Spreading Guide
Spreading Guide
Spreading Guide
- Art of camouflage
- Facebook methods
- Youtube methods
- Chatrooms methods
- Massive spam methods
- Advanced methods
(Java drive by)
1. SPREADER'S OPSEC
So, briefly: what exactly is OPSEC? OPSEC, in a nutshell, is � keep your mouth
shut, just don�t say it. The less you say,
the harder it is for people to figure out what you�re doing. You need to guard your
secrets; you need to, basically,
operate on what we call a need-to-know basis � generally speaking, no one needs to
know. The less you tell people, the
better off you are. And you need to work hard so that you never get in a position
where people can blackmail you.
This is reflected later on in another slide, where we say one law at a time.
Basically, you do not want to give people
an opportunity to take control of your actions or your life � it�s a terrible idea.
So, in short � shut the fuck up,
alright? If you don�t say it, then you don�t have to encrypt it or try to protect
it.
So, you need to be careful, you need to be conscious of what you�re doing, and you
need to keep your mouth shut. Again,
the less you say it, the better off you are for it. As always, be paranoid, you
need to be proactively paranoid; paranoia
does not work retroactively. Mistakes you make will come back to haunt you. You
want to be tidy, so you want to make sure
that you don�t leave contraband lying around. In the example of a carder this will
mostly mean things like not leaving
incriminating evidence on your laptop, making sure that your incriminating evidence
is stored on your Jump Box, which
will be the first hub that you reach before you start doing your spreading
activities on the Internet. You�d make
sure that it�s always encrypted, that it�s not left lying around, that it�s not
left in the state where other people can
access it and copy it. You�d make sure that it�s not on your conference laptop, so
that when you go to conferences and
people break into your hotel room and copy your hard drive, they get nothing.
Basically, you need to minimize the amount
of stuff that�s left lying around that other people can find.
On the other hand, do use code words � cryptonyms are much better than being
explicit, so if you�re going to be
discussing a particular spreading activity against a particular target, have a
cryptonym set up for that target so you
could say: �We are carders the hell out of the Achilles�, and not �We are carders
the hell out of Sony�. That way it
creates an additional layer of security so that if your conversation is monitored
and logged, it is harder for people
to understand what�s going on, and it is easier for your defense later on that you
could say Achilles was not Sony,
so that was actually not what we were talking about.
You need to provide less ammunition for people to try and go after you. You want to
make sure that you are not breaking
a large number of laws, that you get busted for one and then they find all your
spreading kit; that would be bad. Similarly,
it�s better off if you don�t do drugs, because, for example, with weed, crystal,
mushies, who got busted in USA, if they
couldn�t get him on a spreading/cracking charge, they got him for drug possession.
They will find a way to get you, so
make it harder for them in that regard. And in general, camouflage is always good.
One methodology for doing OPSEC is, basically, you need to think about how to put
the plumbing in first, so you need to
set up your environment for OPSEC before you actually start doing illegal things.
You need to set up your cover identities
before you start using them.
Recommendation will be that you create a cover; your cover is basically an alias, a
fake identity. Then you need to work
on the legend, which is history, the background and supporting documentation for
that cover. For example, one very famous
cover is the case of the man who never was, which was a guy who died of pneumonia
that was dumped overboard during World
War II next to Spain with fake documents for the D-day invasion; and the idea was
that when found, these fake documents
will be taken as legitimate and would act as disinformation against the Nazis. It
worked: he had 42 pieces of identifying
documentation on him, from ticket stub for a movie to his driver�s license, to his
officer ID. He had a huge amount of
background documentation to act as bona fide, which, basically, made it appear that
he was who he said he was.
Creating a new persona is essential for appropriate OPSEC You need to do the same
thing: having a simple Gmail account is not
sufficient; you�re better off if you create an entire fake persona with a fake
Twitter, fake Facebook, and so on. Even better
if you can get fake photographs which appear to be of some other individual, and
create this entire persona. And then you
become that persona first, so you inhabit that before you create your online alias,
your online usernames, and so on.
