!" programs I definitely need custom Trojans.

      Ah, that is unless you've followed the instructions from this oldie but goodie:

      --

      Follow these instructions EXACTLY, and in 3 to 6 weeks you will have received well over 50,000 inches of penis, all yours. This program has remained successful because of the inadequacy and vanity of the participants. Please continue its success by carefully adhering to the instructions.

      Welcome to the world of Mail Order Penis Enlargement! This little business is a little different than most cosmetic surgery. Your product is n

  • A great slogan for this program, but I bet our latex buddies have an entirely different interpretation of that...
  • I wonder who actually pays for these tools? Seems like such a tool would be freely downloadable after teh first purchase. I mean, it isn't like the author is going to try to sue you or anything (though maybe he'll DDoS your download site). It would be like a drug dealer calling the cops because someone stole his supply.

    -matthew
  • Does anyone have a copy of the EULA for that software?
    • Re: (Score:2, Funny)

      EULA

      By agreeing to the purchase and install of Trojan-o-Matic, hereby called the 'Software', you agree to host 'x' amount of porn or phishing sites. The amount is determined by the Software according to its use and the creator of the software. At any time, you submit your computer to be a host server for the Software Creator's Nigerian email server. That is all.... oh, and your bank account is empty.
    • Re: (Score:3, Funny)

      by Havenwar ( 867124 )
      EULA, Pinch, 2.60
      I reserve the right to go ballistic on your ass if you rip me off. (But feel free to redistribute if you include your custom trojan in the file.)

      EULA - most other software
      [four to six pages of nonsense much of it in all caps, mainly stating the exact same as above with the exclusion of the parenthesis but adding a page or two basically saying "I can also castrate you with a dull wooden spoon if you do something I would rather you pay me extra to get done."]
  • Torrent? (Score:1, Redundant)

    by nurb432 ( 527695 )
    How long before someone pirates it and gives it away for free?

    THAT would "show them".
    • Re:Torrent? (Score:5, Interesting)

      by Havenwar ( 867124 ) on Friday July 20, 2007 @06:59PM (#19933893)
      Oh, actually a search for "pinch" on emule turns up quite a plethora of results... although once you've sorted out the porn and downloaded a few exe files (yes I know, for most geeks this is the exact reverse of the normal process), for some odd reason antivirus warnings start to pop up... apparently two out of three pinch downloads was infected with "Win32/PSW.LdPinch.P4 trojan" and the third with some other crap that I forgot to write down.

      You can almost see the scriptkiddies sitting there with their brand new trojan going... "hmm, now if only I had some program to trick people into downloading... something I could merge my trojan with to start off my botfarm. Something I could put on fasttrack, and maybe emule... something idiots would download and run even if their antivirus goes off. Hey wait a minute, I'm an idiot and I just ran pinch even though 'norton' told me it was bad for me!"
      • Re:Torrent? (Score:5, Insightful)

        by PCM2 ( 4486 ) on Friday July 20, 2007 @07:24PM (#19934097) Homepage

        apparently two out of three pinch downloads was infected with "Win32/PSW.LdPinch.P4 trojan"

        Did you stop to think that maybe the construction set was identified as a Trojan because it ... you know ... contained the code for a Trojan? As in ... if it tripped your antivirus then you probably had the right one.

        • He did consider that. His point was that precisely because of what you're saying, people will run a file that's supposed to be Pinch, even if they see a virus warning. Therefore, it would make sense for people who want to create a botfarm to make a virus with Pinch, and then throw it up as a torrent and say it IS pinch. Get it?
        • Well, yes. Hence why I found it amusing that only two out of three downloads (of exactly the same files according to filename and versions and all... except filesize) warned about that particular trojan, which could logically be an indication of it containing the code it will later use. The third occasion warned for another trojan, which means that either that was the correct one, or it was infected with another trojan. Of course they were all infected, as was blatantly obvious hours later when I sandboxed
      • Here's a handy search tip: let's say you want to look for the movie Harry Potter in Shareaza. Reverse the word order so you search for Potter Harry, apply the filter -"Potter Harry" and you'll get the results you're looking for minus all the viruses, spyware, and trojans which (at least presently) use the exact order of what you search for.
         
        • Good tip, but if I understand it right it would counter only malware that renames themselves to your search query, and I have yet to encounter any of that on the emule network. I guess it is predominantly on the fasttrack network? Or possibly a tip for those who have a server list infected with fake servers.
          • Yeah, it seems to be the Gnutella2 network. I just did a search for: havenwar 867124 and here are some of the results:

            1.20MB: tUboO @ havenwar 867124 1 (uCF)[x].zip
            559KB: Angel havenwar 867124 1 [New Version] Vocal.wma
            355KB: [LiveStream] havenwar 867124 1 @256kbps Extended.wma
            1.30MB: (CDZ) havenwar 867124 1 (full)(Divx).zip

            Status is all green checkmarks with multiple sources, reporting 16 or 24KB/s download speed, and some show a five-star rating.
             
