CZEGO ? Lecę na ryj, przepraszam.

Virus+chatting with the creator of the virus=
A delirium caused by fever?

Just kidding Z&Z nice read

Fun story but what’s wrong with your fact checks? “A sample is found in battle .net in Taiwan, China” Please open an atlas or Google for Taiwan and maybe you’ll realize that it’s an independent republic with about 20 million inhabitants who will all be pissed off when you say they’re in China.

One point to be made here. Unless you want a bunch of people hate you, avoid political comments (namely “Taiwan, China”) part.

I once investigated a keylogger/backdoor app distributed through Xfire instant messenger. It was advertised being aimbot for the video game Halo, but in reality it installed itself to system to be launched automatically on boot with random name, and contacted to some foreign IRC server, sending keystrokes, mouse clicks, and so on live there, also giving the hacker possibility of giving back commands to launch or shut down programs, for example. And of course to spread around, it would send links to itself through the instant messenger program, so it would seem like a friend is recommending to try the program out.

Having found the mechanism it used to connect with the hacker, I actually used a separate IRC client to log in to the server and tried to chat with him (presumably male), but he didn’t respond to me. In the end I contacted the abuse department of the ISP owning the IP address space where the IRC server was and provided detailed description and log files on network activity what is going on there. I never got any response from the ISP, but at least reports of this malware spreading stopped quite soon after.

So you were running the trojan’s code, even if you weren’t yet sure what it would do? I’m not a security expert, and obviously you are, but that doesn’t seem like a good idea to me at all…

It happened to me while I was testing a version of SubSeven, a window popped up and some guy started chatting with me

I’d sell my soul to the devil for those skills (pun intended).

“Taiwan”, not “Taiwan, China”

And the hacker was obviously from mainland China.

Any chance you would share that infected code?

lulz, he was using a modified version of flame…

Can’t say I’ve ever chatted to a hacker within a virus, but I have chatted to someone who hacked me.

I was hanging out on IRC, as I usually do. One user, who we’ll call Fred, was pasting Python code into the chat, the purpose of which was apparently to remove a trojan from a Linux system. I less-than-politely (as was the style for that channel) asked them to paste it elsewhere, as it was spamming the channel.

[14:10:54] Fred: pastebin that s***, gee
[14:11:08] TerrorBite suck it

They went silent for ten minutes, and I thought nothing of it. Then…

[14:22:24] hey TerrorBite
[14:23:04] hey Fred
[14:23:13] Linux [redacted].pubip.serverbeach.com 2.6.32-22-server #36-Ubuntu SMP Thu Jun 3 20:38:33 UTC 2010 x86_64 GNU/Linux
[14:23:14] shut up.
[14:27:51] Wat
[14:28:10] did you seriously just
[14:28:34] yes.
[14:28:35] well f***.

He’d just hacked my server right in front of me, and that line of text was the proof. However, Fred turned out to be a grey-hat, and what followed was a quite interesting discussion during which I learned exactly how I’d been exploited and how to fix it.

Needless to say I’m a little more paranoid now, and my server now runs OSSec, csf, custom AppArmor profiles amongst other security enhancements.

Nothing new since Sub7 …

That’s a trojan, not a virus. The difference in required skill to produce makes the distinction very important. You were talking to a 12 year old with a copy of visual basic, not a skilled bit twiddler.

Very interesting article, thank you

This is all too common and really isn’t a new thing. I know a few hackers around the age of 15 who have their own dedicated, self-programmed software for performing tasks like this. Microphone streaming is another biggy too.

Is it possible to disclose a translation of the full conversation transcript?

Is it possible to disclose a translation of the full conversation? Just curious.

Maybe this is a good technique to bring over to the light side; have apps with built-in chat with the developers for real-time customer service.

Now THAT, is some next level shit.

Wow.

Just wow.
This kind of stuff blows my mind, even as a web developer.

No reason to be politically dishonest here. Taiwan is an independent country, and you shouldn’t label it as if it were a place in China (Taiwan, China). A memetic trojan embedded in a security blog post? You should be ashamed.

這根本在拍電影XD

Wow T’is very interesting

Really interesting.

Taiwan is not part of China.
This person is came from China instead of Taiwan.

Thanks for all your feedback! I’ve corrected the Taiwan reference, no offence intended to anyone.

[...] Source: Article Link [...]

[...] III got a surprise when the hacker started chatting with them—through a feature in the malware. Franklin Zhao & Jason Zhou of antivirus company AVG were looking for keylogging code in the malware with a debugger after downloading it to a virtual [...]