And then when you do your spreading activities from your online alias, when that
gets compromised, the person that takes the
heat is your cover, someone who doesn�t exist. And it�s very critical that you
never contaminate. Contamination is when
there is contact between 2 cover identities or 2 aliases, or in this case between
your real identity and your cover persona.
So be very conscious of contamination � avoid it like the plague.
This is actually from the "Ten Crack Commandments" by Biggie Smalls � he has an
excellent guide on how to conduct an illegal
business, or illegal activities, without going to jail. Never reveal your
operational details; don�t tell people how you do,
what you do, or what you are doing. Never reveal your plans: don�t let people know
what you plan on doing or what you intend
to do. Never trust anyone; this particularly goes for people you�re operating with,
they are not your friends, they are
criminal co-defendants. You want to make sure that they are not in the position
that they can do harm to you if they get
busted, and there�s a high likelihood that they will, because they are probably
dumb, that�s why they�re doing what they�re doing.
You need to never confuse recreation activity and spreading activities. Recreation
is shit that you do for fun; spreading activities
should be treated like a real risk businesses, it�s an operation. You need to plan
who you�re going after, you need to pick your
targets, you need to select, you need to actually invest some money and effort into
that, and then when you conduct your
operations, you need to do that in a systematic and logical fashion, and you need
to be careful about how you go about doing it.
If you�re just going around popping boxes because it�s fun, you will go to jail.
Make sure that you are using TOR before you go anywhere else.
Kevin Poulsen�s Kingpin book about the notorious hacker Max Butler And never
operate from your own house. For example,
the Iceman who got popped a while ago, who was documented in the Kingpin book by
Kevin The-hard-to-pronounce-last-name �
he would rent hotel rooms and use those hotel rooms to operate from with a huge Wi-
Fi antenna to hack into neighboring
businesses and then steal their bandwidth to use that. So, that would keep his
house contamination free, free of contraband.
That�s a bit extreme; if you have the capability of doing that, you should do that,
but at a bare minimum you have to make sure
that you are using TOR before you go anywhere else. TOR provides your first level
of anonymity.
However, you are better off just not using your own house.
You need to be proactively paranoid, as I said before. Paranoia does not work
retroactively � you need to plan in advance to be
terrified of getting busted. And you need to work with that in mind all the time
otherwise you�ll make mistakes and go to jail.
You need to keep your personal life and your spreading activities completely
separated. You want to make sure that people
who know about your spreading activities do not know who you are, and the people
who know you personally should not know
that you are conducting spreading activities. It�s dangerous for everyone: if you
want friends, go to the pub; don�t hang
out in IRC and carder channels to meet people, it�s a terrible idea, you will go to
jail.
You want to keep your personal environment contraband free � as I said earlier, you
want to make sure that your own equipment is
kept neat and tidy. You want to make sure that all of the evidence that you�re
generating is not kept on your personal equipment,
that it�s kept on your first Jump Box, on your hot box. It�s not a situation where
if you get busted then it could be used against you.
It�s a situation where if it gets busted, it can also not be used against you. It
shouldn�t be on your person, ever.
Obviously, don�t talk to the police � it�s a dumb idea. And never give anyone power
over you, which, again, is the one law at a
time; or, similarly, don�t let people blackmail you, don�t get into a situation
where there are other people who can control your
actions. If someone else is in charge of your actions, then it�s going to end very
badly � like you have no ability to control your
own life at that point; that�s not where you want to be.
So, you might be thinking: �Wow, that sounds hard. Why do you need it?� Very
simply: it hurts to get fucked. You�re better off going to
the effort now and not going to the pain later, or with the army quote: �The more
you sweat in peace, the less you bleed in war.�
And it�s important to remember that no one is going to go to jail for you.
After you have read and understood the logic behavior required to conduct your
illegal activities you must to know the technicalities
to protect your online footprints that indicates your real identity.
