|
Beware!: BEWARE!!! Armageddon has been unleashed! |
|
|
systems and learning about the 4004, I was party to a conversation held by
my mentor.
Armageddon
Armageddon is a concept, rather then an actual cog.
Although new to computers at the time, and this was over 20 years ago, I did understand the concerns being pondered, and they were frightening.
As the conversation wound down, I was relieved to learn, that while the
very idea was viable, the reality was, it couldn't and wouldn't happen.
The reason that Armageddon couldn't be done, was that computers were
simply not powerful or fast enough to carry this out;
And the reason it wouldn't be done, is that programmers and electronic
engineers were to clever to ever create a computer that could allow such a
thing to happen.
But as I prepared to leave that night, my mentor said something that has
stuck with me all these long years...
Never trust anyone over 30, as their perspectives have changed such that
they can no longer see the dreams or follies of their youth.
While I don't take his words of wisdom as literal, I do find them all too
often to be correct.
Hear we are, all these long years later, and the nightmare has been made real.
Computers are now both fast and powerful enough.
Companies such as M$ have created leading OS's full of security holes.
Programmers mass produce bloatware.
And all of this, had made the unthinkable, possible.
The concept of Armageddon is thus:
to create an attack program, that contained a computer intelligence which
could deliver multiple simultaneous attacks.
It could defend itself as well as attack defenses.
It would be able to move around and change its appearance.
It would be devastating!
As RAM, harddrives and faster electronics came to be, this concept neared
a reality.
For years now, we who understood this threat, have warned programmers and
those responcible for (in)security, about this threat.
For years, we have been ignored, made jest of, or understood far too late.
Now, it is too late.
With script kiddies putting together code without needing to understand it;
with bloatware being accepted as standard;
with computers being pushed harder and faster to handle this bloatware;
with packers and stenography an everyday occurrence...
and with security firms being both ignorant as well as arrogant;
Armageddon has been unleashed!
The package I received, from sources I need not disclose, is only a
sampling of things to come.
The program I received is a PC, space shooter game.
It is a single executable.
No installation is needed.
No registry is used.
(The game is rather enjoyable.)
As I was forewarned of what to expect, I ran this program on a computer I
have set up for the sole purpose of testing.
This computer runs Norton's security suite, McAfee's security suite, AVG,
Panda and PCcillin.
It also has ZoneAlarm and Tiny Personal Firewall.
Also, Trojan Defence System, Pest Patrol and various anti-spyware programs.
A manual scan prior to running the executable revealed no threats by any
of the security programs!
TPF did ask if I wanted to launch the game, but once accepted, so too was the entire package.
The executable, really doesn't matter what so ever;
what is important is the tool used.
BitchSlap, UltiMATE, and Global Destroyer are just a few of the
names given to a software tool that nearly anyone can use.
The software is the same, the only difference is in the GUI.
From what I can tell, each was produced by different groups.
As such, I don't even know the parent name of the original package.
What it allows one to do, is to point and click to an executable to infect.
Next, choose an icon, if you opt not to use the programs default icon.
Next, select your virii, trojans, scripts, etc.
The program then asks for an output file name.
It then bundles all selected files into the executable with the option for
a launch order.
You can have the main executable launch first or last.
You can have all files launch at once or in a selected order.
Your choice.
Then, all files are bundled.
A small data file is also bundled into the executable.
Then, a stenography program is stored into the executable.
Next, a wrapper is placed around the bundle and thus becomes the real executable.
When you view the executable, it has the original programs version
information, icon, and supposed requirements (if any).
Finally, the whole thing is converted to a packed executable.
An option in this tool, allows you to add on X number of bytes to the
final executable to make it appear bigger then it really is.
Why?
Consider this...
You have an exe. You bundle the steno virus into it. By the time it is
packed, it is smaller then the original exe. So, you add on some dummy
bytes and the new infected exe is now the same size as the original exe.
Of course, if you add a lot of virii and or trojans, etc., the size will
exceed that of the original exe. You can't trim bytes needed.
Fortunately, the tool will calculate for you, the size of the final packed
exe and allow you to adjust its size based on that calculation.
Ergo, what you have in the end, is a single executable that appears to be the same size, has the original icon, does what the real exe would do, is encrypted to prevent security software from identification, can launch stealth any package you put into it, and can be assembled by almost anyone.
I should add, this tool could be used to put together good packages too.
Imagine launching a slew of antivirus programs with the click of one icon.
The game I received, contained 8 trojans (including 2 backdoor type), 8
virii, 2 scripts designed to disable a slew of antivirus and firewalls.
When launched, the scripts take out the security, the virii and trojans
are launched, some using timebomb delays, and then the game runs.
By the time the games title screen displayed, the computer was already the
living dead.
The DMZ I have, captured outgoing data contain enough information to take
control over it.
The virii were aiding the trojans to relocate, capture and hide data.
One virii, contains data to mutate the others to help aid in cloaking.
One trojan was a keylogger.
All launched silently and do not appear in the procs listing.
Were I not forewarned, I would have never know.
Reinstalling the AV and scanning did reveal the presence of some of these bugs... but I would not have know that the AV need to be replaced and by then, the damage was already done. Not to mention, I still wouldn't have known how the bugs got into the system. Next time I ran the game...
The original game exe, the bugs, and the tool used to put the entire
package together, total 1.2 Mb
This is small enough to fit onto a single floppy disk.
Oh, and did I mention, a Mac and Linux version of this tool are available?
The time of warning is over, now it is time to pay the piper.
Unfortunately, this tool will be used for damaging purposes and by people
who most likely have virtually no comprehension of its significance.
Even more unfortunately, nothing of significance was done to prevent it.
"
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 2
Votes: 2
|
|
|