While integrated chat is something pretty interesting, I’ve left messages to the hackers on systems they got hold of (and which I fixed after I was commissioned to).

[...] III got a surprise when the hacker started chatting with them—through a feature in the malware. Franklin Zhao & Jason Zhou of antivirus company AVG were looking for keylogging code in the malware with a debugger after downloading it to a virtual [...]

Why did you execute and infect yourself with the trojan before you knew what it did?

Dial up connection’s username and password?? Really??

I experienced something similar once, my boss who was a quadriplegic with cerebral palsy and that typed with his hat had a web design and hosting startup and I was his only employee. A hacker got on the Linux and was trying to gain control of the system, my boss saw it and tried to stop him and the hacker started chatting with him and told him to go away and leave him alone. so my boss frantically typed with his hat one key at a time and managed to outmaneuver him, he shut down the system and it worked.

Just to provide a little background on Ray’s reasoning.

It appears the aforementioned forum does come from Taiwan’s battle.net, administered by Blizzard Entertainment, and serves as the only official Chinese language Diablo III forum. There is currently no Diablo III forum on China’s regionalized battle.net, and I suspect many Chinese (also possibly Singaporean or Malaysian) users visit the Taiwanese site for discussion (evident by the Simplified Chinese conversation captured in the first screenshot).

Given that Hacker posted and named its executable file in Simplified Chinese, it is more likely that Hacker is from China (or elsewhere Simplified Chinese is natively used) rather than from Taiwan, where the forum is based in.

[...] AVG安全研究人员与一位中国黑客通过木马内置聊天功能展开了“友好”的交流。这位黑客通过《暗黑III》游戏论坛散播恶意程序，他声称提供一个与BOSS对战的视频文件，但实际上是按键记录工具，能窃取受害者的 battle.net帐号。 [...]

[...] AVG安全研究人员与一位中国黑客通过木马内置聊天功能展开了“友好”的交流。这位黑客通过《暗黑III》游戏论坛散播恶意程序，他声称提供一个与BOSS对战的视频文件，但实际上是按键记录工具，能窃取受害者的battle.net帐号。安全研究人员在研究恶意程序的关键日志代码时发生了一件不可思议的事情：一个聊天窗口突然弹出，黑客输入了中文询问“你研究我的木马干什么”，“想研究出什么来”。聊天功能整合在木马中，他接着说，“我都不知道还能看到屏幕”，“你没有摄像头，有摄像头我就能看看你长什么样了”。研究人员继续与他聊天，表示要从他手中购买木马，但黑客并不蠢，他随后远程关闭了系统。 [...]

[...] AVG安全研究人员与一位中国黑客通过木马内置聊天功能展开了“友好”的交流。这位黑客通过《暗黑III》游戏论坛散播恶意程序，他声称提供一个与BOSS对战的视频文件，但实际上是按键记录工具，能窃取受害者的 battle.net帐号。 [...]

[...] Have you ever chatted with a Hacker within a virus? AVG Hacker: What are you doing? Why are you researching my Trojan? [...]

[...] AVG安全研究人员与一位中国黑客通过木马内置聊天功能展开了“友好”的交流。这位黑客通过《暗黑III》游戏论坛散播恶意程序，他声称提供一个与BOSS对战的视频文件，但实际上是按键记录工具，能窃取受害者的 battle.net帐号。 [...]

[...] AVG安全研究人员与一位中国黑客通过木马内置聊天功能展开了“友好”的交流这位黑客通过《暗黑III》游戏论坛散播恶意程序，他声称提供一个与BOSS对战的视频文件，但实际上是按键记录工具，能窃取受害者的 battle.net帐号。 安全研究人员在研究恶意程序的关键日志代码时发生了一件不可思议的事情：一个聊天窗口突然弹出，黑客输入了中文询问“你研究我 的木马干什么”，“想研究出什么来”。聊天功能整合在木马中，他接着说，“我都不知道还能看到屏幕”，“你没有摄像头，有摄像头我就能看看你长什么样 了”。研究人员继续与他聊天，表示要从他手中购买木马，但黑客并不蠢，他随后远程关闭了系统。 [...]

[...] Have you ever chatted with a Hacker within a virus? >> AVG Hacker: What are you doing? Why are you researching my Trojan? [...]

[...] Source:  avg.com [...]

Dial up connection passwords? Somebody’s playing with time machine.

