Topic: DIY trojan-building tools for sale on the Internet

[Amker]

Malware and trojan authors have a new tool in their handbasket, and it's a program that allows for an unprecedented level of automated trojan creation. Although trojans themselves are nothing new, the automated manufacturing program named Pinch Pro 2.6 is capable of building sophisticated attack and monitoring executables. Script kiddies, it seems, have grown up, gone GUI, and are looking for a new platform from which to launch attacks.

The amount of customization that's available to a trojan designer is sobering—with the click of a button, the designer can specify his creation to perform a number of specific tasks, including:
SPY: Allows trojan to act as a keylogger, takes screenshots, capture IE data, and can search for certain files.
NET: Turns the PC into a botnet zombie, and allows for the opening of specific ports, downloads and runs files, and can turn the system into a proxy.
BD: Opens a backdoor on the infected system.
KILL: Deactivates certain services or processes.

Although much of the entry focuses on Pinch 2 Pro version 2.6, there are already Pinch 3 builds in the wild and available for download, provided you're willing to parse some Russian sites. The blog entry mentions Pinch 3 and notes that various aspects of the builder have been deactivated to allow for specific market targeting, but we were able to snap up a copy of Pinch 3 (and its parsing program) after only about 30 minutes of searching. The screenshot below is one of the modified builder versions that PandaLabs discusses and is obviously aimed at a particular type of report.
Although trojan generators like Pinch could conceivably be used to unleash a new wave of zombified botnets upon the Internet, the active proliferation of trojans created by a common piece of software like Pinch could, in turn, lead to the discovery of common markers that anti-virus and anti-malware designers could use to block such trojans.

Even though Pinch Pro may not have a direct or immediate impact on the botnet industry, the significance of malware vendors going commercial can't be denied. Even if the trojans and worms generated by Pinch Pro can eventually be readily detected, the fact that a burgeoning industry now exists that focuses on selling such solutions to its "customers" should be a major cause of concern for antivirus creators and consumers alike. Given the speed and complexity with which malware can evolve, its anyone's guess how much longer consumers will be able to rely on a pre-packed antivirus/anti-malware solution to provide an effective barrier to system infection.
ars technica

[attachment deleted by admin]