Custom Trojan Creation Tool Sold Online

Finch writes "Net Security.org is reporting on the surprisingly sophisticated 'virus in a can' software called Pinch. Pinch is a tool sold on several online forums and designed to create Trojans. It allows attackers to specify the data that Trojans steal. One of the interface tabs, PWD, allows malicious users to select the type of password to be stolen by the Trojan: from email passwords to passwords kept by the system tools. It is possible to order the Trojan to encrypt this data when sending it, so that nobody else can read it. 'Pinch also lets users carry out other actions: turn infected computers into zombie computers, pack Trojans to make detection more difficult, and kill certain system processes, particularly those of security solutions.'"

obligatory

Yes, but does it run on Linux?

That sounds like fun

[Anonymous+Crowhead]

How much is it and where can I buy it? For, uh, research purposes.

Re:That sounds like fun

[Electrum]

I know you're joking, but what sort of fool would trust the seller with their own CC#?

Why does the card holder care? Your liability is limited to $50 by law, or zero by many card issuers. Merchants are the ones who lose with fraud, not the card holders or the credit card companies. In fact, the card company profits from fraud by hitting the merchant with a charge back fee in addition to reversing the transaction.

nothing special

[sub7]

they were distributing trojans like this in the 1990s... sub7 anyone? ;)

Re:nothing special

[KillerCow]

Or the venerable Virus Creation Laboratory, ala '92.

Re:nothing special

[Afecks]

I'm a trojan author so I'm getting a kick out of these replies...

No seriously, this is not a new idea. There was Senna Spy Trojan Generator many years ago. However, unless the generator actually generates the source code so you can compile it, I would call it a highly customizable backdoor, nothing more.

Re:nothing special

[UncleTogie]

I'm a trojan author...
Pardon my asking, but isn't admitting to that rather like stuffing bloody meat down your shorts and swimming with sharks?

Nothing New

[KermodeBear]

There is nothing new here.

I remember back in my script kiddie days I was able to download programs that would put together a trojan or virus together from the various options the user selected. Press a button and viola! It generated an executable. This was ten years ago.

What's so new here? That fact that someone is commercializing it?

Well, good. If you have to shell out cash at least it will keep my 16 year old self from downloading it and causing annoyances.

Re:Nothing New

Yeah, Sub7 was great. I thought the most entertaining feature was being able to quickly and easily set the user's desktop wallpaper image. It didn't take long to sniff just enough of the Sub7 protocol to be able to develop a tool that would a) scan huge swath of netspace for Sub7 b) login c) download a .jpg d) set wallpaper. A lot of people back in the late 90s woke up to find that overnight, their wallpaper had changed to a photo involving a cucumber and a very hairy receptacle.

Being able to pop custom modals was pretty fun, too. "ERROR: Insert penis into CD-ROM drive to continue operation! [OK]," followed by the CD tray immediately ejecting itself, probably freaked a few people out.

Oh, to be young again, those were the days...!

Re:Nothing New

[misleb]

Ahh, Virus Creation Lab. What memories. Brings me back to the days when viruses were pleasure, not business.

I'm not scared...

[rob1980]

If anybody tries to install a trojan on my computer, I'll hit them back.

With Winnuke95.

After all those

[rrohbeck]

"1NCRE@SE Y0UR PEN1S S1ZE 25% 1N 2 WEEKS!" programs I definitely need custom Trojans.

Re:After all those

[Jherek+Carnelian]

1NCRE@SE Y0UR PEN1S S1ZE 25% 1N 2 WEEKS!" programs I definitely need custom Trojans.

Ah, that is unless you've followed the instructions from this oldie but goodie:

--

Follow these instructions EXACTLY, and in 3 to 6 weeks you will have received well over 50,000 inches of penis, all yours. This program has remained successful because of the inadequacy and vanity of the participants. Please continue its success by carefully adhering to the instructions.

Welcome to the world of Mail Order Penis Enlargement! This little business is a little different than most cosmetic surgery. Your product is not solid (sic) and tangible, but rather a service. You are in the business of extending penii. Many small of endowment are happy to pay big bucks for this service.