Every computer on the Internet has a unique IP, Internet Protocol, address allotted
to it which makes it possible to trace it back to
its exact location. Even though the concept of Internet Protocol address has been
designed for its transparency and traceability, in
some cases this questions the privacy of the Internet user where one would not like
to reveal his/her identity to the outside world.
All the sites that you visit stores a lot of access information that you do not
know reasons, such as your IP address, DNS, browser,
operating system, MAC address, etc. Your ISP also stores all your Internet traffic
history. All network points where information goes
between you and the final destination are recorded point-by-point. So, any activity
that you do in Internet leaves tons of footprints
for Feds easily trace, profile and catch you sleeping.
To proceed with online illegal activities you must anonymize your footprints. Exist
several methods and tools to mask your IP address,
DNS, O/S, browser, etc, so you need to know and use them always before to do
anything, as fanatic.
Basically, hacked wi-fi or hotspots are the best primary hidden layer (not always
one available, but the best). TOR is another great
layer for anonymization but many websites block TOR connections, so using TOR alone
is worthless sometimes. Others widespread methods
used as layers for anonimyzation are: proxy servers and VPN virtual private
networks.
The first thing to avoid are public "free hacking" because you never will know what
is the real deal behind "free hacking" and
because these tools are easy detected worthless. No one in these high risk illegal
businesses are in the game for charity or just
for colorful virgin idealism. Feds and skids release hundreds of "free hack tools"
randomly in the web, so thousands of dumbasses
becoming infected themselves, then are monitored by Feds or captured in a huge
international botnet or spam campaign. So, beware.
Think of a proxy server as a man in the middle for the Internet. Normally when you
open a website, your PC sends your
IP address to the website, so that it may then send the webpage to your computer.
With a proxy, your information is
being sent to the proxy first, and then the proxy is pulling the website for you,
then forwarding it to you.
This way, on the websites end, they see the IP address of the proxy you used, and
not yours.
Exist different types of proxies: HTTP, PHP, CGI-BIN, SOCKS4 and SOCKS5.
SOCKS proxy servers are more flexible and do not seize you. While HTTP proxy
servers could hide your IP only when
you are browsing a web page, SOCKS proxy servers could help you keep your
information private (your IP) even when
you are using such programs like ICQ, Skype, MSN or even email clients like
Outlook, TheBat, Thunderbird.
SOCKS proxy servers are designed to be used with any protocol you wish.
The number 4 and 5 refers to the version of SOCKS protocol. These two versions are
the most popular and became
wide spread all over the world. The following new features were implemented in 5th
version: various authentication
mechanisms, support of UDP protocol and IPv6. Is better to use always SOCKS5.
As explained before, you should to avoid "free tools", it includes "free proxies"
and "public proxies" or cracked
programs that promise proxy bridge for "free". You can go to "free" option at your
own risk, but it is a red flag.
The safest option is invest some bitcoin to buy private proxies from underground
sellers, always is better to begin
perfectly out of radar. To find good private proxies you need to know trusted
sellers reported by partners that
you trust. You also can buy private proxies in deepweb markets under escrow and
choosing p reviewed vendors.
You can check some sites that sell private proxies in Web. Beware with you OPSEC in
purchases, always use TOR
before to connect and always create fresh email account for registration and
conversation, protect your identity
from the begin to the end. Pay ONLY with bitcoin, never bank transfer, paypal,
Western Union or any trackable payment.
The most important thing before to buy private proxies from any seller is to know
if proxy keep access logs or not.
If they don�t log anything you are safe, if they log you are at risk.
http://vip72.com/
http://sockslist.net/
http://buyproxy.ru/
http://fineproxy.org/eng/
Find a proxy server you want to use. You will need the IP address and port of the
server.
In Firefox, click on internet options
Navigate to the advanced tab and click on Network
Click on button Configure
Enter in the proxy servers IP address and port
Click apply and you're done.
Test your new IP: http://dawhois.com
A VPN provides a secure connection between your computer and the VPN servers. All
communications between your computer
and the VPN are encrypted and sent through a secure tunnel over the Internet,
preventing outsiders from spying on your
web activity. You can securely connect to a VPN service and surf the web from their
servers, using their IP addresses.
