Author Topic: SMS notification when someone run my trojan horse ;)  (Read 3872 times)

0 Members and 1 Guest are viewing this topic.

Offline Infinityexists

  • Peasant
  • *
  • Posts: 74
  • Cookies: 1
    • View Profile
SMS notification when someone run my trojan horse ;)
« on: April 19, 2012, 08:20:55 pm »
After three days of work I've found the incredible way of receiving the SMS notification every time somebody from anywhere around the world execute my photo stealer trojan horse,
The SMS contains the Victim PC name and a small text saying "XYZ executed the Virus of yours" :)


the algorithm is successfully implemented into my trojan and working like a charm ;)

if you don't know about my trojan horse have a look at it here,
http://evilzone.org/hacking-and-security/photo-stealer-trojan-horse-(see-the-demo)/

Please share your thoughts if it is a good idea ;) (btw IT IS a very good idea i think) :)
« Last Edit: April 19, 2012, 08:25:17 pm by Infinityexists »

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: SMS notification when someone run my trojan horse ;)
« Reply #1 on: April 19, 2012, 08:29:20 pm »
SMS over email huh. Well it's an amazing idea but it won't work in all countries, just very few :)

Offline Infinityexists

  • Peasant
  • *
  • Posts: 74
  • Cookies: 1
    • View Profile
Re: SMS notification when someone run my trojan horse ;)
« Reply #2 on: April 19, 2012, 08:32:24 pm »
SMS over email huh. Well it's an amazing idea but it won't work in all countries, just very few :)


I can guarantee you :) it is working , I'm a telecom engineer bro :)
it is tested in the following countries,


Pakistan
India
Sweden
Israel
Germany
UK
Australia
Saudi Arabia
and few others :)


my algorithm is so simple but so fucki'n efficient to perform this task :)
« Last Edit: April 19, 2012, 08:56:04 pm by Infinityexists »

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: SMS notification when someone run my trojan horse ;)
« Reply #3 on: April 19, 2012, 09:13:32 pm »
Sounds interesting. Will you provide some source code?

Offline dataspy

  • Peasant
  • *
  • Posts: 99
  • Cookies: 16
    • View Profile
Re: SMS notification when someone run my trojan horse ;)
« Reply #4 on: April 19, 2012, 09:35:19 pm »
That's awesome!!!  You're trojan is becoming better and better, keep up the great work!!!!
The only people for me are the mad ones, the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn, like fabulous yellow roman candles exploding like spiders across the stars.
-Kerouac

Z3R0

  • Guest
Re: SMS notification when someone run my trojan horse ;)
« Reply #5 on: April 20, 2012, 10:27:59 am »
SMS over email huh. Well it's an amazing idea but it won't work in all countries, just very few :)
I agree, but at the same time, there are two factors I'm thinking of: 1) His cellular service provider, 2) Access-list policies of countries where his victims are from.

Some service providers have a very simple/free setup for SMS via e-mail (example: 0001112222@sprint.com), others you have to pay for it, and make adjustments to your contract, etc. As for access-list policies of other countries, this would be like China blocking any traffic to verizon.com. Since the OP stated it is currently working, the only factor limiting his ability to receive SMS's from his victims are those access-list policies I was talking about.

@OP For the most part, you should be good-to-go. However, you won't ever receive victims from North Korea, China, and possibly Syria...well, at least for the time being. Also, I hope for your own protection that you are using SSL with your SMTP queries. I'm not condoning any illegal usage of your trojan, but if you are targeting people in the middle east there is a chance you could end up infecting an extremist, especially if you are using your trojan with programs that help setup other trojans (istealer for example). 

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: SMS notification when someone run my trojan horse ;)
« Reply #6 on: April 20, 2012, 11:10:30 am »
So if i am right,  i am able to run your trojan, sniff my outgoing email and see that there goes a mail to 06234234234@freakingsmsservice.com and i know the number right?
That would be a major vulnerability for the bot herder.
~Factionwars

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: SMS notification when someone run my trojan horse ;)
« Reply #7 on: April 20, 2012, 04:20:59 pm »
well duh... thats how you see where the bot/rat connects to, by sniffing the traffic. Its really very simple.