[...] AVG-Blog VN:F [1.9.17_1161]Rating: 0.0/5 (0 votes cast) [...]

so they could figure out what it does

Were you guys logging network traffic of this program? I’m assuming the second party was using some anonymizing proxies, but there had to be something outgoing to alert him the program was running on your system. Did you try to trace it at all? He was likely bouncing off zombie machines all over the place, but at least starting a trace and reporting any zombies you saw to the appropriate authorities (zombies’ ISPs for example) would’ve been nice.

So they could see what it did… Duh.

[...] Have you ever chatted with a Hacker within a virus? (via JWZ) [...]

this is not from Taiwan, they don’t use simplified Chinese.

lol, generic

Because you can’t figure out what it does until you run it. Drr

[...] «Звучит, как сюжет фильма, но это правда. Мы знакомы с вредоносным софтом и боремся с ним ежедневно. Однако чат с хакером в реальном времени случается не так уж часто. В следующий раз будем настороже», — написали программисты в блоге компании. [...]

[...] не так уж часто. В следующий раз будем настороже», — написали программисты в блоге компании. Поделиться [...]

He did it *in a virtual machine*.
So that there’s no risk of his *physical machine* getting infected.

[...] Have you ever chatted with a Hacker within a virus?. [...]

哇。牛逼~~~

[...] – he ended their hackroulette session by shutting down the researchers’ system. Head to the AVG blog to read the full [...]

[...] – he ended their hackroulette session by shutting down the researchers’ system. Head to the AVG blog to read the full [...]

How else do you expect to learn what it is capable of without running it on a computer that is intended to get infected like a typical (dumb) user?

You guys are serious? Thats one of the most simple trojans I’ve ever seen. It’s been used on me already and I already had access to it >_>

How else is he going to find out what it does?

[...] III got a surprise when the hacker started chatting with them—through a feature in the malware. Franklin Zhao & Jason Zhou of antivirus company AVG were looking for keylogging code in the malware with a debugger after downloading it to a virtual [...]

[...] http://blogs.avg.com/news-threats/chatted-hacker-virus/ Share this:ShareEmailFacebookTwitterLinkedInStumbleUponLike this:LikeBe the first to like this. Categories: Reading Links Comments (0) Trackbacks (0) Leave a comment Trackback [...]

[...] during the analysis, the Chinese hacker opened a chat window within the trojan, demanding to know what the researchers [...]

[...] But during the analysis the Chinese hacker opened a chat window within the trojan, demanding to know what the researchers were doing.  Read more from SCMagazine. Share this:TwitterFacebookLike this:LikeBe the first to like this. This entry was posted on Monday, June 25th, 2012 at 9:09 pm and posted in News. You can follow any responses to this entry through the RSS 2.0 feed. Canadians Build Cyber Perimeter » [...]

Can you speak Chinese?

[...] [本文英文原文链接：Have you ever chatted with a Hacker within a virus? ] 分享到： (function(){ var _w = 55 , _h = 16; var param = { url:location.href, type:'3', count:'1', appkey:'2606191112', title:'', pic:'', ralateUid:'1670481425', language:'zh_cn', rnd:new Date().valueOf() } var temp = []; for( var p in param ){ temp.push(p + '=' + encodeURIComponent( param[p] || '' ) ) } document.write('') })() 伯乐在线博客传播最新的职业资讯和最有价值的职业分享，欢迎订阅哦。如果您也愿意 分享一份自己的原创/译文，可以 从这里开始～ [...]

[...] 原文：Have you ever chatted with a Hacker within a virus? 本文标签: 安全,病毒,黑客 本文链接: [...]

Do you own really understand, right?Do you think that these very interesting?

Do you own really understand, right?Do you think that these very interesting?

[...] analizowanego przez AVG trojana przemówił, kiedy Ci podpięli jego binarkę na debugger – ciekawa historia [...]

[...] beiden Experten. Verrückte Geschichte, nicht wahr? Mehr Informationen zu dem Vorfall findet ihr auf dem Blog des Unternehmens. [via [...]

[...] (Almost) All of Us Cheat and Steal (Time) • Have you ever chatted with a Hacker within a virus? (AVG) • Go Ahead, Think It Over  [...]

He uses a virtual machine infected with the trojan to investigate it.

Sandbox machine. It’s a necessary tool.

they found it in Taiwan!

actually it’s not so fantastic .all of those functions can be carried out using Windows API,we also have talked about this on a forum http://topic.csdn.net/u/20120627/09/3130cd63-d34f-4721-94b0-67d460579137.html

嗯嗯

能给个md5吗，谢谢了。

[...] http://blogs.avg.com/news-threats/chatted-hacker-virus/ This entry was posted in Tech, Uncategorized and tagged Hackers by techarena.357159.admin. Bookmark the permalink. [...]

