The Ultimate Guide To Creating Viruses - Create, Crypt 'n' Go [Tutorial] Hello and Welcome, To The Ultimate Guide To Creating Viruses! So lately I have started to be a little more active that I used to be, focusing on different variety's and types of hacking and buying bits and pieces of software around the forum. After years of learning, I have finally decided to execute my experience and use it here on HF to help others! I've been looking around and there are plenty of guides and TuT's teaching you about Viruses such as Rats and Keyloggers (which are the two types of tools I'll be teaching you about in this TuT) though none have had the amount of context and detail as the one I am about to provide you! If you are a newbie to Viruses and being on the other end for once, here is your chance to learn! [Image: 9WdF3lx.png] Disclaimer: I do not take any sort of responsibility for misuse of tools provided by members Hack Forums nor do I encourage any sort of illegal actions. I also do not endorse or promote any of the software listed in this thread. Everything that is posted here is for educational purposes only. What will this TuT include: - The Right Software - Keyloggers, RATs, FUD crypters etc. - Setting up - Planning and Executing! - Spreading - Distributing Your Virus. - Analyzing - Reading information PROPERLY from your virus. Of course you can experiment with other software and tools around the forum, though as far as success goes, these programs are by far my favorites! Predator used to be awesome before stealer logs were changed which now is an extreme disappointment, therefor I've changed to Limitless and that is working perfectly! Let's Get Started! [Image: 9WdF3lx.png] Chapter 1: The Right Software - Keyloggers, RAT's and Crypters... The right virus creation software is KEY if you want to be a successful and undetectable virus creator. Below are two types of programs along with some of my own personal suggestions as to which pieces of software to use and what type may suite your needs. For RAT's...DarkComet is the best option for remote control over another computer. Since v5 and up, the versions were extremely cut down and almost useless...and when I say useless I mean like trying to use TeamViewer as a Rat. SO, your going to need to find version 4 and up for you to start working with a Rat. I personally do not recommend RAT's unless your interested in slaving computers. RAT's are very hard to setup as there is a lot involved, such as Port Forwarding (which can be a pain if you have a dynamic IP), setting up monitoring settings etc. I recommend KeyLoggers to do your dirty work for finding account details and monitoring users actions! For Keyloggers...Limitless Logger is currently the best tool for logging users information. Predator Pain is another great choice and is also another great piece of software that allows you to record serial keys and various logins along with it. Both of these loggers take minutes to create a KeyLogger and becomes even more efficient better when it comes to compatibility with crypting and distributing. Next we need to find a Crypter for the creation and distribution of our future keyloggers and rats. CryptMe is definitely the best tool for this job. CryptMe allows you to crypt files making them FUD (Fully undetectable), change icons, bind files and more. It is by far the best tool on the market for crypting, though I do warn you the customer service is pretty bad. Total cost: For RAT's: $25/mo (DarkComet is free) For Keyloggers: $25 + $25/mo [Image: 9WdF3lx.png] Chapter 2: Setting Up - Planning and Executing! This is where the real work starts happening. Here you'll setup what you want to be monitered, where logs will be sent, the type of file you'll be creating and crypting your file. For those looking to use a RAT: I will not cover the whole run through of setting up a RAT, though I do know a YouTuber who setup a 7 part series of how to setup a RAT with DarkComet. He also provided a link to DarkComet 4.x in his description so there is a very useful tool. I am not sure whether he is a HF member, though I am pretty sure he is. In the spoiler there is the 7 part series for you to learn about setting up your RAT. Spoiler (Click to View) Now for KeyLoggers: For those of you who are interested in keylogging, here is where everything gets interesting. No matter what programs you use, you want to make your keylogger as no where near suspicious as you can. So, when you click on 'options' in Predator Logger or Limitless Logger, you DO NOT want to Disable UAC, Task Manager, RegEdit, MSConfig etc. This will instantly make the user suspicious of being keylogged. You want to enable all resources you can get, so, keystroke recorder, stealer, screenshots, etc. Of course there are many options as to what type of account .dat files you can recover such as bitcoin, minecraft etc. If you want to sell those accounts or use them yourself, enable those options. After that is all done, setup a fake message. The best fake message would be something like this application error: [Image: octave_exe_Application_Error.png] Just put those two fields (replace program name with your file name) and that should look legitimate enough. If you are a little more technical or want to make something even more believable, go for your life! Simple and effective, just tell your victim (if they even ask) that their framework is out of date or their OS is not supported. Simple excuse and still keeps the logger on their computer without any suspicions. So, we've setup what we are getting and what will come up once the program has been opened, now just confirm everything else is correct and some minor things that aren't needed to explain such as: - Mutex (enabled) - Delay Runtime (disabled, we will use this option in the crypter) - Use registry/place in registry (this is not required though does help your logger harder to get rid of. - Confirm your Email/FTP info is CORRECT! (Email is recommended) - If you are using Limitless Logger, use the Web Panel option in case you accidentally stuff up your Email details so you still have the main logs. DO NOT use functions just for the sake of using them...if you are unsure of a feature, look up what it does! Most functions I have not listed are not required on the keylogger side of things. The rest of setting up is fairly easy to do on your own, though if you need any clarification post and I'll give you a hand!! Now for crypting To Crypt, you need