Malware features

[EmilKXZ]

Greetings,

What would your perfect malware would have? Which functions? Features?

I found myself with the desire to code something, I want a final aim, and then I can build a path to reach there. Would you use it for making money? Would you use it to spy on organizations, but avoiding governments? (So you don't touch the wrong asses and then get hunt). Would you use it for a cause?

I want to know general opinion, to retrieve ideas. I have this energy of coding and I must rush and make it true, before it gets spoiled and then I do nothing. 

Oh yeah, I do like botnets. Specially P2P. I hate DDoS-related stuff. IMHO, that makes it lame.

BTW, I kinda know how to code in Delphi (heard Kulver also does  ), if we ever start a project on this, it would be fine to put all ideas here and then move on another thread, place snippets in there, improving, etc.

[vezzy]

A worm that displays subliminal messages and plays infrasound in an attempt to influence the user's behavior. The host has the ability to choose the messages and some general remote administration features. Of course, it would also include mass email propagation to spread itself and a polymorphic engine to avoid heuristics detection.

That or just actually code the (unfortunately as of yet) hypothetical Tuxissa virus.

[rasenove]

Acutely the malwares features depend on what you want to do with them. So it would be easey to tell if you include more details.

But ill put my opinion anyway,
I would make a malware that edits the host file in windows and causes blocking stupid sites like facebook, twitter, etc. Nothing more, nothing less.

[Zesh]

A worm that displays subliminal messages and plays infrasound in an attempt to influence the user's behavior. The host has the ability to choose the messages and some general remote administration features. Of course, it would also include mass email propagation to spread itself and a polymorphic engine to avoid heuristics detection.

That or just actually code the (unfortunately as of yet) hypothetical Tuxissa virus.

This I'd love to see you attempt to create a polymorphic engine

[Fur]

A worm that displays subliminal messages and plays infrasound in an attempt to influence the user's behavior.

Tried it a few weeks ago while everyone was running around buying bread and milk in preparation for the "snowmageddon".

From Wikipedia:

Importantly, research on action priming has shown that subliminal stimuli can trigger only those actions that one plans to perform anyway: only if a person already has the specific intention to perform a certain action, can this action be subliminally triggered.

A way to write my own commands would be nice.
Upload the new commands to Pastebin, then store the paste id in a database along with the command name.
Send the paste id, the server will just call "pastebin.com/raw.php?i=PasteID".
You could use Python to write the new commands.


Steal deleted .doc files (look into recovery methods), they might hold something of value.


To expand on Rasenove's idea, block the top 500 sites, which can be retrieved from http://www.alexa.com/topsites.


A public site dedicated to "archiving" people's browser history would be fun.
Maybe you could try to grab a link to the victim's Facebook.

[Kulverstukas]

Resize, compress and upload image files.
Open a remote shell to connect to.

[EmilKXZ]

Nice ideas have been posted here!

Yeah, I'd block or somehow redirect social networking sites, I'd inject a small banner "Social networking kills your brain" and marquee it constantly.

@Kulverstukas: Why image manipulation?

@Fur: You mean an interpreter? Something like adding new functionality/modules on the fly? without pulling a new executable to infect again.

The Tuxissa idea is not bad at all, I think it could get far undetected given it never infects subliminal messages experts. It is a strange idea, though.

It could use a polymorphic engine like some malware around had. Cloud polymorphism, the executable downloaded a "new entire body" during propagation, processed in cloud.

I also did my task finding ideas on my own, I read somewhere that Koobface used solved CAPTCHAs grabbed from infected people, in order to maintain its propagation routine. Not that is clever, but it's self-sustainable and that's a detail I like. 

[Kulverstukas]

Image manipulation so that you can steal private photos
Remote shell would be better, but the frontend should be a web panel - lower detection rate and you don't have to worry about port forwarding.

Something I wanted to do (and will do one day) was to make a version of virus that snaps webcam pics in given intervals of time and upload to a specified server.
Or listens for sound through mic and records when sound is detected.

[EmilKXZ]

I like the idea of stealing private photos (if you mean, stealing naked female pictures for example), but that's unlikely to happen nowadays if you can send pictures with your mobile phone... photos are going to remain there. Unless you exfiltrate those from the phone (e.g. when it is plugged), you're not going to do anything with those that are stored.

Webcam snooping? You can turn it on, the problem is making it stealth... can it be turned on *without* the LED that most laptops have that indicate when it is recording or taking pictures?

I'd add a remote file explorer, that's nice to hunt for files, not only private pictures, who knows if you can find something "leakable". :-)

What do people here say? Sounds like a nice project to start and host here? 

[iTpHo3NiX]

Back connection dropper.

I would like to see a malware that you can use to remotely and silently download and install software on a remote machine that has your original backdoor. So instead of a RAT perse it's just a dropper that you can add your RAT, Bot, Stealer, etc. And if you update any of those you can have remote access to remove and upgrade.

Also some sort of remote desktop feature like PhoneMyPC to were you don't have to have a forwarded port to be able to use. It connects to their server which hosts it if the ports not forwarded.

I was thinking of slowly starting that with C but we'll see if I still continue down the programming path (kind of been at a halt after building a simple calculator in C++) even moreso since I started a PHP/MySQL project for work related use.

[EmilKXZ]

Yeah, a dropper is a good idea, a dropper that determines if it's a honeypot of some sort before pulling the real deal.

Something like a silent VNC? btw, starting a back-connection to the mothership has the problem of revealing where it all goes to. Unless you manage so "open the VNC" only when needed and use a pwned box for that purpose. Oh yeah, you can open ports on home routers on-the-fly with UPnP (in case you didn't know). 

[Kulverstukas]

It should have a webpanel for C&C, no doubt in that. The virus itself would be like a server for stuff like remote control via the webpanel. I had a dream last night about how it would all look and work like.
I feel confident about this shit doesn't sound very hard and I'll start this project, if not with you then on my own. At least to make it snap webcam pics and record sound...

For bypassing the webcam light... I don't think there is a way unless you can write your own custom drivers or turn off something in the BIOS.

[EmilKXZ]

Count with me man, I've this code:

• Copy to USB itself.
• Very basic client server architecture, just needs commands programmed.
• Very basic HTTPd. (For pushing exploits).

I'm developing more "snippets" when time allows me (I have a real life too!), all of those in Delphi, willing to contribute for this project. Just pm me, let's organize a group of some kind. Those that have anything to contribute, are invited to join, I guess. 

[proxx]

Count with me man, I've this code:

• Copy to USB itself.
• Very basic client server architecture, just needs commands programmed.
• Very basic HTTPd. (For pushing exploits).

I'm developing more "snippets" when time allows me (I have a real life too!), all of those in Delphi, willing to contribute for this project. Just pm me, let's organize a group of some kind. Those that have anything to contribute, are invited to join, I guess. 

Can you explain to me why youve chosen delphi and why this is a suitable language for the task?
Just curious

[Kulverstukas]

I was making a RAT in delphi once... it was not going very smoothly. Though I am no expert in coding such stuff