[...] Have you ever chatted with a Hacker within a virus? >> AVG [...]

Did you use Google Translate? Or one of you “happened” to know Chinese?

I hope I never get my hands on a black hat because I will hurt whatever is below that hat!

I once had a real pest program called ‘exit fuel’ I remember thinking do the advertisers on this know they are on this? Because there was no way I would have ever done bussiness with anyone even remotely connected with it! I am shocked that the isp providers cannot detect and prosecute hackers or their servers. How stupid a system it seems to me to have end-users battling with these vandals! To me it is like pumping dirty water to everyone and having them filter it themselves at the faucets! The jaded part of me thinks that the anti-virus industry might well be the hackers and are just undoing their own crafty tangles!

why does my pc download avg virus updates so often and many times ‘lost connection’ This sure is annoying!

I chatted with a hacker in a virus in a dream with in a log at the bottom of the sea

Any RAT can do this, especially stock RAT creation programs allow you full control of the victim’s computer, that’s the point of Remote Administration.

what debugger are you using? As IT support at a universtity i see some really… cool viruses, that I would like to try and understand.

[...] זיהוי תוקף. בעבר, זיהוי צבא . תוקף היה יחסית קל. בשלב מסוים הגבול השתנה ובשלב מסויים במעט ונעלם כאשר דובר באנשי חמאס וג'יהד אשר משגרים פחיות לעברנו. הבעיה הייתה חתימה נמוכה. אי יכולת לזהות את הנשק בתמונות אויריות ומכ"מים עקב גודלו. היום אנו מתמודדים עם חתימות בלתי נראות. הכוונה היא שתוקף יכול להסתיר את עצמו בקלות. אין לנו כמעט כלים או יכולות להבין את מקורו של תוקף (אפילו לרמת יבשת) ואין לנו את היכולת להעיד האם מדובר בסיני בודד מול מחשב אשר עושה את זה להנאתו האישי, האם מדובר בצוות האקרים גרמנים, בקבוצת ממשל רוסית, או בהתקפה אשר מקורה בזומבים ( מחשבים אשר משמשים ככלי העברת מידע ללא ידיעת בעליהם).  במקרים מסויימים ההאקרים גם מדברים חזרה. כך לדוגמא, היה מקרה בו חוקר אבטחת מידע ניסה לנתח וירוס על מנת שחברתו תוכל לספק הגנה מתאימה בפני הוירוס. בשלב מסויים עלה כותב הוירוס מולו בצ'אט לאחר שהתלט לו על המחשב והזהיר אותו לא לנסות לחקור את הוירוס. [...]

[...] זיהוי תוקף. בעבר, זיהוי צבא . תוקף היה יחסית קל. בשלב מסוים הגבול השתנה ובשלב מסויים במעט ונעלם כאשר דובר באנשי חמאס וג’יהד אשר משגרים פחיות לעברנו. הבעיה הייתה חתימה נמוכה. אי יכולת לזהות את הנשק בתמונות אויריות ומכ”מים עקב גודלו. היום אנו מתמודדים עם חתימות בלתי נראות. הכוונה היא שתוקף יכול להסתיר את עצמו בקלות. אין לנו כמעט כלים או יכולות להבין את מקורו של תוקף (אפילו לרמת יבשת) ואין לנו את היכולת להעיד האם מדובר בסיני בודד מול מחשב אשר עושה את זה להנאתו האישי, האם מדובר בצוות האקרים גרמנים, בקבוצת ממשל רוסית, או בהתקפה אשר מקורה בזומבים ( מחשבים אשר משמשים ככלי העברת מידע ללא ידיעת בעליהם).  במקרים מסויימים ההאקרים גם מדברים חזרה. כך לדוגמא, היה מקרה בו חוקר אבטחת מידע ניסה לנתח וירוס על מנת שחברתו תוכל לספק הגנה מתאימה בפני הוירוס. בשלב מסויים עלה כותב הוירוס מולו בצ’אט לאחר שהשתלט לו על המחשב והזהיר אותו לא לנסות לחקור את הוירוס. [...]

[...] официальный блог AVG Tweet VK.init({apiId: 2780927, onlyWidgets: true}); VK.Widgets.Like('vk_like_3635', [...]

i am just as jaded!