one of the first successful social engineering malware/botnet was reported here 4 hours ago.
within 3 hours, a community member has created a Trojan Horse Detector.
<3
edit: let's assume the bad guy is also reading this thread.
lets assume there are still folks out there affected by this, who will not have read this thread between now and the next time his botnets all 'calls home' for directions.
my prediction of his next move in the wargame...
he has his botnet all copy the binaries for wget and ping to "tegw" and "gnip" or something else to obfuscate the process name. the botnet no longer uses wget and ping. now it uses "tegw" and "gnip". so that
the script posted above will no longer detect infection.
in fact, we need to go ahead and assume the script above will no longer function as of 6 hours from now.
posting this now as i think of our next move in this little ballet.
Bookmarks