Search This Blog

Sunday, October 30, 2011

Making keyloggers Undetectable using Binders and Crypters!


The biggest challenge after creating keylogger installation file, is to convince your victim to install that keylogger on his PC. Normally free remote keyloggers like Emissary keylogger or any other cheap keyloggers will create standard .exe installation file without any stealth feature. Also free keyloggers are easily detected by popular antiviruses. So Eventually your keylogging job will remain Incomplete.
You would have probably heard about binders and Crypters before, but what do they used for? and why they are used in keylogging process? its simple as their Names suggests what they do. Lets first understand these two softwares.
Crypter
It is a software that can encrypt executable (.exe) files. crypters are popularly used to encrypt viruses, RAT’s, keyloggers, spywares etc to make them undetectable from antiviruses.
The Crypter takes the original binary code of .exe file and applies many encryption on it and stores at the end of file(EOF). So a new crypted executable file is created. The new exe is not detected by antiviruses because its code is scrambled by the crypter.
Binder
Binder is a software used to bind or combine two or more files in one file under one name and extension.
The files to be binded can have any extension or icon. The user has choice to select the name, icon and various attributes of binded file.
Now that you, me and the whole world is aware of these softwares, do you think antivirus softwares will allow you to run these softwares on your system? ..obviously not. This is the biggest setback for crypters and binders. With increased use of Crypters and binders to bypass antiviruses, AV became more advanced and started including encryption definitions to even detect crypted or binded strings within code. So, use of crypter to hide Keyloggers became more complicated as nowadays, most of the popular crypters & Binders are easily detected by antiviruses.
So, if you are trying to crypt your keyloggers or viruses with publicly available crypters and binders, they are bound to be detected by antiviruses. This is because most FUD(fully undetectable) crypters remain “FUD” for maximum of one or two weeks, after their public release.
When any free FUD crypter/binder becomes popular it also gets the eyes of antivirus companies. The antivirus companies update their software and employ detection mechanism that detect the encryption by the crypter. To obtain FUD crypters, you either need to search for it in hacking forums or make one by yourself. Soon i will post about creating your own crypter.. stay connected.
Meanwhile you can try these latest crypters and binders that are available publicly:

1) Chrome Crypter v2.0

This Crypter is FUD (Fully Undetectable) and free. It has couple of extra features like .exe file binder and inbuilt ICON Changer. Its recommended that you name your resulting output file in the format: “filename.mp3.exe”. .exe extension will be hidden on most of the systems, so your victim will run it believing its an mp3 file.

2) 0crypter v5.0.8

Like ‘Chrome crypter’, this crypter also has inbuilt ICON changer and few more advanced features like: Default Browser Injection, Custom Injection Method (VBC advanced), Effective StartUp on reboot, Custom Startup, Custom Assembly Change, etc. This is not FUD, as my AVG quickly flagged the output file as Trojan virus.

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo

0 comments:

Post a Comment