StealthStalker discussion and suggestions

[0poitr]

An easy way to propagate the binary 'd be to run it on win startup, do checks on pre-determined interval for removable drives. If the drive has FAT32, copy self.
When attached to a machine later, there has to be any kind of misleading (like, say with icon of a folder, unless extensions are shown) so the user clicks to open it and the binary in turn copies itself to that machine and executes. With w7, I guess autorun is a bit more harder than previous versions.

Actually, that's what I did with my spybot in autoit.

[Stackprotector]

An easy way to propagate the binary 'd be to run it on win startup, do checks on pre-determined interval for removable drives. If the drive has FAT32, copy self.
When attached to a machine later, there has to be any kind of misleading (like, say with icon of a folder, unless extensions are shown) so the user clicks to open it and the binary in turn copies itself to that machine and executes. With w7, I guess autorun is a bit more harder than previous versions.

Actually, that's what I did with my spybot in autoit.

You will get your mall-ware above the radar pretty quickly if you do that. I will always suggest to find your own tricks and do not use existing binders/crypters because av's can find them suspicious because they use known binder and wanna be fud methods and upload them to a av server and when your code is reversed and in the av pattern databases you can wave goodbye to being totally fud.

[kenjoe41]

For an idea, maybe the malware should also be able to run new own code that its user can insert and change later. This will carter for those wanting it to be a RAT or add anymore capabilities to it rather than the pre-defined rules by its coder.