[Cialug] self-aware viruses/trojans
Barry Von Ahsen
barry at vonahsen.com
Mon Apr 1 16:12:19 CDT 2013
On Apr 1, 2013, at 2:58 PM, Nicolai wrote:
> On Mon, Apr 01, 2013 at 02:34:17PM -0500, Barry Von Ahsen wrote:
>> has anyone seen this behavior?
>> I respond to A, B and C informing them that they should change their
>> email passwords and seek virus removal services
>
> I assume you know person {A,B,C} since you replied to them
I know A and B, and the To: list was definitely from A's address book, so I suspect compromised PC vs. flood spam
>> B responds to me with "Nop i sent it ...its new properties" [sic]
>> A responds to me with "not a virus i checked its amazing" [sic]
>
>> the pseudo code is easy enough: if a message comes in in-response-to my
>> message, and the body is like '%you have a virus%', then respond 'no,
>> it's okay, click the link' goto subjugate_humans
>
> Can you try responding with different responses? like
>
> * ok, thanks!
> * please remove me from your list
> * spam
> * i'm not interested
> * please send a baby rhinocerous at once, will pay double
>
interesting idea, Turing test the watcher. :)
*How do you feel bout real estate leads?
*Do you know Eliza?
*This statement is false
I assumed if the trojan was that smart, it would respond to my warning then hide/delete my message as self-preservation. but I got a 'thanks' from A (which could also be a programatic response)
similar to dc's mention, there are a lot of Facebook and twitter spam comment bots too, someone who will post %WEIGHT_LOSS_MIRACLE% and a bunch who will respond with supportive spam messages
-barry
More information about the Cialug
mailing list