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: SMS notification when someone run my trojan horse ;)
« Reply #8 on: April 20, 2012, 04:22:39 pm »
well duh... thats how you see where the bot/rat connects to, by sniffing the traffic. Its really very simple.
No dude, that is not DUH, a good programmer would try to wipe out all the traces back to him
~Factionwars

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: SMS notification when someone run my trojan horse ;)
« Reply #9 on: April 20, 2012, 04:25:38 pm »
my reply was about sniffing traffic, not how a epic hacker must wipe all traces.

xor

  • Guest
Re: SMS notification when someone run my trojan horse ;)
« Reply #10 on: April 20, 2012, 04:41:32 pm »
This, while clever, is not at all smart.

If your trojan now spreads, and the cyber-authorities get wind of it, it's going to be easy as piss to trace back to you.

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: SMS notification when someone run my trojan horse ;)
« Reply #11 on: April 20, 2012, 05:52:01 pm »
I figured it would be SMS over email, since with most carries they have "phone number" emails something along the lines of:

Carrier    Email to SMS Gateway
Code: [Select]
Alltel    [10-digit phone number]@message.alltel.com
Example: 1234567890@message.alltel.com
AT&T (formerly Cingular)    [10-digit phone number]@txt.att.net
[10-digit phone number]@mms.att.net (MMS)
[10-digit phone number]@cingularme.com
Example: 1234567890@txt.att.net
Boost Mobile    [10-digit phone number]@myboostmobile.com
Example: 1234567890@myboostmobile.com
Nextel (now Sprint Nextel)    [10-digit telephone number]@messaging.nextel.com
Example: 1234567890@messaging.nextel.com
Sprint PCS (now Sprint Nextel)    [10-digit phone number]@messaging.sprintpcs.com
[10-digit phone number]@pm.sprint.com (MMS)
Example: 1234567890@messaging.sprintpcs.com
T-Mobile    [10-digit phone number]@tmomail.net
Example: 1234567890@tmomail.net
US Cellular    [10-digit phone number]email.uscc.net (SMS)
[10-digit phone number]@mms.uscc.net (MMS)
Example: 1234567890@email.uscc.net
Verizon    [10-digit phone number]@vtext.com
[10-digit phone number]@vzwpix.com (MMS)
Example: 1234567890@vtext.com
Virgin Mobile USA    [10-digit phone number]@vmobl.com
Example: 1234567890@vmobl.com

Free Email To SMS Gateways (International + Smaller US)

These are all I could find from Wikipedia and other sources. If you’re aware of any other ones please share them in comments and I’ll add them to the list.
     