  • and soon BSA campaigns are screaming, You wouldn't steal a trojan creation tool...

    Damn, yes I would
  • kill certain system processes, particularly those of security solutions.
    If you run trojans, can it really be said you have a security solution to be killed?
  • by muszek ( 882567 ) on Friday July 20, 2007 @07:23PM (#19934089) Homepage
    it's the first slashvertisment that makes you search for the shop yourself...
  • Either the black-hats or the condom company, but someone has to change the name of their product.

    These subject lines are killing me.
    • I would say the condom company.

      Trojans (virus) have a lot in common with the Trojan Horse of mythology. What does Trojan Condoms have to do with Trojans? NOTHING. A BRAND AND LOGO.

      I want Spartan Condoms!
  • by postbigbang ( 761081 ) on Friday July 20, 2007 @07:41PM (#19934247)
    Since I have to take care of a lot of machines of people that get these things, my otherwise non-violent nature would like to find the authors, well, in a Turkish prison. Yes these things have been sold on the net for a long damn time, but I've also had to scrape, reformat, debug, and otherwise keep hapless unwitting people from the damage these things do. They're often chained to using Windows whether they want to or not.

    I've seen them spend hundreds of dollars on both prevention and cure, only to get owned again. This isn't about Microsoft, this is about guys that are the seeming equivalent to those that might cut brake lines in a car. The outcome isn't injurious physically, just emotionally/mentally and financially.

    My hacker instinct says always continue to hack and explore and try and break things, but selling trojans seems way over the top. No fucking 'let them download Ubuntu or get a second mortgage for a Mac' shit. This is real, this is vulgur, and this is a business plan for bright guys gone bad.... and I don't get paid for scraping this crap.
    • You seem smart. Nevertheless you're solving the wrong problem. Solve the right problem and it will be ok.
    • Well, install MacOSX on their PCs and tell them "it's as much like Windows as a new mobile phone's interface resembles an older one." Install MS Office too, so they won't even have to try OpenOffice (and then inevitably ask why the hell it takes half an hour to load).

      I don't want to preemptively answer the counter-arguments to this. I'm right anyway. Normal people don't NEED windows. There is software to do e-mail, web, chat, office, HTPC, taxes, office, whatever - on Linux. And if they need Adobe or other
    • by Thing 1 ( 178996 )

      [...] and I don't get paid for scraping this crap.

      <adam savage> Well there's yer problem! </adam savage>

  • As much as I despise the concept, I respect the authors of this program. They are putting forth time and effort to create a product that can be used by others. Instead of whining about such a lack of a program on an online forum, or creating a conspiracy as to why such a program doesn't exist, they went out there and made it happen. I've seen and known quite a few people who would have done just the opposite. Instead of going out there and finding and creating a solution for their problems, they instead wo
  • needs to have his liver removed with hot pincers.
  • You know i was kind of disappointed to see this was about computer viruses, was hoping it was about Trojan the Condoms
  • The question is does it run on *anything* aside from Microsoft Windows XP with IE and Outlook?

    Because I find it amusing that they can write these articles and not give any useful information as to what systems are affected buy such a program.

    But then I guess most of us already know the answer.

  • You can get a free trial here [trojancondoms.com].

    Oh, wait...
  • Any skilled hacker could create their own trojan or malicious software. If a ninth grader can do it in a combination of Perl and MASM, I am sure that any smart person might be able to apply their brains to create anything. Of course, creating these are a waste of time and gain nothing, so...
  • by Nom du Keyboard ( 633989 ) on Friday July 20, 2007 @10:53PM (#19935253)
    I'm believing that the future of anti-virus/rootkit solutions has to be a live CD that runs fully independently of the host system and software being scanned.
    • They already have quite a few of those. I knew if you actually buy Norton anti-virus (not that anyone ever would...horrible software...I've had to fix so many computers that it totally fucked), the CD will boot to a virus scan. Problem is there's no real way to update the virus definitions.
      • There is. The computer is connected by Ethernet to a DSL router in most cases, so creating a ramdisk to download updated definitions is very very possible. And all but a few computers that still run now have USB ports, so you can stick a key with up-to-date definitions in there too.

        If the LiveCD is good enough, it will detect the minimal hardware needed to do its job ... read the defs from the 'Net or USB device ... scan, delete infected files ... reboot. The whole process could be made to be automatic and
  • No? Then I'll just stick with bo2k. Free, open source, and probably more mature than the advertised program. Thanks for the spam, slashdot.
  • I need custom Trojans because Im just so well endowed.

    ahhh.... who am I kidding....??
  • with ribbing to please the ladies. ;-)

It is impossible to enjoy idling thoroughly unless one has plenty of work to do. -- Jerome Klapka Jerome

Working...