There are lots of reasons to use a VPN service such as establishing a secure
connection over an insecure network,
accessing censored or region specific web content, or hiding p2p sharing activity
that is often frowned upon in the US.
But if you�ve made it to DDW you�re probably starting to understand that there are
parts of the web where more nefarious
things happen (which DDW acknowledges but does not condone) and anonymity is of the
utmost importance.
The connection between your computer and the VPN is secure, but the connection
between the VPN and the rest of the web
isn�t. Your activity on the web can be monitored and traced back to the VPN IP
addresses, but cannot be traced back to
your own IP address. When you use a VPN no one can trace your web activity back to
you
A VPN service�s main selling points are security and privacy, but privacy is
interpreted differently among VPN providers.
Just ask former lulzsec member Cody Kretsinger (a.k.a. recursion), how private his
VPN service was.
Kretsinger used a popular VPN called HideMyAss and engaged in activity that linked
him, and his online persona �recursion,�
to several high profile hacks, including unauthorized access to servers controlled
by Sony Pictures. As it turns out HMA
keeps logs of users� IP addresses and logon/off times. A UK court order was issued
to HMA to turn over the logs related
to the offending account, which were then used to identify and arrest Kretsinger.
VPN providers can log web activity over their network, but it is more common to see
VPN providers log users� IP addresses,
logon/off times and bandwidth usage. This logging activity allows providers to
identify individuals abusing the service
for fraud and spam, but in doing so they acquire information that can be used to
identify individual users.
This is why some VPN services go out of their way NOT to log any information that
could possibly identify their customers.
They cannot be forced to hand over incriminating information that they do not have.
Good VPN providers state that they store �personal information� necessary to create
an account and process a payment
(for example: name, e-mail address, payment data, billing address), but state that
they do NOT log users� IP addresses,
logon/off times, or bandwidth usage.
An honorable mention must go out to VPN provider MULLVAD who do not even require an
email address. Visitors to the website
click �create account� and they are given an account number without entering any
information at all.
Use the same procedure to buy anonymous VPN as buying private proxies. Avoid "free
tools", it includes "free vpn" and
"public vpn" or cracked programs that promise "vpn free". You must check sites that
offer anonymous VPN.
Be carefull always with you OPSEC in purchases, use TOR before to connect and
always create fresh email account for registration
and conversation, protect your identity from the begin to the end. ONLY Bitcoin
payments.
The following is a list of ten VPN providers who openly state that they do not log
any information that may be used to identify
anyone using their VPN service. To be considered as a privacy focused VPN provider
the service must have the following
qualifications:
- Does NOT log any information that could be used to identify the user.
- Requires minimal personal information to sign up.
- Accepts cryptocurrency.
https://mullvad.net/en/
https://btguard.com/
https://nordvpn.com/
http://torguard.net/
http://www.octanevpn.com/
You should to avoid, like you avoid AIDS, any US based companies like, google
search, gmail, google plus, yahoo, facebook, bing, MSN,
Skype, paypal to conduct your communications or you will be easily intercepted and
shared with FEDs. You can be tracked by "cookies"
from these companies also so you must to be very alert if your system is fully
clean BEFORE to proceed with anything illegal.
2. ART OF CAMOUFLAGE
After understood the most important step, the Opsec, and how to hide your identity,
the second step is to know a little
how to hide the attack itself. To get a high rate of return in your "malware
spreading campaign" you need to understand
the protection technologies that your targets use to protect themselves. Generally,
antivirus work by splitting source
code of application and then search for certain string within source code. If
antivirus detects any certain malicious
strings, it either stops scan or deletes the file as virus from system and malware
campaign is lost.