CryptMe. CryptMe's purpose is to make your virus undetectable by all antiviruses...Limitless Logger and Predator Pain have their own crypter, though it definitely does not do the job. CryptMe is ESSENTIAL to bypass AV's Now when you start CryptMe you have 5 options down below/in the menu. The only two you need is Icon and Crypt. Scanning, Binding and Status are all tools not required and not needed for this guide. Binding files is something I'll took about after this short bit about how to crypt your file PROPERLY. So to start off, your going to need an icon. Think about the file you are building, so if you built something like a Minecraft Code Generator then get an icon from google images, convert it to .ico and then place it in there. an icon should be 256x256! Once you have set the icon, go to Crypt. The ONLY options you should have enabled is Startup, Delay Runtime (helps bypass certain crypters), EOF Support, and Mutex. These are all essential to keeping your file undetectable and harder to remove. Once you have crypted your file, duplicate it, or make a new copy and scan the new copy on virustotal.com...DO NOT scan the copy you are going to upload/spread on virustotal, it'll completely fuck it up. So make sure it's 0/46 or 1/46...one virus is fine as you can just tell your victim its a false positive and right some technical crap down and they'll most likely believe you. Once it's done, use mediafire, zippyshare or multiupload to upload your file and for users to download it. Sending it directly through IM's is definitely not the best idea. Once it's uploaded and ready to spread, we will now go and find some victims!! [Image: 9WdF3lx.png] Chapter 3: Spreading - Distributing your Virus! You've made your file, you've made it undetectable and you've uploaded it and is ready to spread, now it's time to find some victims! Before anything, your going to want to setup a mini sales pitch to make your file seem legitimate. You can't just run around saying 'Download my file' you have to make it sounds at least like it's not a keylogger that's about to steal all of your info!! For arguments sake, we'll make this file a MineCraft Code Generator. Sales pitch for something like a forum, or online community: "Hey guys, I'm selling a MineCraft Code Generator that allows you to generate FREE Minecraft codes! I am giving it away to the first 3 posters & a moderator then it costs $5 to the public (unless I decide to give it to more people)... How does it work? It pulls un-used minecraft codes from the MC purchase database and allows you to use them yourself...it is a great tool for you minecraft players!" Something like that will get the job done. Below is a list of ways to spread your virus: *I am going to say this and warn you, don't even bother trying to get HF members. Majority of us will know what your up to and just report you to an admin. We are here to hack, we'll be able to tell if your a con or not!* #1: Skype If you have a skype with loads of contacts, Post around some crap like "need testers for my script" or "giving away *your file* for free only to the first replier*...you'll lure plenty of idiots doing this. The more believable, the more people you will lure in. It also depends on where you got these contacts from. If you are not comfortable using your real skype (in case you are scared of your IP being found out) use a SOCKS5 Setup which makes your skype unresolvable by skype IP resolvers...there is a guide on how to do this that allows you to here: http://www.hackforums.net/showthread.php?tid=3262719 #2: Forums or Online Community's These are another great way to spread your virus. If you apply yourself to writing a nice, convincing pitch along with maybe a few photoshops of your file to make it more believable, you'll be able to lure in a lot of people into downloading your virus! #3: Chat Rooms Believe it or not, sites like this are actually one of the most effective and anonymus ways to infect potential victims. Simply binding your file into a .png or .jpeg will allow you to ewhore and keylog at the same time. eWhore gone wrong? No worries, decide to send your 'nude' photo to your omegle buddy and boom, there's a keylog right there! #4: Contact Forms I've used this method, and surprisingly, you would not believe how many clueless site admins fall for this. I contacted 3 or 4 owners of blogs and websites asking if they would be willing to try out my new plugin for wordpress or PHP that allows them to add sliders and other cool features to their site with my virus...it is a slow and unpredictable process, though it works. 3 out of the 4 contacted downloaded the file and never responded. The file was confirmed downloaded via the log records with their admin usernames/pw's. [Image: 9WdF3lx.png] Chapter 4: Analyzing Your Logs!! Most people rely on stealers to do most of the work, and do not focus on keystroke loggers. KeyStroke loggers are your ONLY HOPE once a person realises they're account details are being stolen...How? Well, if you followed the steps correctly and your keylogger still exists (unless they format their computer, then your fucked) then you're most likely still receiving logs. If this is the case, only keystroke logs are going to be recorded. But before I read more into that, Let me teach you how to analyze your logs PROPERLY, to get the most out of your efforts. Firstly, NEVER EVER delete your logs. I don't care if your inbox has 1,000 logs in it, that means you ain't reading enough. Read EVERY single one of your logs as one day you may hit the jackpot with a keystroke logger with a bitcoin account login with 1,000BTC in it. And your low-grammar ass deleted it. Well, don't. Read your keystroke loggers and read through them hard as they are your only source of password changes and missed logins by the stealers. Secondly, Read through your keystrokes twice. Why? It's simple. Passwords are changed almost all of the time, especially those who put up a fight to download your file in the first place. The only way to find passwords again once they are changed are with Keystroke logs. Yes, there maybe be 1,000 logs to read through, though sure as hell it's worth it once their sorry ass has to suck your dick for their accounts back. So, analyze your logs, and analyze them good. A lot of the important scraps come out of that comparing to stealer logs, even though they may be full of A's, S', D's and W's from that game they were playing for a good hour and a half! [Image: 9WdF3lx.png] The End.