Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Script kiddies making rogues for fame and not profit


  • Please log in to reply
21 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,472 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 06 April 2010 - 08:36 PM

A new trend in 2010 has been the creation of fake fake anti-spyware programs as a way for script kiddies to show off their supposed skills. You might wonder why I called them fake fake anti-spyware programs. This is because these programs are not being created to make money, like a normal rogue, but are rather created to emulate one so these kids can show off.Recently we have seen a bunch of programs being promoted through youtube that state that they are anti-spyware programs. In reality, though, when they are installed they are cheap imitations of rogue anti-spyware programs. What was even more strange is that when we first started analyzing them, when you clicked on the registration page it didn't go anywhere. As more and more of these rogues were released, and as none of them seemed to be motivated to make any actual money, it was determined that these rogues were being released solely for script kiddies to show off their skills.One thing about true rogues, as I call those that are created for monetary gain, is that in many ways they are elegant, sophisticated pieces of software that look appealing to the eye. These script kiddy rogues, though, are anything but that. There are spelling mistakes everywhere, GUIs that look like they have been chopped up and integrated from various rogues, and behaviour that does not match what a button may indicate. It is also theorized that some of these rogues are not even being created by hand, but rather being churned out through a Virus Maker programs that contains a Fake Alert/AV template.
 
Just because these are copycats does not mean, though, that they do not pose some risk to users. One of the first of these that I analyzed was called AntiVirus and was released around March 26th, 2010. I wrote a guide on it and surprisingly there are over 4,000 views of it. Therefore, this fake fake rogue must have been circulating somehow and infecting users. When analyzing this creation, it felt off. For example, the ransom note gave an email of goldenpayments2010@yahoo.com and said to send them $5 to remove the infections the rogue found. Its rare that we see ransoms like this with rogue software and when we have they are typically more sophisticated like FileFix Professional.

The writer of the Anti-Virus rogue was even contacted at the above email and sent a response further confirming that these are just script kiddies at play:

"it was a simple project that I posted on my youtube channel... Other ppl have been using though and distributing it.. im sorry if you got infected,"

Further searching on youtube.com generates a long list of videos where other people are showing off their "skills" at creating fake viruses, including rogues. As if we did not have enough on our plate with the amount of new malware generated per day, we now have to deal with kids, with way too much time on their hands making more viruses and more work for us.

Some examples of these types of rogues that have been released are Anti-Virus, XP Micro Antivirus, and User Antivirus 2010.







BC AdBot (Login to Remove)

 


#2 starcraftmaster

starcraftmaster

  • Members
  • 1,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:australia
  • Local time:04:59 AM

Posted 06 April 2010 - 10:43 PM

I show off my skills when the IT teacher doesn't know how to do some thing on the computer lol

#3 carri

carri

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:06:59 PM

Posted 07 April 2010 - 10:37 AM

Naughty kiddies! They need their privileges confiscated and grounding for 12 months!!! Thanks for the information Grinler.

Starcraftmaster - if you got it flaunt it - but don't hurt the teacher's feelings :thumbsup:
Posted Image
Hug someone today and get on their nerves!

#4 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • BC Advisor
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:11:59 AM

Posted 07 April 2010 - 12:14 PM

Damn kids.... :trumpet: Thanks for the info, Grinler.

I show off my skills when the IT teacher doesn't know how to do some thing on the computer lol

Haha..yeah, I always feel bad when the teacher can't work the piece of technology he's attempting to use (projector, computer, PowerPoint, etc..). I feel bad watching him flounder up there with no idea what to, but I also feel bad showing him up with one click/keystroke. :flowers: :thumbsup:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#5 Skydie

Skydie

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 08 April 2010 - 06:15 AM

Hehe at school people have been making many text boxes using .vbs with things like "I love you". I show up these noobies with .bat spamming command prompt ;) - silly I.T admin allows any file to be placed in the network. But any decent anti-virus should be able to stop a command which is prompting to format the hard drive. Atleast these .bat mess around files can't be transfered by email (I tried on a friend because he thought my code failed - showed him afterwards on the school network) :thumbsup: I really think though more 'kiddies' will be infected watching youtube videos on how to create these fake anti-viruses and download some trojan etc. Youtube can distribute alot of malware if you disguise it well enough.

Edited by Skydie, 08 April 2010 - 06:16 AM.


#6 esswired

esswired

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 08 April 2010 - 07:28 PM

Where do those of us who have it turn? I used rkill and I still seem to have something reaching out to bogus sites.

#7 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • BC Advisor
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:11:59 AM

Posted 08 April 2010 - 07:56 PM

Where do those of us who have it turn? I used rkill and I still seem to have something reaching out to bogus sites.

I see you have an AII topic here: http://www.bleepingcomputer.com/forums/t/307826/internet-access-interfering-malware/

Please continue to follow the directions given to you there in order to continue the removal process.

Good luck. :thumbsup:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:59 PM

Posted 09 April 2010 - 09:42 AM

If those script kiddies really want to show off I have an idea.

Let them make rogues that for a chance really detect and fix malware, THATS showing off :thumbsup:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 carri

carri

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:06:59 PM

Posted 09 April 2010 - 10:11 AM

Elise those are kiddies not so smart :thumbsup:
Posted Image
Hug someone today and get on their nerves!

#10 esswired

esswired

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 09 April 2010 - 01:47 PM

Where do those of us who have it turn? I used rkill and I still seem to have something reaching out to bogus sites.

I see you have an AII topic here: http://www.bleepingcomputer.com/forums/t/307826/internet-access-interfering-malware/

Please continue to follow the directions given to you there in order to continue the removal process.

Good luck. :thumbsup:


Thanks. I am pursuing . . .

#11 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • BC Advisor
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:11:59 AM

Posted 09 April 2010 - 07:19 PM

Keep the faith, esswired. techextreme will get you fixed up. :thumbsup:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#12 Densuo

Densuo

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 09 April 2010 - 09:37 PM

I guess since they can't get any they gotta ruin someones day.

I can't stand people that do crap like this. Be it fake or fake-fake.

#13 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:59 PM

Posted 10 April 2010 - 06:41 PM

If those script kiddies really want to show off I have an idea.

Let them make rogues that for a chance really detect and fix malware, THATS showing off :thumbsup:

I guess the problem is that we as malware removers don't flaunt our skills while people who write virusses do. It's more a question of attitude.

"I wrote a virus!"
"Cool!"

As opposed to..
"I removed a virus!"
"Don't all antivirus programs do that?"

Shame really. Such a waste of skill.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#14 Densuo

Densuo

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 11 April 2010 - 11:52 AM

I've been wondering if people that do this ever go to jail. Is there even a way to cathch people that do this stuff?

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:59 PM

Posted 11 April 2010 - 12:05 PM

Not a rogue writer, but cyber criminal anyway, see here.

Edited by elise025, 11 April 2010 - 12:05 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users