This topic is now archived and is closed to further replies.


12 Steps to a malware free existence using a Backtrack 5 r3 live cd

2 posts in this topic

I posted this first on Because of a contest for metasploit pro license and one of the goals is to expose more people

If you like the artical please view my post on http://www.ethicalha...4/topic,9571.0/

Microsoft Windows has a long history of mass attacks launched at it with exploit kits such as Black Hole and usb spreading. Once the Windows machine is exploited banking bots are installed on that machine. Zeus targeted Internet Explorer and Firefox web browsers. Zeus introduced form grabbing and web-injects and ATS attacks using web-injects (http://www.trendmicr...nking_fraud.pdf). Also Zeus featured vnc (like RDP full gui access to victims machine) and backconnect (allows the botmaster to use the victim’s pc as a proxy andl also to access the victim pc file system). Zeus source code for was leaked.

SpyEye built on Zeus adding support for the web browsers Chrome, Opera.

Unlike Zeus SpyEye requires a vps or dedicated server.

SpyEye uses collector daemon and requires debian or centos server.

SpyEye added screenshots to defeat onscreen keyboards. SpyEye also added dns changer allowing the attacker to change the dns settings of infected computers. SpyEye added webfakes plugin allowed the attacker to intercept and change the page victim machine is viewing. Also DDOS module was added and credit card grabber plugin was added.

The hidden rdp plugin is by far the best of SpyEye’s plugins as it uses a hidden Remote Desktop session instead of vnc like zeus.The SpyEye hidden rdp daemon only works with debian or centos. SpyEy also has socks proxy plugin and a ftp plugin both uses the same backconect daemon.

Citadel built off Zeus source code is now the prefered bot by cyber criminals.

Citadel is a work in progress checkout http://malware.dontn...ate1.3.5.1.html for more info on citadel.

Why do we still use Windows it’s clearly not secure. This failure rate is not acceptable just assume that your infected.

Okay so Mac is secure? No not really. Mac also has Zeus like clones Weyland Yutani bot.


Also Mac now has rats such as netwire


and Incognito


Okay Linux is secure? Currently linux only concerns are trojans such as Netwire and java trojans.

How can we bank online safely? The answer is using a linux live cd like BT5R3-GNOME-64 wine is loaded on it and read only sd cards to store your passwords and settings on.

First burn the iso and check the md5 sum.

Boot the iso and insert the sd cards in write mode download your programs to the sd creat your email account and other accounts using

a password manager such as keepass http://downloads.sou...-1.24-Setup.exe

once finished lock the sd cards into readonly mode.

12 Steps to a malware free existence

1. Use a wired connection. Wifi sucks


2. Use a wired keyboard and mouse. Hacking bluetooth is closer then you might think


3. Use a VPN

4. Use truecrypt encrypt your files on your sd card.

5. Use a Yubikey for your truecrypt password.

6. Use a second sd card for a keyfile if using keepass.

7. Use two factor authentication for email a good choice would be gmail.

8. Always use a password generator such as keepass to create your passwords.

9. Only use your email account on the livecd never use it anywhere else.

10. Backup your sd card data and your Yubikey password.

11. Use WinMD5Free works in Wine to check md5 sums of your live cd and your programs

12. Remember that your banking computer is not a toy and only do banking on it.


Share this post

Link to post
Share on other sites

Strong keeps logs and has been known to release them for a price. The info eventually finds it's way around and so it defeats the purpose. ExpressVPN ( doesn't log so even a database hack won't turn up anything that can be used against you.


Share this post

Link to post
Share on other sites