Carrier    Email to SMS Gateway
Code: [Select]
7-11 Speakout (USA GSM)    number@cingularme.com
Airtel (Karnataka, India)    number@airtelkk.com
Airtel Wireless (Montana, USA)    number@sms.airtelmontana.com
Alaska Communications Systems    number@msg.acsalaska.com
Aql    number@text.aql.com
AT&T Enterprise Paging    number@page.att.net
BigRedGiant Mobile Solutions    number@tachyonsms.co.uk
Bell Mobility & Solo Mobile (Canada)    number@txt.bell.ca
BPL Mobile (Mumbai, India)    number@bplmobile.com
Cellular One (Dobson)    number@mobile.celloneusa.com
Cingular (Postpaid)    number@cingularme.com
Centennial Wireless    number@cwemail.com
Cingular (GoPhone prepaid)    number@cingularme.com (SMS)
Claro (Brasil)    number@clarotorpedo.com.br
Claro (Nicaragua)    number@ideasclaro-ca.com
Comcel    number@comcel.com.co
Cricket    number@sms.mycricket.com (SMS)
CTI    number@sms.ctimovil.com.ar
Emtel (Mauritius)    number@emtelworld.net
Fido (Canada)    number@fido.ca
General Communications Inc.    number@msg.gci.net
Globalstar (satellite)    number@msg.globalstarusa.com
Helio    number@messaging.sprintpcs.com
Illinois Valley Cellular    number@ivctext.com
Iridium (satellite)    number@msg.iridium.com
Iusacell    number@rek2.com.mx
i wireless    number.iws@iwspcs.net
Koodo Mobile (Canada)    number@msg.koodomobile.com
LMT (Latvia)    number@sms.lmt.lv
Meteor (Ireland)    number@sms.mymeteor.ie
Mero Mobile (Nepal)    977number@sms.spicenepal.com
MetroPCS    number@mymetropcs.com
Movicom (Argentina)    number@sms.movistar.net.ar
Mobitel (Sri Lanka)    number@sms.mobitel.lk
Movistar (Colombia)    number@movistar.com.co
MTN (South Africa)    number@sms.co.za
MTS (Canada)    number@text.mtsmobility.com
Nextel (United States)    number@messaging.nextel.com
Nextel (Argentina)    TwoWay.11number@nextel.net.ar
Orange Polska (Poland)    9digit@orange.pl
Personal (Argentina)    number@alertas.personal.com.ar
Plus GSM (Poland)    +48number@text.plusgsm.pl
President’s Choice (Canada)    number@txt.bell.ca
Qwest    number@qwestmp.com
Rogers (Canada)    number@pcs.rogers.com
SL Interactive (Australia)    number@slinteractive.com.au
Sasktel (Canada)    number@sms.sasktel.com
Setar Mobile email (Aruba)    297+number@mas.aw
Suncom    number@tms.suncom.com
T-Mobile (Austria)    number@sms.t-mobile.at
T-Mobile (UK)    number@t-mobile.uk.net
Telus Mobility (Canada)    number@msg.telus.com
Thumb Cellular    number@sms.thumbcellular.com
Tigo (Formerly Ola)    number@sms.tigo.com.co
Tracfone (prepaid)    number@mmst5.tracfone.com
Unicel    number@utext.com
Virgin Mobile (Canada)    number@vmobile.ca
Vodacom (South Africa)    number@voda.co.za
Vodafone (Italy)    number@sms.vodafone.it
YCC    number@sms.ycc.ru
MobiPCS (Hawaii only)    number@mobipcs.net

Source: http://www.makeuseof.com/tag/email-to-sms/

Great list ;)

Now anyways onto your idea. I think its a cool idea in theory but I wouldn't want to add my cell number to any trojan I create... Just seems like a way to be tracked... Say you ended up spreading your trojan so much you got 1,000+ ppl (despite that would be a lot of text messages)a white hat skilled in reverse engineering sees your trojan, decompiles it, looks through the source and grabs your number, goes to authorities, track your cell phone tower, and boom goes the dynamite. I'm not saying that this will happen, Just saying its a probability.

But I do appreciate your work!

Also a fun thing to do with this is an SMS bomb... lol use a good mail bomber, a hacked SMTP server and get cell numbers (might be hard to figure out the carrier without a bit of social engineering) and boom 1,000 text messages. Now I wouldn't condone doing this, however I've done it to a wife beater before the whole "Unlimited Text" movement and his carrier charged him like $500 in overages :P ahh to be young lol.
« Last Edit: April 20, 2012, 05:53:02 pm by iTpHo3NiX »
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline Infinityexists

  • Peasant
  • *
  • Posts: 74
  • Cookies: 1
    • View Profile
Re: SMS notification when someone run my trojan horse ;)
« Reply #12 on: April 21, 2012, 05:15:45 pm »
I'm not really interested in spreading my trojan nor i've ever used it for the destructive purpose, I am developing it just because i love coding and its my passion to try new stuff every day, as long as it is related to Programming in any way.

When I first registered here I had no idea what hacking/cracking is, I had not even heard about VBScripting but soon after a week I had all the basics knowledge of Hacking techniques like RFI, XSS, Phishing, SQL Injection and a lot more and guess what I could design my own trojans and able to fucked the whole Windows registry..this is just because i found those things really interesting to be learned, I am hungry for learning i can spend my whole life programming various software or anything.
before registering here I was working on Android Development and before that PHP/MySQL , I am just trying to explain I've never stick to any particular programming language and i kept on trying new languages everyday this is the only reason why i coded that trojan

I starts the programming on certain language, pick any interesting project related to that language, works on it until i get bored and then switched to other language,
this is exactly what my trojan is about , it was just like the project for me and I had no intention to use it for destructive purpose or stealing someone photos or any critical data or information, I coded this just to satisfy myself that i can actually code a trojan once i'll get bored or satisfied I'll move back to Android or maybe i'll get my hands dirty on Python as I've never tried it before.
or if you have any better suggestion for my next programming language then let me know I'd love to explore.

P.S : As far as you think I'd be tracked, let me tell you I won't, because I hadn't used any email address into my trojan that is forwarded to my mobile number, I've used the whole different technique that would leave no traces back to me (perhaps, as nothing is 100%)

I'm glad that you (iTpHo3Nix) appreciated my work, I just love to be appreciated by guys like you :)


@Factionwars: I'm not a good programmer :/ just a kind of versatile as i'm not very good in any particular language.

@Xor: I'm not clever either.

@m0rph: even if the victim is living in China or north Korea or in any country you mentioned, i'll still receive the message !!

---------------------------------------
STAFF EDIT: No double posting
---------------------------------------

Even if i was using that email way to receive text-messages to my mobile i would have used in a way which may reduces the chances of getting caught , here is a cool way of not getting caught when when using your phone number email address to receive text-message to your cell phone,

you shouldn't expose you mobile number's email ID inside your trojan directly rather buy a free web hosting or anything as long as it doesn't reveal your identity, with the fake IP address and create a new php file there with your email address written inside it and then link that file to your trojan so your trojan will read email address  from that file at run time so it won't be exposed and a normal computer user would never be able to find out how it is working (if your Trojan is smartly encrypted), and don't forget to create .htaccess file in your web-server that limits only those to your php file who is referred by your trojan so if someone directly try to access that file to read your email he won't be able to read it due to .htaccess permissions.


you can make it more smart by redirecting users (who are trying to access the php file directly) to another file with any fake e-mail address randomly generated.

if ever you think that you're gonna get caught by any authority you just delete that php file from web-hosting that has your email-address mentioned and you're all good to GO.

It isn't the safest way but it surely reduces your chances of getting caught.
« Last Edit: April 22, 2012, 11:27:20 am by Infinityexists »

Z3R0

  • Guest
Re: SMS notification when someone run my trojan horse ;)
« Reply #13 on: April 22, 2012, 12:08:23 pm »
@m0rph: even if the victim is living in China or north Korea or in any country you mentioned, i'll still receive the message !!
No, you wouldn't because those countries both have firewalls with outbound e-mail restrictions, and civilians in North Korea cannot access the internet period.

Quote
you shouldn't expose you mobile number's email ID inside your trojan directly rather buy a free web hosting or anything as long as it doesn't reveal your identity, with the fake IP address and create a new php file there with your email address written inside it and then link that file to your trojan so your trojan will read email address  from that file at run time so it won't be exposed and a normal computer user would never be able to find out how it is working (if your Trojan is smartly encrypted), and don't forget to create .htaccess file in your web-server that limits only those to your php file who is referred by your trojan so if someone directly try to access that file to read your email he won't be able to read it due to .htaccess permissions.
As it has been stated before numerous times, anyone with any knowledge of using a sniffer will be able to get past this. If you use .htaccess for protection, you must also remember that the trojan's user-agent will be passed with any traffic it will send to that web page. SSL is honestly as close to being able to protect yourself as you will be able to get without reducing functionality within your trojan....unless if you're a master coder and you create a module to route the traffic through something like tor or proxychains. Food for thought.
Quote
you can make it more smart by redirecting users (who are trying to access the php file directly) to another file with any fake e-mail address randomly generated.
This was not a bad idea.

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: SMS notification when someone run my trojan horse ;)
« Reply #14 on: April 22, 2012, 08:58:30 pm »
Quote
I'm not really interested in spreading my trojan

In case that is the answer to me: I didn't ask for the code of the whole trojan. But the part of the SMS notification implementation could still be interesting for others and that usually does no harm.
It is nice to know that you code and learn a lot, but I really would like to see something, that I (or others) can learn from too.