The first open source spyware

From: gilbert nzeka (dark_khaalel_at_yahoo.fr)
Date: 04/18/05

  • Next message: iDEFENSE Labs: "iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability"
    Date: 18 Apr 2005 18:23:24 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    Hi,

    Since a few years, the number of spywares is growing up but it's impossible to find a spyware's code source to analyse it and better understand their work.

    After kruegerware's (and its child) diffusion, I'm introducing you the first open source spyware.

    My goal is not to help people writing more and more spywares but to show some people that spywares are not "magic" stuff (like I can see on differents web sites) and are so easy to code. Besides, Virus generators already exist, why spywares generators could not exist?

    For the moment, KSpyware can list all the installed programs, can spy the web sites the victim has visited, can obtain a list of e-mail adresses, can hijack IE's main page, and use NetSend to spam the victim.

    I decided to remove the function allowing the dispatch of the gleaned informations and the functions stopping spyware deinstallation (like in kruegerware).
     

    Well, here is KSpyware's code cource (in Perl) : http://nzeka-labs.com/hacking/KSpyware.htm

    KSpyware is under GPL (loollll) so:
    "You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate
    copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program." BUT DON'T TRY IT ON THE WEB.

    - Nzeka Gilbert aka Khaalel
    - www.nzeka-labs.com
    - Author of the french security book: "La protection des sites informatique face au hacking".


  • Next message: iDEFENSE Labs: "iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability"