SCF Advanced Search

  • Total Posts: 41455
  • Total Topics: 14957
  • Online Today: 512
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Malicious Forums Turn Amateur Hackers Into Cybercriminals  (Read 2090 times)

0 Members and 1 Guest are viewing this topic.


  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Malicious Forums Turn Amateur Hackers Into Cybercriminals

This blog was written by Oliver Devane and Mohinder Gill.

Security researchers are aware of forums that offer downloads of malicious software such as keyloggers and remote access tools. Some inexperienced hackers may visit these forums and decide to chase the money and create a malicious agenda.

The following is a snippet from a popular hacking forum.

We recently received a submission with the filename 17_02_16~_HKL_Purchase_Order.ace. This file contained another file with a .scr (screen saver) extension. The extracted file was a keylogger/password stealer known as KeyBase.

KeyBase comes in a kit:

The KeyBase kit offers various configuration options. The password option allows the user to steal passwords from various mail clients/browsers and other popular applications. These kits make it very easy for anyone with little to no skill to create malicious programs.

We replicated the sample and navigated to the control server:

We noticed that it had a very specific welcome message, so we decided to do some searching.

We found the username shown on the control server had been registered on several malicious forums. Upon further investigation we found this actor had downloaded several malicious kits and probably got the builder for KeyBase from one of these sites. The activity on some sites dated to 2013.

We next tried to find out if this actor was involved in any past malicious activities. We looked at how the actor tried to spread the malware and whether the filename of the .ace file was unique. We found only one other instance of a similar filename.

The file we found dated back January. Upon analyzing the file, we found it to be the keylogger HawkEye. This keylogger is very easy to find on these malicious sites.

Here is a screen shot of Version 3 of the malicious builder:

We dived deeper and found the email address associated with the hacking forum accounts. We found five domains that were registered using this email address:

As we wrote this post, all of these domains were down. However, it is more than likely that these domains were or will be used for malicious purposes.

We found a username associated with the email address on the popular file-sharing website 4shared.

This user had uploaded 12 files, including a text file with nearly a half-million email addresses. This would have no doubt been used as part of a spam campaign to spread the malware.

With all the information that we have collected, we can see that malicious forums make it easy for someone with little skill to create malware. An experienced actor would work in a much more covert way. However, both types can be dangerous.

Intel Security detects this keylogger threat as Trojan-FHWM since DAT Version 8079.

Original article:
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing !,8405.msg21475.html#msg21475

Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising