Feedback
The other day, looking for ways to leak the passwords of Diablo III players, the developers at AVG Technologies found themselves in an amusing situation. In the process of debugging the code of the found Trojan, an embedded chat window appeared on the screen with a question in Chinese: “What are you doing? Why are you studying my trojan? What do you want from him? ”
As already mentioned, the virus was detected during an investigation into the password leakage of Diablo III users. Initially, it was posted in the “How to farm Izual in Inferno” format in the rar-archive video instructions. Inside the classic scheme is an executable file with the default media player icon and its companion disguised as a readme. Actually, it is clear why he was found so quickly.
')
Programmers Franklin Zhao and Jason Zhou were dragged into the conversation. "I did not know that you can see my screen." To which the attacker replied: "I would like to see your face, but, unfortunately, you do not have a camera." Further study of the virus showed that the backdoor did allow to monitor the screen of an infected computer, control the mouse, view running processes and modules, and even control the camera.
Programmers pretended to be newbies and tried to order a job from a hacker. However, he did not succumb to the provocation and remotely turned off their computer. Further work on the virus with built-in chat showed that it is not related to Diablo III, but was intended to steal usernames and passwords for dial-up connections.
“Sounds like the plot of the film, but it's true. We are familiar with the malware and fight it daily. However, chat with a hacker in real time does not happen very often. Next time we will be on our guard, ”wrote the programmers in the company's blog .
As already mentioned, the virus was detected during an investigation into the password leakage of Diablo III users. Initially, it was posted in the “How to farm Izual in Inferno” format in the rar-archive video instructions. Inside the classic scheme is an executable file with the default media player icon and its companion disguised as a readme. Actually, it is clear why he was found so quickly.
')
Programmers Franklin Zhao and Jason Zhou were dragged into the conversation. "I did not know that you can see my screen." To which the attacker replied: "I would like to see your face, but, unfortunately, you do not have a camera." Further study of the virus showed that the backdoor did allow to monitor the screen of an infected computer, control the mouse, view running processes and modules, and even control the camera.
Programmers pretended to be newbies and tried to order a job from a hacker. However, he did not succumb to the provocation and remotely turned off their computer. Further work on the virus with built-in chat showed that it is not related to Diablo III, but was intended to steal usernames and passwords for dial-up connections.
“Sounds like the plot of the film, but it's true. We are familiar with the malware and fight it daily. However, chat with a hacker in real time does not happen very often. Next time we will be on our guard, ”wrote the programmers in the company's blog .
Source: https://habr.com/ru/post/146278/
All Articles