All you 'installer' and 'spyware' people.. get in here.

[krazyjosh5]

Ok, heres a blackhat-as-shit, borderline illegal (someone clarify) idea for you that I'm throwing out (because I certainly wouldn't do it):

How much are install payouts? Say.. $1.00?

How much are cheap-ass USB flash drives? $3.00/drive if you order in bulk.

The Plan: Buy a bunch of cheap-ass flash drives, load them up with a program like USB Hacksaw (you know, the program that autoinstalls shit by simply plugging in a USB drive -- totally silent).

Maybe include a handful of installers to recoup the USB drive cost.

Drop them everywhere.

Who wouldn't snag and (obviously) plug in a FREE USB flash drive that they saw lying around? I totally would... and I'm the one writing this!

Oh the possibilities are endless. Botnets? Your own advertising network? Spyware? Getting really bad here... how about a program that silently replaces all advertising affids with your affids? You could easily bank a considerable sum before being noticed.

Think about it. Roughly $4 is all it takes to essentially backdoor and control a persons computer. What could/would you do with that power?

Now, of course this is shit I'd never do but I definitely think its an interesting concept. Im mainly posting this because Im interested in where you sleezebags would go with it Lets hear it.

 

[Flyboy]

Well I'm thinking going to cafe's, using school computers, etc and using the USB flash drives idea is pretty good, but it'll take quite a bit of work... Not bad though, I'm sure there are many more ideas we can come up with.. Botnets would most probably get you caught though but who knows... I'm very interested in what other people have to say about this!

 

[Lucidity]

I don't see anything illegal about mere adware installs. The other things you mentioned could get you in some shit I would imagine.

 

[asith]

I love it I will pickup a few usb if someone was offering them.

Heck I use Linux half this crap will not work.

 

[kamesh]

Nice idea, even i will pick up a USB if some one is offering them. But i guess it works initially, once people come to know about this kind of shit, i don't think it will work

 

[TheFEAR]

usb drives are still too expensive in my opinion,
i like the sound of a bot that also replaces ad affid's though, its easy enough to make your bot undetected to all antivirus and you can use the download and exec function to install all your pay per installs whenever you like.
mscache dump option would be handy too just in case you get some onto a large edu or corp network where a working domain admin login could instantly get you 5000+ installs.
add some spamming functions and p2p spreading and you could make a nice wedge

 

[bubbles]

+rep man good idea.

I was reading an article on social engineering where a guy was doing security consulting for a bank. They said they had top notch security and there was no way he would find anything. So he created a program that emailed various parts of a computers hard drive to his email. Then he put it on a bunch of USB drives and layed them around the bank where the employees took breaks and stuff. By the end of the week he had all the data he needed.

 

[emp]

@ bubbles yep.

people will pick up and insert USB sticks even in Banks.
I am sitting in a bank right now and because it would be too cumbersome to block / unblock USB devices (IT people have and need PDAs, Hard disks, phones, etc..) the USB port is left open.

::emp::

 

[turbolapp]

+rep man good idea.

I was reading an article on social engineering where a guy was doing security consulting for a bank. They said they had top notch security and there was no way he would find anything. So he created a program that emailed various parts of a computers hard drive to his email. Then he put it on a bunch of USB drives and layed them around the bank where the employees took breaks and stuff. By the end of the week he had all the data he needed.

You know that would be such a fun job. People hiring you to break down their system. There's all sorts of jobs out there that do this. If you've ever read Blink it reminds me of the war game scenario where the US government spent more than 500 million dollars on this war game (which happen to be a precursor to the decision to invading Iraq) and they hired this former military/marine guy to try to pick apart their system and to lead the team that was the enemy. He managed to annihilate them on just the second day into the faux battle(I am forgetting now exactly what the guy did, I think the guy ended up using flashlight Morris code and motorcycle carriers to transmit information or something) The author later said, "they (the US military) were so caught up in their computers and charts and systems analysis and complex matrixes that they had lost the ability to engage in the flexible, free-wheeling, instinctive thinking that is essential in the midst of battle."

Made me feel reaaaaal Secure.

 

[xecutech]

You guys just keep putting spyware out there, I get paid good money to clean it off!

 

[dogfighter]

+rep man good idea.

I was reading an article on social engineering where a guy was doing security consulting for a bank. They said they had top notch security and there was no way he would find anything. So he created a program that emailed various parts of a computers hard drive to his email. Then he put it on a bunch of USB drives and layed them around the bank where the employees took breaks and stuff. By the end of the week he had all the data he needed.

I remember that article, fuckin good story.

 

[bubbles]

Yeah that was what originally got me interested in security... I'll hopefully get a related job when I graduate from college in a few years. Although shortly after I found out about the computer security market, I found out about affiliate marketing, so it could go either way.

Found the article
Social Engineering, the USB Way - Desktop Security - Dark Reading

 

[Bofu2U]

Yeah that was what originally got me interested in security... I'll hopefully get a related job when I graduate from college in a few years. Although shortly after I found out about the computer security market, I found out about affiliate marketing, so it could go either way.

Found the article
Social Engineering, the USB Way - Desktop Security - Dark Reading

I'm in the same situation as you. Graduating in 6 months with my IT degree with a focus on Cyber Security

 

[misterproline]

Odds are that if you dropped these in a college town a college student would already have one of these. If you dropped it in a non-college town odds are that it would only get used on one pc. $3 - $1 = $2 = Negative Profit.

 

[turbolapp]

Odds are that if you dropped these in a college town a college student would already have one of these. If you dropped it in a non-college town odds are that it would only get used on one pc. $3 - $1 = $2 = Negative Profit.

How bout dropping them at a tech convention?

 

[Netphase]

Odds are that if you dropped these in a college town a college student would already have one of these. If you dropped it in a non-college town odds are that it would only get used on one pc. $3 - $1 = $2 = Negative Profit.

I think you missed a line.

Maybe include a handful of installers to recoup the USB drive cost.

 

[Wiy]

great idea, thanks

 

[BigWill]

Odds are that if you dropped these in a college town a college student would already have one of these. If you dropped it in a non-college town odds are that it would only get used on one pc. $3 - $1 = $2 = Negative Profit.

Do you think it would be easy to make a return using Your Own spyware? IE spyware that pops only your offers. I wonder how much each person would be worth on avg and how long it would take to make that return.

 

[gkgk11]

hmm

damn this is a gooooood idea. What if you just gave them out for free?

Edit: Maybe sell them for $2 (people will think its a bargain)

 

[krazyjosh5]

hmm

damn this is a gooooood idea. What if you just gave them out for free?

Edit: Maybe sell them for $2 (people will think its a bargain)

slow down noobie. you dont want your face or name associated with this, do you?