Point and Click Cracking

An anonymous reader writes "Washingtonpost.com is running a story about a number of botnets and keylogger operations being controlled by Web-sites with point-and-click type front-end software interfaces. The sites mentioned in the story look like fairly slick PHP pages designed to sort through password data from keylog victims and update infected computers with new code or instructions. From the story: 'The hacking software also features automated tools that allow the fraudsters to make minute adjustments or sweeping changes to their networks of hacked PCs. With the click of a mouse or a drag on a pull-down menu, users can add or delete files on infected computers.'"

Most of the problem is the users

[solarbob]

Most of the reasons PC's get hacked now days is that end users are still clicking on the links in phising emails and then holes in the browser being exploited. Surely it wouldn't take much for the main browser makers to put in a user idiocy filter to just say aren't you being a bit silly? Of course user education would be best but there will always be a certian newbie segment who are on the internet for the first time and will keep doing this. That software though does look pretty comprehensive

Re:Most of the problem is the users

[G)-(ostly]

Actually, a lot of the time a browser hole isn't required at all. Users are actually still downloading applications that are just applications that function in a malicious way, with full rights actively given by the user to use the system resources for ill.

After all, once an OS is running something bound to a port, how is it supposed to know whether or not you're an idiot who just installed a keylogger or trojan, or a competent user running some sort of legitimate server software? It can only warn you so much before there's just nothing else that can patch the hole, except maybe some tape over your head.

At this point, browsers warn people, operating systems warn people, firewalls warn people and virus scanners worm people, and they still just have to run that trojan software for whatever pointless whizz-bang effect it adds to their mouse cursor or emails.

Re:Most of the problem is the users

[G)-(ostly]

It's not going to work. People don't know how to use warnings in the physical world properly. Look at warnings provided on the road. How many people ignore Yield signs and try to merge right into oncoming vehicles? How many people just blow right through a blinking yellow without thinking? How many people just blow out of parking lots or driveways? How many people actually look to see if a train is coming before they cross tracks with a warning light and bar?

It's a matter of risk/reward that's inherent in human nature. If 99 times out of a hundred you approach a crossing with a light and bar there's no train coming when there's no lights, you're going to get used to that. Of course, that one time you come along and the lights are broken, you're going to die, but that's the risk/reward. You're taking the 1% chance that you'll get killed by an unannounced train and comparing it to the fact that you'll have to do the extra work of slowing down, looking and speeding back up for nothing 99% of the time.

People just don't take serious warnings seriously unless there's a very good chance that they could be harmed by not following them. It doesn't matter how serious the consequences if they occur too infrequently to stay fresh in one's mind.

Sure, why wouldn't it?

[Enigma_Man]

I often migrate things to web-interfaces that were previously shell scripts. It's more convenient, 'cause I can do the things I need to do from any browser without having to ssh in (which isn't always a possibility, rare, but it does occur). Also, it's easier to show to other people without giving away a shell account. Also also, it's easier to show to people who aren't "in the know" because it looks like something.

-Jesse

Stupid Innuendo

[Bios_Hakr]

Here's what I hate about news. It's all about alluding to something powerful and blinding the users with innuendo.

Stop mincing your words and just say it. Stop telling people about "some website" where "evil hackers" can "point and click" to crack your passwords. Just fucking say Rainbow Crack.

It really fucking gets my goat when someone claims to have secret knowledge. What harm could have come from just saying Metasploit or Rainbow Crack? The evil doers already know. Give JoeUser actual knowledge and let him decide for himself.

Stop pretending that you know something and the public can't be trusted with it.

The *real* killer distributed application?

[MoralHazard]

I'm sure someone has made this point already, but technological advances have a way of finding their maximum profitable use, regardless of how the original inventors intended their innovations to be used. I think these botnets are a similar phenomenon.

Case in point: Thomas Edison originally conceived of the phonograph as a tool for dictation, teaching children from recorded lessons, and a few other specific apps. You know what he never, ever thought of? Recorded music. And yet, that is the killer app that made his invention a common household object and birthed one of the most successful commercial fields of the 20th century--the whole music industry as we know it wouldn't exist without the phonograph.

