How does the Zeus keylogger trojan work?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Anybody here know?  How can this trojan change its code to make its signatu=
re change, and delete itself, and intercept https data streams, and so fort=
h?

I can do this (conceptually) using MEF Inversion of Control in C# class tem=
plates, but how a simple little executable, without the entire framework of=
 .NET, can achieve this is amazing.  Any real assembly coders here?  I'd lo=
ve to hear from a real assembly language coder (no not you idiot).

RL

Re: How does the Zeus keylogger trojan work?

RayLopez99 pretended :
Quoted text here. Click to load it

It can't, it is not self-polymorphic - not even self-replicating. If it
were, they wouldn't be calling it a trojan but a 'worm' or a 'virus'.
Quoted text here. Click to load it

What does assembly language programming have to do with it?



Re: How does the Zeus keylogger trojan work?


Quoted text here. Click to load it

It's an old family of trojans.
 
Quoted text here. Click to load it

Good luck in your efforts. :)

Btw, have you figured out, how irok, a prepender works?
Have you found the assembler code *I* wrote for you in response to your
requests original source yet? remember, you claimed I stole it... :)

so much for idiot huh ray? [g]


--
My take home pay isn't enough to take me home!

Re: How does the Zeus keylogger trojan work?


Quoted text here. Click to load it

Dustin why do you keep bringing up obscure technical things (such as this
"prepender") you once included in a now obsolete virus? Just wondering!

Jax  :)
--
Bear Bottoms
http://bearware.info

Re: How does the Zeus keylogger trojan work?


Quoted text here. Click to load it

I realize the conversation Ray is attempting to have with others here is a
bit too technical for you to be able to keep up. Google could help you out
here. Fact is, Ray ran his dicksucker off too many times; so I
occasionally ride him for it. He deserves worse, but this is about as much
effort as I'm willing to put into it. It gets the point across just fine.

For malware, assembler, prepender, appender, cavity infector, etc are not
obscure technical terms. [g]

Google Jax. Otherwise, sit back and doodle; this class isn't for you.


--
My take home pay isn't enough to take me home!

Re: How does the Zeus keylogger trojan work?


Quoted text here. Click to load it

Dustin I get munged up links when I copy them from Google's results page. Is
there a way around this?

Bing isn't as good as Google IMHO!

Jax  :)
--
Bear Bottoms
http://bearware.info

How does the Zeus keylogger trojan work?

+ User FidoNet address: 1:3634/12.42
 B> Dustin I get munged up links when I copy them from Google's results
 B> page. Is  there a way around this?

obviously you are not copying the link properly... likely you are copying the
google redirector address and then it is being truncated or otherwise wrapped
when you paste it in your software or transmit it... copy the proper link and
then use a URL shortening service like tinyurl and you'll likely have better
luck...

 B> Bing isn't as good as Google IMHO!

don't be a troll... trolls only get love from other trolls ;)

)\/(ark
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA)        +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Re: How does the Zeus keylogger trojan work?

+ User FidoNet address: 1:3634/12.42

 R> On Sunday, January 27, 2013 5:28:48 AM UTC+2, mark lewis wrote:  
Quoted text here. Click to load it
 R>  
 R> Would that be you?

no, i do not to other's work for them... if you/they want something, then it is
up to you/them to get it with the tools available to you/them...

)\/(ark
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA)        +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Re: How does the Zeus keylogger trojan work?

On Sunday, January 27, 2013 8:25:58 PM UTC+2, mark lewis wrote:
Quoted text here. Click to load it

Your surrender accepted.  Vamos!  Next...

RL

Re: How does the Zeus keylogger trojan work?

+ User FidoNet address: 1:3634/12.42
Quoted text here. Click to load it

 B> Mark you're right it's some sort of redirector. I right click to
 B> copy the  link but get a big long useless thing.

yep... what i do is either try to hilite it on the google results or just click
on it and then copy it from the address bar in the browser...

Quoted text here. Click to load it

 B> It's not truncated or getting wrapped when I paste it but it's too
 B> long to  post in messages!

something else is that passing it on to others helps google to count it for
statistics and search results ratings adjustments... all search engines do
this, FWIW...

)\/(ark
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA)        +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Re: How does the Zeus keylogger trojan work?

On Saturday, January 26, 2013 2:41:32 AM UTC+2, Dustin wrote:

Quoted text here. Click to load it

Well?  Why not answer the OP's question?  Because you can't old man.   You're
not a coder.  You're a fake.  

RL

Re: How does the Zeus keylogger trojan work?


Quoted text here. Click to load it

Which question?

old man? Damn ray.. Just how old is old to you?

How are you coming along on the prepender btw? Do you understand, yet,
how a prepending virus, infects files? It's literally in the
name/classification of virus style. Prepender. Break it up and sound it
out aloud if you need to.

As far as fake goes, you accused me of stealing irok as well as those
assembler samples I posted for you; which were verified as functional
AND original by a 3rd party you supposedly trusted. (We all know it
didn't really matter what he wrote, you weren't going to accept the
answer if it was one you didn't like, and obviously it was.)

If I stole them, as you've claimed on several occasions now, where are
the originals ray? Post the missing sections of irok if I stole it.

I know for a fact you can't do so. I'm the only person on the entire
planet earth who has the full source code to irok as well as all
versions of the live binaries. Oh yes, Ray, I have samples of viruses I
wrote that NO aver has. Irok wasn't one version, you know. It was an
entire family using the same engine. How would I know that, Ray, if I
stole the damn thing? :)

I know this, because I wrote it, from the ground up, each and every
single one of mine are original and based on nobodies else code base but
mine! Not many other VX or ex vxers can even make that claim; most were
taught by previous code samples. HO Ho HO.

Your original question if I were to answer it would be (a) too technical
for you to understand; you haven't figured out how a prepender! works
and (b) irresponsible as hell of me to tell you how and then actually
show you; I know for a fact you have malicious intentions. You've
previously shared your desire to learn to write not only a virus, but an
actual malware "kit".

Quoted text here. Click to load it

First, it's not changing it's code. It's not poly/semi polymorphic. Many
varients are being introduced server side into the wild. This is why one
signature may/may not catch the one you have. (In theory).

It's not a virus or even a worm. It's a simple trojan. You just aren't
thinking about this from a programmer/coder perspective, so it appears
to be either a mystery to you or magical.

Do you understand what a signature actually is most of the time? It's a
serious question. If you don't answer it, then I really won't be able to
explain anything technical that's related to the detection of malware.

I will not intentionally help you write destructive code. I will share
methodologies in detecting destructive code, and if you happen to figure
out how it works both ways on your own and do something with that; well,
I keep my hands clean. you see?

You will have to do your own homework. I'm hoping that by the time it
does sink in and the light comes on for you, that you won't pursue it
for destructive purposes.

You really need to sort this fake shit out with me too, Ray if you
want/expect any help from me in the future. Find the full source code to
irok and it's real author; as you've stated on more than one occasion
that I'm not that individual. I maintain that I am.

You've also claimed that I stole the assembler source code that I shared
with you, at your request! I want the url to place I stole it from.

No more games, no more nonsense. Fact is, I'm probably the most capable
person monitoring this newsgroup aside from Ant or David Lipman in a
position to teach you anything and answer your questions. You'll notice,
most people are not responding to you and likely will continue not doing
so. if you continue just being your charming prick self, you'll be
spending more time posting that won't ever recieve useful replies.

Nearly every thread you create and question you ask gets no response or
next to no useful response. Time for you to grow up a little bit, before
nobody responds. Don't ya think?


--
My take home pay isn't enough to take me home!

How does the Zeus keylogger trojan work?

+ User FidoNet address: 1:3634/12.42
Quoted text here. Click to load it

 R> Well?  Why not answer the OP's question?

anyone with any inkling of intelligence can thread back or look in the
archives... the question has been answer previously... several times, in fact
;)

)\/(ark
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA)        +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Re: How does the Zeus keylogger trojan work?


Quoted text here. Click to load it

Hi Mark. :)


--
My take home pay isn't enough to take me home!

Site Timeline