Crypters are programs used to hide viruses, keyloggers, bots or any malicious tool
from antiviruses so that they are not detected
and deleted by antiviruses. Thus, a crypter is a program that allow users to crypt
the source code of their program. Crypter
simply assigns hidden values to each individual code within source code. Thus, the
source code becomes hidden. Hence, our sent
crypted trojan and virus bypass antivirus detection and our purpose of hacking them
is fulfilled without any AV hindrance.
Not only does this crypter hide source code, it will unpack the encryption once the
program is executed.
FUD is acronym for Fully UnDetectable. With increased use of Crypters to bypass
antiviruses, AV became more advanced and started
including crypter definitions to even detect crypter strings within code. So, use
of crypter to hide Ardamax keylogger and RATs
became more complicated as nowadays, no publicly available crypter is FUD. So, if
you crypt RATs with publicly available crypters,
they are bound to be detected by antiviruses. This is because most FUD crypters
remain "FUD" for maximum of one or two days after
their public release. To obtain FUD crypters, you have to either search for it in
hacking forums or code by yourself your own.
Binders are programs used to bind or combine two or more files in one file under
one name and extension. The files to be binded can have
any extension or icon. The user has choice to select the name, icon and various
attributes of binded file. If binded file contains an
application ( RAT or Keylogger), the application is also run when the actual binded
file is run. Generally, RATs and keyloggers are
detected by most antiviruses. Also, you can't send victim a RAT or keylogger and
ask him to install it on his computer. So, you have
to bind that RAT or keylogger with say image, movie or song (any file depending on
target profile) and then ask him to run this binded
file on his computer.
Packers are programs that will do just compress, effectively rendering your anti-
virus software useless at defending against known Trojans.
Packers are compression tools that compress win32 .EXE files, and actually change
the binary signature of the executable. The resulting
compressed executable can bypass any static anti-virus scanning engine (because the
virus signature is compressed).
Exist dozen of crypters, binders and packers "for free" in the web, but you need to
remember that ANY PUBLIC TOOL is also known by
antivirus companies and it will be easy detected. Public hacking tools are WASTE OF
TIME. Attack like a boss and invest money in your
campaign acquiring good private hacking tools that contain all in one crypter-
packer-binder and you will have high return rates.
Don't forget to know if crypter/binder/packer supports the code language that RAT,
trojan, bot, keylogger was developed.
2.1 PRIVATE CRYPTERS
To find good private crypters you need to know trusted coders/sellers reported by
partners that you trust. You also can buy private
crypters in deepweb markets under escrow and choosing top reviewed vendors. You
must to avoid at all cost to buy crypters from forums
like HF (Hacking Forums) or HBB (HackBB) almost every crypter that's sold is re-
brand of a previous crypter whose source has been
sold or leaked so obviously it is easy detectable resulting worst of time.
You can check some sites that sell private crypters in Web. Beware with you OPSEC
in purchases, always use TOR before to connect
and always create fresh email account for registration and conversation, protect
your identity from the begin to the end.
Pay ONLY with bitcoin, never bank transfer, paypal, Western Union or any trackable
payment.
http://www.softcrypter.com/
http://www.crypters.org/
http://hacksociety.net/Thread-DaVinci-Crypter-40-SALE-C-11KB-FUD-Scantime-Runtime-
No-Dependencies
Method 1...
MySpace
Sign up at Myspace.com
Make a sexy name.. like Christina Johnsson..
And When you are done.. Change the profile picture to some sexy bimbo chick.
As Profile Info.. Write that you are single and that you are modelling.. etc.
etc. and soon enough people will add you. (Hopefully Guys :P ).
Tell them that you have made a portfolio and you want them to try it out. Send
your RAT/Bot/Keylogger server to them... Make sure they runs it.. and there you go,
A slave... now do this to many peoples and you will get many victims =)
Method 2...
Chatrooms
Youtube
Sign Up Here.
After That, Make a video.. With an fake program. You can easily steal one from
someone else by writing OK infront of youtube. Example:
http://www.OKyoutube.com/Watch-291209dsa.
Get comments from friends saying that it works.. etc. etc.
And After A While You Will Get Views And Downloads =)!
Method 4...