Hacker infects 18,000 "script kiddies" with fake malware builder

This happened a lot on old gaming forums where hacks were being produced.<p>When I was much younger I looked up to a game cheats writer on an old forum since he taught me about how they worked, which I found extremely cool (still do!). It actually formed my initial interest in security.<p>I asked if I could help somehow, as all young, eager noobs at the time did, and to my surprise he said yes. He wanted to track the licenses he sold to which accounts via IRC. The game would boot, hacks get injected, hacks connected to IRC and would interact with an mIRC bot to check them on his own machine. That was my first foray into socket programming and protocols, too.<p>A while after that, I learned my code had been shared with another cheats maker (not itself a problem for me) when I was contacted to add DCC SEND support, which allowed sending files via IRC. I don&#x27;t remember if I came to the conclusion myself or if it was explicitly stated, but either way, the objective was clear, and I refused. I felt bad, had learned my lesson, and never contributed to that scene again.<p>That was in ca. 2006 or so. This has been going on for a long, long time.

They talk about this like it&#x27;s a new phenomenon but I distinctly remember this being super common in the windows 95 to vista days. Like I went to some kid&#x27;s house and he would do something like try and tell everyone he knew how to &#x27;hack google&#x27; and he used use some obviously sketchy as hell tool which just ran a whois on their domain to show their address, and this was all the evidence that he was &#x27;hacking&#x27;, and we all clowned on him for it and how he probably just installed a virus on himself. He ended up finding some extremely obvious viruses some kid thought would be funny to leave on a network share at school called something like &#x27;sexyporn.jpg.exe&#x27; and getting expelled for being daft enough to execute them

Years ago when DDoS tools were being distributed on 4chan I fixed a bug in one of them and redistributed it there.<p>My fixed version also had the handy feature of having a 50% chance of wiping the user&#x27;s entire drive if they actually used it as part of a DDoS.<p>It was pleasingly brutal. First it would zero out and delete all files in the user&#x27;s home directory, and then if it had access to the hard disk device it would overwrite the sectors directly from the start onwards. If not, it would iterate through all other files and corrupt whatever it had access to.<p>I&#x27;m satisfied to report that hundreds of script kiddies had their data irreversibly destroyed before my handiwork was noticed. I hope it was a valuable lesson to them.

In middle school we had a “computer” class where we’d learn how to type, as well as navigate a computer. This was Windows 2000 days.<p>As a prank, my friends and I would do the following:<p>* Hide all the icons on the desktop<p>* Trigger an error message<p>* Take a screenshot of the whole screen<p>* Open the screenshot in MS Paint<p>* Carefully paint over the error message to say “You’ve been hacked.”<p>* Change the desktop background to be the screenshot above<p>* Restore all the icons.<p>You’d end up with a convincing looking error message that wouldn’t close, obviously.<p>The next class, the teacher lectured us for 45 minutes on the definition of “script kiddy” vs. “real hacker” and how we should be embarrassed.<p>This made the whole thing even funnier.<p>It’s true though, I was a script kiddie.

I hadn&#x27;t heard the term &quot;script kiddie&quot; in a very long time.<p>But it seems that&#x27;s most of what Software Engineers do lately, spending most of our coding time figuring out the <i>arbitrary bureaucracy</i> (not fundamentals, nor insightful inventions) dumped on us, by the <i>massive</i> piles of stuff churned out by other people. Such that we understand very little of what we do, and consequently create very little.<p>Do people still say &quot;script kiddie&quot;, or does it resonate a lot differently than it used to, maybe a little too close to home?

I saw that back in the 90&#x27;s when I was a script kiddie myself. Programs that we use to hack others like back orifice or netbus were being distributed infected

&gt; Once a machine is infected, the XWorm malware checks the Windows Registry for signs it is running on a virtualized environment and stops if the results are positive.<p>Many (if not all) malwares do this now. Does this mean you don&#x27;t need an antivirus when you run windows on a vm because any malware that happen to infect it would kill themselves when they noticed they&#x27;re running inside a vm?

Many years ago, I created a &#x27;gold hack&#x27; for fun for a popular game when I was in highschool. I reverse-engineered the &#x27;encrypted&#x27; (which was basic letter shifting) password stored for the account and my hack basically just decrypted the password and emailed me the username&#x2F;password.<p>I got 100s of accounts, but never really did anything with them.

&gt; ...checks the Windows Registry for signs it is running on a virtualized environment and stops if the results are positive.<p>That caught my eye ^^^ Is there any virtualization software that makes VM environments indistinguishable from a &quot;bare metal&quot; environment?

I have trust issues with a lot of software free from random sources. Lots of YouTube videos trying to sell you on all sorts of weird programs all you have to do is go to some random weird site and download and run as administrator and ignore all the red flags.<p>For me I wanted an autoclicker for a few things. All sorts of sketchy sites and YouTubers recommending downloading some crap others would say is a virus and others would say are a false positive. I ended up finding a tutorial on how to write a python program and made my own autoclicker.<p>This will be a lesson these script kiddies probably needed. They are lucky as it does not seem nearly as bad as it could be in terms of malware.

Who didn&#x27;t run whatever they could find in &quot;steal this computer book&quot; section of the library when they were a kid? One publisher could have taken us all out. I was accidentally running the .bats on my own computer half the time already.

classic. this has happened not only to script kiddies, many times in the past. build your own tools. it will teach you properly how shit works, elevating your hacking skills and free you from this common risk. Assume there are no trusted sources for hacking tools.

hardcoding tokens seems like script kiddie behaviour to be honest

Roblox

Obligatory: Ha ha.

Shall we talk about all those hacker systems protected on clouds? (microsoft|aws|gogol|akamai&#x2F;linode|cloud.cn|etc)