(The money made from the penis enlargement is secondary to the income which is made from people like yourself requesting that they be included in that list.)
# Immediately cut off your penis at the base.
# Cut off the head of your penis, and pack it in ice.
# Take the remaining midsection of your penis, and cut it into 5 pieces of equal length.
# Immediately mail each piece to the first 5 names listed below starting at number 1 through number 5. Send penis only please (total investment your penis). Enclose a note with each piece stating: "Please add my name to your mailing list." (This is a legitimate service that you are requesting and you are paying your penis for this service).
# Remove the name that appears number 1 on the list. Move the other 9 names up one position. (Number 2 will become number 1 and number 3 will become number 2, etc.) Place your name, address and zip code in the number 10 position.
# Post the new letter with your name in the number 10 position into 10 (Ten) separate bulletin boards in the message base or to the file section, call the file, MAKE.PENIS.FAST.
# Within 60 days you will receive over 50,000 inches of PENIS. Keep a copy of this file for yourself so that you can use it again and again whenever you need penis enlargement. As soon as you mail out these letters you are automatically in the mail order business and people are sending you their penis to be placed on your mailing list. This list can then be rented to a reconstructive cosmetic surgeon that can be found in the Yellow Pages for additional income on a regular basis. The list will become more valuable as it grows in size. This is a service. This is perfectly legal. If you have any doubts, refer to Title 18, Sec. 1302 & 1341 of the postal lottery laws.

NOTE: Make sure you retain EVERY Name and Address sent to you, either on computer or hard copy, but do not discard the names and notes they send you. This is PROOF that you are truly providing a service and should the AMA, FDA, or some other Government Agency question you, you can provide them with this proof!

Remember as each post is downloaded and the instructions carefully followed, five members will be reimbursed for their participation as a Penis Enlarger with one inch of penis each. Your name will move up the list geometrically so that when your name reaches the number five position you will be receiving thousands of inches in penis.
# Daniel J. Karnes, 6394-B Tawney Bloom Mogi Donuts, MD 21045
# Newt Gingrich, Speaker of the House of Misrepresentatives, Washington, DC 20515
# Emil T. Chuck 6394-A Tawney Bloom, Mogi Donuts, MD 21045
# Charles Wilson 7690 Karnesville Road, Phobic, MI 48348
# William Davenant 8295 Hiding Closet Rd, Clarkston, MI 48348
# Peter Ruckman 14805 Rivercrest, Sterling Hts., MI 48312
# Steven Crisp 3718 Kings Point, Troy, MI 48083
# Mark Gengler 5748 Patterson, Troy, MI 48098
# Pat Robertson 666 God's Little Homophobe Road, Anti-Christ Hills, VA 48307
# Jesse Helms 20840 Tobacco Mercenary Street, Lung Cancer Hacks., VA 48038

Dear Friend,

My name is Daniel J. Karnes. In September 1988 my life was repressed and the bible thumpers were hounding me like you wouldn't believe. I

Only 10 years? How about 1992?

[khasim]

http://vx.netlux.org/vx.php?id=tv03
I still remember the password was chiba city.

well you're obviously not the intended market

[JeanBaptiste]

anyone who would use one of these would likely download a pirated version.

Re:well you're obviously not the intended market

[morari]

Which is, itself, a Trojan...

Re:well you're obviously not the intended market

[X0563511]

Please stand by as space-time folds in upon itself.

Re:well you're obviously not the intended market

[TeknoHog]

Or as a Trojan unfolds upon my, you know.

"Do-It-Yourself Trojans"

[Fedorpheux]

A great slogan for this program, but I bet our latex buddies have an entirely different interpretation of that...

Aww yeah! Custom Trojan Creation Tool! Giggety!

[Greyfox]

I'm going to design mine with the ribs on the inside! For my pleasure! Aww yeah!

Re:Scary stuff to be sure

[realmolo]

Eh. Trojans/rootkits/viruses built form these "kits" tend to all be very similar. Essentially, if you defend against one, you're defended against all the others.

Never mind the fact that it's a fucking KIT. If YOU can download it, so can the anti-virus people in order to figure out how to detect viruses made with it.

The interesting thing about modern viruses/trojans/whatever is that very few of them are really *viruses* anymore. They rely almost completely on simply getting a user to manually run (or at least give permission to the system to run) an obfuscated executable. It's sad that the technique is so successful.

Re:I'd like to see the EULA

[CautionaryX]

EULA

By agreeing to the purchase and install of Trojan-o-Matic, hereby called the 'Software', you agree to host 'x' amount of porn or phishing sites. The amount is determined by the Software according to its use and the creator of the software. At any time, you submit your computer to be a host server for the Software Creator's Nigerian email server. That is all.... oh, and your bank account is empty.

Re:I'd like to see the EULA

[Havenwar]

EULA, Pinch, 2.60
I reserve the right to go ballistic on your ass if you rip me off. (But feel free to redistribute if you include your custom trojan in the file.)

EULA - most other software
[four to six pages of nonsense much of it in all caps, mainly stating the exact same as above with the exclusion of the parenthesis but adding a page or two basically saying "I can also castrate you with a dull wooden spoon if you do something I would rather you pay me extra to get done."]

Re:Torrent?

[Havenwar]

Oh, actually a search for "pinch" on emule turns up quite a plethora of results... although once you've sorted out the porn and downloaded a few exe files (yes I know, for most geeks this is the exact reverse of the normal process), for some odd reason antivirus warnings start to pop up... apparently two out of three pinch downloads was infected with "Win32/PSW.LdPinch.P4 trojan" and the third with some other crap that I forgot to write down.

You can almost see the scriptkiddies sitting there with their brand new trojan going... "hmm, now if only I had some program to trick people into downloading... something I could merge my trojan with to start off my botfarm. Something I could put on fasttrack, and maybe emule... something idiots would download and run even if their antivirus goes off. Hey wait a minute, I'm an idiot and I just ran pinch even though 'norton' told me it was bad for me!"

slashvertisment?

[muszek]

it's the first slashvertisment that makes you search for the shop yourself...

Re:Torrent?

[PCM2]

apparently two out of three pinch downloads was infected with "Win32/PSW.LdPinch.P4 trojan"

Did you stop to think that maybe the construction set was identified as a Trojan because it ... you know ... contained the code for a Trojan? As in ... if it tripped your antivirus then you probably had the right one.

Mod me flamebait, but

[postbigbang]

Since I have to take care of a lot of machines of people that get these things, my otherwise non-violent nature would like to find the authors, well, in a Turkish prison. Yes these things have been sold on the net for a long damn time, but I've also had to scrape, reformat, debug, and otherwise keep hapless unwitting people from the damage these things do. They're often chained to using Windows whether they want to or not.

I've seen them spend hundreds of dollars on both prevention and cure, only to get owned again. This isn't about Microsoft, this is about guys that are the seeming equivalent to those that might cut brake lines in a car. The outcome isn't injurious physically, just emotionally/mentally and financially.

My hacker instinct says always continue to hack and explore and try and break things, but selling trojans seems way over the top. No fucking 'let them download Ubuntu or get a second mortgage for a Mac' shit. This is real, this is vulgur, and this is a business plan for bright guys gone bad.... and I don't get paid for scraping this crap.

Difference between Good and Evil

[HomelessInLaJolla]

I had to modify the following post to take any direct references as I have no way of knowing if you, personally, actually made use of your exploits outside of your own private testing environment...

I guess that's the difference between real tao programmers and script kiddies.

I _could_ have engaged in the same things that script kiddies did, exploiting other people for personal amusement and/or gain, but made a conscious decision not to. I saw the links, I looked at the downloads, the ftp sites, and the web pages. I _could_ have become involved in that sort of thing.

But, and I guess a significant majority of the population is lacking this little definition in their upbringing, I decided that there were far better uses for my intellectual ability... You know, something productive, something which would benefit people, something which didn't rely on targetting and exploiting others' ignorance.

The actions of script kiddies (and don't take this personally because you're part of the greater population) remind me of taking the lunch money from a quadrapalegic.

What's really sick is that most of them got a real kick out of it--and they're the asshats that I'll have to work next to in the professional world.

The Future of Anti-Virus

[Nom+du+Keyboard]

I'm believing that the future of anti-virus/rootkit solutions has to be a live CD that runs fully independently of the host system and software being scanned.

Re:Executive Order 9877389291

[rantingkitten]

Considering that "virii" is a made-up, non-English word, then yes, I can believe Bush using it and being mocked in the media the next day for another brilliant Bushism. The proper plural is "viruses".

Hate to be the one who bears bad news. And by the way, "boxen" is not a real word either.