Jump to content

Photo

Be careful: Trojans masquerading as popular executables


  • Please log in to reply
272 replies to this topic

#221
yOuw1shyOuhadth1snam3

yOuw1shyOuhadth1snam3

    Stranger

  • Members
  • Pip
  • 5 posts

 

In response to post #12617277. #12618122 is also a reply to the same post.
 
talking about the subject, if I would remove my stored passwords from my browser, would that mean the Trojan would get nothing out of it? if so, how do I clean my browser from my passwords, I know all of them out of mind anyways, storing them is just minor convenience. Just to be safe in the future when downloading files, better safe then sorry right?

Edit: never mind, turns out its easy, just purged all my stored passwords and disabled the "save password" stuff, kinda makes me wonder why I never looked up how to do this any sooner as I never liked the whole idea of storing my passwords anyways as I never felt it was a safe idea in the first place.

 

Thats proabably not enough. These are modern trojans. Not one of the first invented trojans. It can probably retrieve the deleted file that contains your information for further processing by the script kiddie. I don't know if youknow it or not but i'm almost sure you can crack someones information from a file that your browser stores it in. Its probably encrypted but there are tools. trust me i know there are.


Edited by yOuw1shyOuhadth1snam3, 28 March 2014 - 12:08 AM.


#222
Grasmann

Grasmann

    Old hand

  • Supporter
  • PipPipPip
  • 549 posts
In response to post #13324188.

Modern trojans can just wait until you login to something and use the established connection to extract informations.
Or just catch the information while it is in your ram.
If it's combined with a key logger it can log the passwords when you insert them via keyboard.
Only way to prevent this is to use an on-screen keyboard.
And even then you're not save because a good trojan can detect if the on-screen keyboard is launched and catch the input from there.

You're never save to be honest.

But to program something like that you gotta know what you're doing and the term script kiddie certainly doesn't fit anymore. People who program things like that are experts on their field.

However, I doubt somebody would make such a hassle for the nexus.

Edited by Grasmann, 28 March 2014 - 12:19 AM.


#223
yOuw1shyOuhadth1snam3

yOuw1shyOuhadth1snam3

    Stranger

  • Members
  • Pip
  • 5 posts
In response to post #13324188. #13324563 is also a reply to the same post.

True. It doesn't have to be that complicated. The term certainly fits. Define script kiddie - a person who uses existing computer scripts or code to hack into computers, lacking the expertise to write their own - And there are pre-made "scripts" of the such for keylogging and all that kids can use that especially is free. Sub7 doesn't seem to be around anymore so a good example is backtrack. BT is constantly getting updated and it gets better with each distribution. I do believe backtrack is probably being used at the moment to distribute what is going around. Its not a simple tool such as sub7, its much more developed. Granite the developers of the tool intend it for pen testing but that's another topic.

Edited by yOuw1shyOuhadth1snam3, 28 March 2014 - 01:07 AM.


#224
Grasmann

Grasmann

    Old hand

  • Supporter
  • PipPipPip
  • 549 posts
In response to post #13324188. #13324563, #13325008 are all replies on the same post.

Of course there are scripts you can just use.
Every software developer uses certain runtimes or premade parts for their endproduct.
It's just far more effeciently than programming everything from scratch.

However, it's not like you just make some clicks and choose what the trojan should do.
I know there are certain kits that do exactly that, in one way or another, but the resulting trojans are probably easily detected and not really a threat.

If you want to create an unknown trojan that stays undetected for certain time you definitely need skill in software development and knowledge about the system you're targeting.
You have to find a weak spot and a possibility to use it for your advantage.

And lets not even start to talk about polymorphic and metamorphic virus code.
Do you realize how hardcore it is to write a program in assembler that morphs it's own code? Who ever can write something like that is a damn genius.

Edited by Grasmann, 28 March 2014 - 03:45 AM.


#225
Canti510

Canti510

    Stranger

  • Members
  • Pip
  • 2 posts
Would it be safe then if we recently downloaded major mods that have been around for a couple of years? Mostly big Skyrim mods that were downloaded by well over a few thousand people? I don't usually check the new/hot mods section but only the most downloaded section.

#226
Grasmann

Grasmann

    Old hand

  • Supporter
  • PipPipPip
  • 549 posts
In response to post #13328898.

I think they are talking about stuff like save cleaner and the like.
Executable files.

Normal mods with esps and textures and stuff are save to use.

#227
bben46

bben46

    I had a title once, but I forgot what it was.

  • Staff
  • 18,207 posts

The viruses are not written just for the Nexus. Or just for any specific site. They are written to work on whatever site they find themselves using at the time.

 

They are also not just for people who have something worth stealing. Viruses are not intelligent and do exactly what they are programmed to do. And that is to infect every computer they come into contact with and then use that one to infect others. While your computer is infected, they can do various things - like scan for credit card transactions to steal your credit card info - or as a zombie in a DDOS attack on some site. Or as a bitcoin miner. Most are watching your internet activity and sending the info to a tracker for targeted ads ( which is exactly how Facebook works too)

 

Current gen viruses are very good at hiding and rarely cause much slow down. But one thing they can do is remove any protection you do have - disable your firewall & antivirus which tends to allow easier access by other malware and when you have a dozen or so all trying to call home at once it does slow things down.

 

Just because you don't think you have anything worth stealing does not mean you will not be infected. The virus may just want to use your computer without your permission, and check for stuff to steal while they are at it.



#228
Canti510

Canti510

    Stranger

  • Members
  • Pip
  • 2 posts
In response to post #13328898. #13331263 is also a reply to the same post.

Thanks for the reply! Yeah, I mostly use textural or follower character mods. But I haven't used any Executable file.

Edited by Canti510, 28 March 2014 - 02:50 PM.


#229
yOuw1shyOuhadth1snam3

yOuw1shyOuhadth1snam3

    Stranger

  • Members
  • Pip
  • 5 posts
In response to post #13338018.

Duh. Its not much for security to think up a reason why you wouldn't be susceptible to a virus. And that's not true. The hacker may intend to slow down your computer for whatever reason. Run a certain program so many times to crash your computer. What you described - "And that is to infect every computer they come into contact with and then use that one to infect others" that is referred to as a botnet and yes, the virus that spreads to a computer turns it into a "zombie". Not EVERY virus is intended to spread.

#230
suzuki11g

suzuki11g

    Enthusiast

  • Premium Member
  • 125 posts
Run through Anti virus, the Skyrim Character Editor has got a trojan. Checked at 20.50 31.03.2014




Page loaded in: 1.147 seconds