Taking scams a step farther.

[PheonixTMG]

I have been lurking here for almost a year now. I have pulled of the gamecard scam..the phishing scams and all that good stuff. I got tired of that and just cut all the corners and took what i already knew about 'hacking' and applied it. My results were epic win. Essentially all I do is hide a trojan or keylogger in a picture and send it to a victim via AIM or ICQ or w/e you use to talk.

I am assuming anyone that uses any of these idea or guides has a basic idea or functioning knowledge about how to do server, binders, and that kinda stuff. This is for learning purposes only. This is to set up a server on your own computer using your own IP.

Steps to make this work.

1 Find a small Trojan. Best not detected by AVP. (Make your own if you can.)
2 Find a binder that can bind a JPG to an exe. Best not detected by AVP.
3 Rename the result file and change the icon.


1 First you must find a small Trojan to bind to the picture. That way the size will not be too big and the receiver won`t get suspicious by long downloading times or big picture sizes.

The best is to use a small Trojan with AIM/ICQ/MSN notify. Then you get a notification on AIM/ICQ/MSN with the IP address. You need that to connect in order to upload another Trojan that has more functions. Many of them are out there: MiniCommand, FC`s InCommand, Slim`s Asylum and Webasylum, WWWPW.(ALL ARE DETECTED USED AS EXAMPLES ONLY) There are lots of them, and new ones getting released every day. Try to get an unpacked server,so you can pack the server. If the server is packed, it is harder for antivirus programs to detect it. Edit the server.

Then test the server on your own computer, to see if you get an AIM/ICQ/MSN pager. Make this work. If not edit the server again. Do not forget to remove the server afterwards. You can do this by connecting to 127.0.0.1, your own IP. Then give the command: "remove server".

To prevent recognition of antivirus programs you should then pack the server. Use an exe packer or compressor for that. A lot of packers you can find on the net. But the AVP also use unpackers, so find one that is not so familiar. A list of what AVP recognizes of Trojans and what kind of decompressing it does,can be found via google. Then you should test the server for AVP recognition. If AVP recognizes the server, you should try another packer, or another Trojan server.

2 The goal is that the victim sees the picture and that the server is secretly executed at the same time. To make one file of the server and the JPG, you use a "exe binder" or "joiner". These ones are also recognized by AVP. So it is important to find one that is not detected. Take a new one and try it out with AVP. Not all binders do bind a JPG to an exe, so find the right one.

3 Next step is to make the result look like a JPG when you send it by AIM/ICQ/MSN. With some binders you can change the icon. Else you can use Microangelo to edit the icon. You can get that at download.com. Last step is to make the .exe disappear. You can do that by renaming the result to "me.in.the.car.without.wearing.a.bra.exe" That way the name is too long to see the "exe". Or rename the result like this: Mypic.jpg .exe Put so many spaces between jpg and exe, so that the exe does not show up when you send the file.

When you get the notification that you have remote control. Remove the result.exe and upload the normal JPG instead. Removing your traces a little.

This has worked for me several times over. I just pose as a girl and say i have nudes or some shit.

DO NOT PM ME ABOUT ANYTHING RELATING TO TROJANS AND ALL THAT. IF YOU DONT KNOW THEN LEARN. GOOGLE IS YOUR FRIEND. I WILL NOT READ ANYTHING I GET PMS ABOUT.

If this kind of stuff isn't tolerated here just remove this topic.

[Liquid Malfunction]

good idea +rep although I don't use trojans or anything like that

[vlada111]

Good, idea +rep from me

[Chris2308]

Nice guide, thx for posting it

[PheonixTMG]

btw, this can be pulled of on gold farmers. i have had a few ask for screen shots of my 'verified' paypal. so far i have keylogged/trojaned 4 of them.

[ViND_]

Saying + rep doesnt give rep, clicking the button +Rep does. How come he only has 2 rep after you said you will rep him?

[Menthol8]

They just do it to make their posts up.

I will not give u rep because you did not supply us with the tools.

[PheonixTMG]

They just do it to make their posts up.

I will not give u rep because you did not supply us with the tools.

I will not supply anyone with the tools. And even if i did hand you multiple 0-day sources you wouldn't even know what to do with them. I am not holding your hands with this kind of stuff. Ill give you all the detected trojans and keyloggers you want. Anything that was made public you can have. But again, i am not helping you compile and configure them. I don't care about rep, i was trying to help people do something other then scamming. If you know what you are doing great! If not like i said use google. Honestly, with an attitude like that you don't deserve any 'tools'.

[JohnPreston]

I will not supply anyone with the tools. And even if i did hand you multiple 0-day sources you wouldn't even know what to do with them. I am not holding your hands with this kind of stuff. Ill give you all the detected trojans and keyloggers you want. Anything that was made public you can have. But again, i am not helping you compile and configure them. I don't care about rep, i was trying to help people do something other then scamming. If you know what you are doing great! If not like i said use google. Honestly, with an attitude like that you don't deserve any 'tools'.

Well, I agree with menthol.
If you make a guide, at least link or give names for the right tools.

I know how to find it myself since I am deep in the scene, but for people who are not it will be difficult to figure out on their own. twocents
Except for that major flaw, good guide.

[PheonixTMG]

Well, I agree with menthol.
If you make a guide, at least link or give names for the right tools.

I know how to find it myself since I am deep in the scene, but for people who are not it will be difficult to figure out on their own. twocents
Except for that major flaw, good guide.

If you are 'in the scene' then you would understand the need for people to learn these things. Whatever here..its a trojan that dumps info via IRC.

How to Configure
'Find "IRC.Domain.com" Replace with your IRC Address and Change the Port to the port your IRC uses
'Find "JOIN #WaZ-Up#" Replace #WaZ-Up# to the Channel you want the BoT To join. (Needs doing for 19 lines)
'Find "PRIVMSG #WaZ-Up#" Replace #WaZ-Up# to the Channel you want the BoT To send Info to.

RapidShare: Easy Filehosting

[PheonixTMG]

i provided you guys with a tool. go and use it. let me know your results.

[Koleo]

Omfg imba worked +rep when i can

[xenolith]

Haha, there are alot of perverts out there that will fall for this

[Trauts]

Where can we find more good info about this? Your guide was kinda vague, but I'm genuinely interested. Will +Rep once some more references are linked.

[Bandefaca]

Hahaha, nice!