We saw the same thing with the Internet, when a bunch or DARPA eggheads (no offense, I love you guys) built an academic network that turned into what may prove to be the newest and most effective mass media tool in the history of the human race. I seriously doubt that anyone involved in the original research, or even anyone engineering TCP/IP networks in the 70s and 80s, imagined what would happen after 1990.

In the same fashion, botnets manage to apply the same basic technologies pioneered by Seti@home, distributed folding, and all of the other "beneficial" distributed computing projects that have wrung work out of the combination of 1) the popularity of the Internet, and 2) the unharnessed cycles, disk, and network I/O bandwidth of all those overpowered word processors around the world. And it's arguable that the economic productivity (at least to a few criminal types) of the botnets is overwhelmingly more than the cash made by all the originators of the concepts (yeah, I know, they're nonprofits, sheesh).

It's kind of a shame that the killer app of distributed ad-hoc networks is so generally harmful, but that's the way the cookie crumbles. Get a firewall, install you patches, and hope to God that nobody targets you with a DoS attack.

Why do people write these?

[failure-man]

One thing I've always wondered about script kiddies: who writes their tools for them, and why? What does the actual black hat get out of the deal? It's not like script kiddies pay for things.

Is it for fame? Signal-to-noise manipulation? Are the little fuckers getting "0wn3d" by backdoors in their "1337 h4x0r t00lz"?

Or is it something else entirely?

System Admins

[Herkum01]

I don't get it. How can these Hackers get this tools that do all these great things, and as a system admin I cannot get a application bundle and installed without having to try and move the Rock of Gibraltar.

Considering as a system Admin, I would have more time and a higher budget, you would think some corporation would make some better tools to handle the more common tasks like managing and updating applications on workstations. Instead I get to read how a hacker can control thousands of machines through a configuration more complicated than Enron's accounting procedures all with a click of the button.

Life just ain't fair.

Re:System Admins

[Kjella]

I don't get it. How can these Hackers get this tools that do all these great things, and as a system admin I cannot get a application bundle and installed without having to try and move the Rock of Gibraltar.

Well, I imagine the hackers don't give a flying fuck if it fails on 10% of the machines or how much it breaks, since it's all about numbers and it hardly matters which ones that works. If on the other hands it is the fscking machine you're trying to upgrade and instead it hoses the box, I think you might be slightly more annoyed.

For thos interested....

[UnidentifiedCoward]

The >Washington Post is so kind as to hide the identity of website from which they took the screenshots from which they referenced in the article can be easily located with a simple google search...

The software -- viewed by a reporter on one of the sites, which washingtonpost.com is not naming because it remains active -- displays detailed graphs showing the distribution of victims by country. At time of this publication, the site harboring Frost's information was receiving a stream of illicit data from a network of roughly 3,000 infected PCs mostly located in Spain, Germany and Britain.

Oh and here is a feature breakdown from a Russian bulletin board:

In English...

- Invisibility in system
- Implementstion of software FireWalls leak
- Implementation of Polymorthic algorithm
- Implementation of AV Software vulnerability: AV Bases Update Breaker
- Socks5 Proxy Server
- FTP Server
- KeyLogger
- Clipboard Logger
- Implementation of WebMoney Keeper leak: WebMoney Grabber
- Implementation of E-gold security system leak
- Protected Storage Grabber
- Far FTP, TotalCommander FTP, The Bat Passwords Grabber
- Sends logs/files to http server
- Web-based Remote Control
- Implementation of IE leak: Form Grabber
- Implementation of UK banks security system leak: Memorable Info Grabber (at this moment released implementation of 6 most popular UK banks security system leak, no screenshots, only text) (List of vulnerable banks)
- Implementation of DE Banks TAN Security System leak (included security test for 4 DE Banks) (List of vulnerable banks)
- SMS warning if new TAN detected for clients of Russian BeeLine GSM Mobile Operator

For those that care.... here is the site.

If you have half a clue you will figure out where to go from there.

Screenshots

[MCron]

For those who are interested, I managed to get a couple more images of this interface here and here.

Bonus points if anybody can figure out where the shots came from and shut them down.