9:05 PM
You just downloaded a free php logger, conveniently put at your disposal by a trustful member ?
- You just bought a stealer, a crypter or a booter from someone who seems to have a lot of reputation ?
- You just downloaded random programs supposed to help you hack your way into a website, a game, a computer ?
Chances are that you'll end up getting infected. Loggers, booters, stealers, crypters, or whatever shit you enjoy downloading, usually have a builder that you use to construct your little virus.
Most people trust others way too easily, and I can tell you that half of the guys in the marketplace who sell products and have Uber/Leet membership and high reputation are most likely selling builders that are infected.
This is because they have advanced crypters that allow them to infect their customers who are too trusting, or because they are selling a program for someone else and they have no knowledge and no control of what they're selling to others.
And sometimes you'll go and test your programs on antivirus detecting websites such as virustotal or viruscan, etc. You'll be happy because the program is 100% FUD, chances are that this FUD also applies to your system and you will never know if you're infected.
Some of you use virtual machines, some of you use sandboxie.
This is all very nice, but a VM is still on your machine and there are bypasses to that, sandboxie is also on your machine and again there are bypasses to that.
After this little introduction, I present to you this awesome website that everyone should know, everyone should bookmark it and everyone should pass it around :
http://www.threatexpert.com/
This is not a new website but unfortunately so few people only know it.
This is not something secret, but again ... it's ignored by too many people.
This website allows you to upload an executable or even a script to their servers. On their servers, virtual machines will execute the file and will give you a FULL diagnostic of EVERY action taken by the file. Every new file it creates in every directory, every single key it modifies in the registry.
It will also give you advice on what each file behavior means.
I urge everyone to use this website. Stop with all the bullshit antivirus services that go around. And stop thinking that because someone is Uber or Leet and has 200 rep, you can trust them.
Anyone in a position where they are distributing executables to 500 people a week, on a hacking website and with FUD abilities, will be tempted to capitalize more on this at one point. Especially if he has access to a good enough worm to infect the 4000 targets of each of his 500 primary targets. I'll let you do the maths.
Remember :
http://www.threatexpert.com/
Saturday, May 4, 2013
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment