Your Ad Here Your Ad Here
Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Alt.binz users beware! You have been comprimised

  1. #1
    SonsOfLiberty's Avatar The Lonely Wanderer
    Join Date
    Dec 2008
    Location
    Capital Wasteland
    Posts
    24,011
    Alt.binz users beware! You have been comprimised

    Newsflash for all those ppl that have started various "cracked" versions of Alt.Binz floating on the usenet: They are ALL trojan infected. All firefox, IE, IM, steam passwords are collected and uploaded to attackers site.

    Zerosec staffers are responsible for the infected uploads, check sources because you already don't believe this probably??

    However we are not that bright so we left our cpanel login data in our leet script so our server got pwned with all logins and some zerosec stuff.

    [#altbin@EFNet]-[Full]-[Alt.Binz.v0.31.1.WinAll.Multilingual-CRD]-[0/8] - "crude.nfo" yEnc

    [#altbin@EFNet]-[Full]-[Alt.Binz.v0.31.1.WinAll-iND]-[2/7] - "Alt.Binz.v0.31.1.WinAll-iND.par2" yEnc

    [#altbin@EFNet]-[Full]-[Alt.Binz.0.31.1.WinALL.Cracked.REAL-CzW]-[2/7] - "czw.nfo" yEnc


    So if this is you? Is it? Looks like Zerosec has some explaining to do?

    Still don't believe? Check sources.

    Source: Zerosedc staff are a bunch of MF stealers Homepage: alt.binZ
    Last edited by SonsOfLiberty; 06-24-2009 at 01:18 AM.

  2. News (Archive)   -   #2
    n00bz0r's Avatar Say what? BT Rep: +5
    Join Date
    Apr 2009
    Location
    Shangri-La
    Posts
    2,225
    Torrents and trackers give me a healthy dose of e-drama to keep me entertained.
    About time newzbin followed suit.

  3. News (Archive)   -   #3
    SonsOfLiberty's Avatar The Lonely Wanderer
    Join Date
    Dec 2008
    Location
    Capital Wasteland
    Posts
    24,011
    You mean Usenet? Newzbin is a indexing site
    [center]

  4. News (Archive)   -   #4
    n00bz0r's Avatar Say what? BT Rep: +5
    Join Date
    Apr 2009
    Location
    Shangri-La
    Posts
    2,225
    yeah..Usenet
    /me never had a good reason to use usenet.

  5. News (Archive)   -   #5
    This stuff seems to avoid virus scanners apparently.

    I'm fairly sure I'm not using the compromised version, not the one from that post anyway, but how can I check and if needed, remove the trojan?
    ESET doesn't see anything wrong with it.

  6. News (Archive)   -   #6
    Poster BT Rep: +1
    Join Date
    Dec 2008
    Posts
    30
    I do this sort of thing with rapidshare downloads, bind the client with a crack, virtually undetectable, person clicks said crack ?????? PROFIT!

  7. News (Archive)   -   #7
    SonsOfLiberty's Avatar The Lonely Wanderer
    Join Date
    Dec 2008
    Location
    Capital Wasteland
    Posts
    24,011
    Quote Originally Posted by srw985 View Post
    This stuff seems to avoid virus scanners apparently.

    I'm fairly sure I'm not using the compromised version, not the one from that post anyway, but how can I check and if needed, remove the trojan?
    ESET doesn't see anything wrong with it.

    ESET does too, I soon as I extracted it it detected trojan.
    [center]

  8. News (Archive)   -   #8
    with trojans such as this, even if it manages to get onto your computer will software such as kaspersky pick it up before it lets the trojan activate?

    how has this software got out, im confused - has the groups released software with trojans packed?

  9. News (Archive)   -   #9
    SonsOfLiberty's Avatar The Lonely Wanderer
    Join Date
    Dec 2008
    Location
    Capital Wasteland
    Posts
    24,011
    My firewall blocked the attempt, and asked for to connect to xxx.xxx and my firewall doesn't let anything out unless ok'd, and it's got a one of the best leak tests out there (Comodo). Plus it was a temp file asking for access not alt.binz because I truly wanted to see what was going on.
    [center]

  10. News (Archive)   -   #10
    newsgroupie
    Join Date
    Mar 2007
    Posts
    1,038
    Here's a Virustotal analysis:

    http://www.virustotal.com/analisis/0...ecf-1245784956

    Code:
    File altbinz.exe received on 2009.06.23 19:22:36 (UTC
    Current status:  finished
    Result: 22/41 (53.66%)
    
