Wednesday, June 3, 2009

DIY Malware - Octopus Keylogger

As is so often the case, I'm trying to pull content together fresh content for a presentation at the last minute - this one about DIY malware creator kits.

So, with a quick browse and a few Google searches I come across a batch of new DIY kits - "new" in the context that I hadn't stumbled upon them before (neither for public download as a generator kit or circulating "in the wild" as malware).

I find it interesting that there is such a variety of region-specific DIY kits.

One of the regional DIY kits I came across has just made the transition from freeware to a commercial offering. This kit - called "Octopus Keylogger" - has been developed by a Spanish author and offers the usual assortment of keylogging goodies for the low price of €20 ($30)...

* Encrypted FTP and Email of captured key logs,
* UPX compression
* Local and remote keylogging
* Peer-to-peer infection vectors
* Bypassing of host system logging
* Downloader creator
* "100% undetectable" executable stub
* Scheduled uploading of captured key logs
* Disabling of Task Manager
* Add two autorun's (HKEY_LOCAL_MACHINE) and (HKEY_CURRENT_USER)
* Supports Windows XP SP2/SP3, Windows Vista and Windows 7

The author, SharkI, has been experimenting with the keylogging technology for quite some time and this latest commercial version appears to have been based off the the DigitalX.

SharkI has previously published the keyloggers and DIY creators kits called:
* Royal Stealer (now in to its second edition - source code for the first version is now public)
* Virus Maker (written in visual basic)
* Call of Duty WAW Stealer (game license key stealer)
* Call of Duty 4 Stealer



On the point of Royal Stealer, it's interesting to note which applications the tool is designed to steal passwords and obtain registration keys from...
* Internet Explorer
* Mozilla Firefox
* Windows Live Messenger
* Winzip
* PhotoShop 7.0
* Symantec Anti-virus
* No-Ip
* mIrc
* Norton Antivirus
* COD SAGA (Game)
* Burnout Paradise (Game)
* Crysis Wars (Game)
* Counter Strike (Game)
* BattleField2 (Game)
* RainbowSix (Game)
* The Gladiators (Game)

3 comments:

  1. Cool finds... do you recall the old VCL (Virus Creation Lab) tool-kit back in 1998/1999, iirc, when you could write viruses that would do any number of click-to-select items and then custom-encode itself to evade detection? I guess these toolkits are just a natural evolution of that kind of tool... and even further demonstrate how absolutely useless all the virus scanners we have on our machines are.

    Great post. Don't worry about being last-minute... if you're anything like me your best work is probably done last-minute while waiting to present next :)

    ReplyDelete
  2. Wow, those products are from Sharki (Es), what are they doing here?

    LoL, well, SharkI is happy about he's program's are here.

    Cya!

    ReplyDelete
  3. Google Traductor (Sorry) :


    Ollman Hello sir, I first want to say that I have no problem with my programs that you publish on your blog, if there is any misunderstanding .. I respect the law, and no malware against others, if I were to use it on my pc use to determine the uncertainty of the technical failures of antivirus and windows, my tool is one of more of all that is on the net . Please I hope not to encounter problems with the police investigations.

    Greetings!

    ReplyDelete