I think that it would be a good exercise for y’all (myself included) to write some decent malware.
I’ve been rolling the concept for one around in my head for a few weeks and it would be fun to implement, especially with a small team of people working on it.
Here’s a basic concept that is in no way full fleshed-out. The current project name is Murmur.
- Modular - can be expanded at runtime with more modules
- Basic functionality has small binary
- Hides in legitimate dll in process
- Can spread across network
- Uses dns requests for basic communication
- Http for more complex/large communications
- Conceals data in images for communications
- Collects info, passwords, keystrokes, screenshots, etc
- Organized by encrypted, compressed files
- Uses dns requests to send small amounts of data periodically
- Uses https POST to send larger data
- Uses https GET to get modules or commands
- Encapsulates communications in images
- Puts received data into encrypted archives for collection
- Has front website to seem legit
- Encrypted Virtual File System
- Stores files in a virtual file system
- Stores modules, data that needs to be sent to C&C, configuration
I have experience with smaller projects, but this would be much, much larger than anything I’ve worked on by myself.
If people would like to work on this with me, send a pm my way and I’ll organize a team.