    Antivirus  	Version  	Last Update  	Result
    a-squared	4.5.0.18	2009.06.23	Riskware.PSWTool.Win32.Messen!IK
    AhnLab-V3	5.0.0.2	2009.06.23	-
    AntiVir	7.9.0.193	2009.06.23	DR/PSW.NetPass.FV.4
    Antiy-AVL	2.0.3.1	2009.06.23	PSWTool/Win32.NetPass.gen
    Authentium	5.1.2.4	2009.06.23	W32/Virut.AI!Generic
    Avast	4.8.1335.0	2009.06.23	-
    AVG	8.5.0.339	2009.06.23	Dropper.Small
    BitDefender	7.2	2009.06.23	-
    CAT-QuickHeal	10.00	2009.06.22	-
    ClamAV	0.94.1	2009.06.23	-
    Comodo	1401	2009.06.23	-
    DrWeb	5.0.0.12182	2009.06.23	Tool.PassView.117
    eSafe	7.0.17.0	2009.06.23	Win32.PSWTool.NetPas
    eTrust-Vet	31.6.6575	2009.06.23	Win32/Inpect.10
    F-Prot	4.4.4.56	2009.06.23	W32/Virut.AI!Generic
    F-Secure	8.0.14470.0	2009.06.23	PSWTool.Win32.NetPass.fv
    Fortinet	3.117.0.0	2009.06.23	HackerTool/Multidr
    GData	19	2009.06.23	-
    Ikarus	T3.1.1.59.0	2009.06.23	not-a-virus:PSWTool.Win32.Messen
    Jiangmin	11.0.706	2009.06.23	-
    K7AntiVirus	7.10.768	2009.06.19	-
    Kaspersky	7.0.0.125	2009.06.23	not-a-virus:PSWTool.Win32.NetPass.fv
    McAfee	5655	2009.06.23	MultiDropper-BU
    McAfee+Artemis	5655	2009.06.23	MultiDropper-BU
    McAfee-GW-Edition	6.7.6	2009.06.23	Trojan.Dropper.PSW.NetPass.FV.4
    Microsoft	1.4803	2009.06.23	-
    NOD32	4181	2009.06.23	probably unknown CRYPT.WIN32
    Norman	6.01.09	2009.06.23	-
    nProtect	2009.1.8.0	2009.06.23	-
    Panda	10.0.0.16	2009.06.23	-
    PCTools	4.4.2.0	2009.06.22	-
    Prevx	3.0	2009.06.23	Medium Risk Malware Dropper
    Rising	21.35.14.00	2009.06.23	-
    Sophos	4.42.0	2009.06.23	Mal/Generic-A
    Sunbelt	3.2.1858.2	2009.06.23	VIPRE.Suspicious
    Symantec	1.4.4.12	2009.06.23	-
    TheHacker	6.3.4.3.351	2009.06.22	-
    TrendMicro	8.950.0.1094	2009.06.23	-
    VBA32	3.12.10.7	2009.06.23	-
    ViRobot	2009.6.23.1800	2009.06.23	Not_a_virus:PSWTool.Messen.2343936
    VirusBuster	4.6.5.0	2009.06.23	Win32.Vundo.EX
    
    
    Additional information
    
    File size: 2343936 bytes
    MD5...: ef8bc3ea83f3989c4b8c196f65c3a4bf
    SHA1..: 753e0e7e77f9f1ebed85929f9099a669a88aee13
    SHA256: 08d8af59c3c2ec6d2814be7eeb5f3037b1a8de9f6ae9c889a0a45feb8c758ecf
    ssdeep: 49152:3zWSyrROgSo0R1OJgna0CAup3a2CFUlhnQycgI8y5AP0jveNU:3zWhRjCn
    G3aIVQFJYg
    PEiD..: -
    TrID..: File type identification
    Win32 EXE Yoda's Crypter (64.5%)
    Win32 Executable Generic (20.7%)
    Win16/32 Executable Delphi generic (5.0%)
    Generic Win/DOS Executable (4.8%)
    DOS Executable Generic (4.8%)
    PEInfo: PE Structure information
    
    ( base data )
    entrypointaddress.: 0x4760bc
    timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
    machinetype.......: 0x14c (I386)
    
    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    0x1000 0x32c000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    0x32d000 0x13b000 0x13a800 8.00 82dada95a1a5032c894e315af113d144
    .rsrc 0x468000 0x102000 0x101800 7.99 1404b74b6b616af57b377b1b9bc5f7db
    
    ( 15 imports )
    > KERNEL32.DLL: GetTempPathA, GetTempFileNameA, CreateFileA, WriteFile, CloseHandle, GetStartupInfoA, CreateProcessA, GetModuleHandleA, LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
    > advapi32.dll: RegFlushKey
    > comctl32.dll: ImageList_Add
    > comdlg32.dll: ChooseFontA
    > crypt32.dll: CertFreeCertificateContext
    > gdi32.dll: SaveDC
    > imm32.dll: ImmGetContext
    > ole32.dll: DoDragDrop
    > oleaut32.dll: VariantCopy
    > shell32.dll: DragFinish
    > SHFolder.dll: SHGetFolderPathA
    > user32.dll: GetDC
    > version.dll: VerQueryValueA
    > winmm.dll: PlaySoundA
    > winspool.drv: OpenPrinterA
    
    ( 0 exports )
    PDFiD.: -
    RDS...: NSRL Reference Data Set
    -
    packers (Kaspersky): UPX, UPX, UPX, PE_Patch.UPX, UPX, UPX
    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=4EAE4F40006F3399C4D023C86CF809001ADD86A1' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=4EAE4F40006F3399C4D023C86CF809001ADD86A1</a>
    As you can see, only about half the anti-virus apps flagged it.
    Last edited by zot; 06-23-2009 at 07:42 PM.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •