So I socially engineered him by posing as a classmate. I told him I was going to come by to get the homework for English. He wasn’t sure but I somehow convinced him and got his address. I don’t know why they always talk to strangers, but just like the article the dude responded. I got my friend and we went to pay him a visit.
Rang his doorbell, “hi is this l33th4x0r?”. He nodded but had no clue who I was. I mentioned my gf’s screen name and you could see the color leave his face. He stuttered and stammered about how he was just playing and didn’t mean to cause any problems. I said some stern words then left him wondering wtf I was and what just happened.
Kinda wish I saved the details (screen name, address, etc) just because of how epic it was at the time
The most interesting results include apologies; one kid's father registered on the forum to post one for his son. Spamming a keylogger's logs with the physical address of its owner and "I know where you live" tends to cause them to repent in fear pretty quickly.
so this sounds like a pretty devious attack if you want to get someone, pose as a script kiddie in online forum, put in C:\Documents and Settings\<their first and last name> in stuff, other identifying info maybe and then let others do the work.
I would chat with them as normal at the same time, chuckling to myself as they kept falling offline following a barrage of emoticons and requests from my army of chat bots that made their process run out of memory.
Eventually I’d bore of it. Or have one of the chatbots tell them not to cross someone again. In your scenario I probably would have said it was the person he got the exploit from, instead of making a link to someone I care about.
If someone screwed us, we'd create a new identity and upload a file named after a hot new pirated game to their BBS. Then sit back and watch the BBS go offline for a while.
Hiring for technical security is hard—you need engineering expertise to find good people, and then you need someone with an infosec background to vet them.
Finding a combination of both is surprisingly rare and you usually find infosec folks who can define but not implement a security program, or an engineer that can implement a security program with no idea how to run or grow it.
I need more peers in this space. If you’re reading this and are a software engineer looking for a transition please do reach out—email is in my profile. There’s a huge demand for security engineers and not nearly enough engineers interested in doing it.
Somebody using my email for a discord acct without verification? Sure, go ahead (but I got the "verify your account" emails)
Then I "forget" the acct password, bam, account locked.
Which is fine by me, since I don't use that email with discord, still...
For the example of PirateStealer, the kid who made it ran a website where you posted your webhook and it spat out an exe that hid your webhook behind the domain, they even sold "premium" copies with additional security but in reality once they put the webhook behind their own domains they were dual-hooking, so the information was actually sent to 2 webhooks instead of just the 1.
Most of the services to create this malware now hide it behind a domain rather than directly exposing the Webhook, so shutting it down isn't as easy.
I just published on Hackernoon for the non-Medium members: https://hackernoon.com/about/thedevopsguy.
Also, you can find me on Twitter: https://twitter.com/a_devops_guy and Discord: https://discord.gg/FKuAky4K8M
[1]: https://github.com/Stanley-GF/PirateStealer/issues?q=is%3Ais...
It really hasn't changed.
One of the tools they've built is https://sketchy.tel/ which can decompile piratestealer/extrack/bby.rip and more and shuts down the Webhook automatically.
There's a lot of other things we do in this community but I can't disclose it because we never know who's reading our messages and if they get found out the malware creators will adapt to stop us.
Note that, though rare, some malware can escape from a VM: https://en.m.wikipedia.org/wiki/Virtual_machine_escape
Credit where credit is due, I guess.
This assertion is different (i.e. Finding the author of [the majority of] malware isn't hard..., versus Finding the author of [the most popularly-used] malware isn't hard...).
Antimalware is great for the low hanging fruit but don't expect it to detect something where the author has put effort into it.
https://github.com/Stanley-GF/PirateStealer/issues/45
I think I've found a relevant virustotal:
https://www.virustotal.com/gui/file/de7535f8c64d7a6ac8094146...
Discord knows it's a big issue and I'd hope they've attempted to mitigate the malware but there's no way to stop the actual injection, so really all they can do is code shuffle frequently to make the injected code redundant, but that'd rely on doing releases frequently and hoping everyone updates just as frequently.
why not just use the itnext.io link?
We are the largest open source multiplayer video game on github, so (compromised) discord friends sending admins messages about "games they made" with exes in them was more effective then it should have been until news and announcements went out.
[1]https://github.com/teeworlds/teeworlds [2]https://github.com/tgstation/tgstation
(/tg/Station13, based off of Space Station 13).
I worry that supporting that impulse, even in cases like this, normalizes the use of internet lynch mobs to exact "justice" (for any subjective value of "justice" that can get enough steam).
Not saying the author is a liar. But it sounds like you want to go on a crusade for them after just finding out they exist.
Or is that irrefutable proof of who was one of their victims?
This is cute, but it's important to lose this naïveté/innocence if you want to analyze more sophisticated malware in the future.
