Spy virus. Computer spyware - what is it? How to write a .VBS with a bug or hack message

Facebook

June 2, 2016 at 12:29 pm

We write our own malware. Part 1: Learning to write a completely “undetectable” keylogger

Translation

The hacker world can be divided into three groups of attackers:

1) “Skids” (script kiddies) – little novice hackers who collect well-known pieces of code and utilities and use them to create some simple malware.

2) “Buyers” are unscrupulous entrepreneurs, teenagers and other thrill-seekers. They buy services for writing such software on the Internet, collect various private information with its help, and possibly resell it.

3) “Black Hat Coders” - programming gurus and architecture experts. They write code in a notepad and develop new exploits from scratch.

Can someone with good programming skills become the last one? I don't think you'll start creating something like regin (link) after attending a few DEFCON sessions. On the other hand, I believe that an information security officer should master some of the concepts on which malware is built.

Why do information security personnel need these dubious skills?

Know your enemy. As we discussed on the Inside Out blog, you need to think like the offender to stop him. I am an information security specialist at Varonis and in my experience, you will be stronger in this craft if you understand what moves an attacker will make. So I decided to start a series of posts about the details that go behind malware and the different families of hacking tools. Once you realize how easy it is to create undetectable software, you may want to reconsider your enterprise's security policies. Now in more detail.

For this informal "hacking 101" class, you need some programming knowledge (C# and java) and a basic understanding of Windows architecture. Keep in mind that in reality the malware is written in C/C++/Delphi so as not to depend on frameworks.

Keylogger

A keylogger is software or some kind of physical device that can intercept and remember keystrokes on a compromised machine. This can be thought of as a digital trap for every keystroke on a keyboard.
Often this function is implemented in other, more complex software, for example, Trojans (Remote Access Trojans RATS), which ensure the delivery of intercepted data back to the attacker. There are also hardware keyloggers, but they are less common because... require direct physical access to the machine.

However, creating basic keylogger functions is fairly easy to program. WARNING. If you want to try any of the following, make sure you have the permissions and are not disrupting the existing environment, and it's best to do it all on an isolated VM. Next, this code will not be optimized, I will just show you lines of code that can accomplish the task, this is not the most elegant or optimal way. And finally, I will not tell you how to make a keylogger resistant to reboots or try to make it completely undetectable using special programming techniques, as well as protection from deletion even if it is detected.

To connect to the keyboard you just need to use 2 lines in C#:

1. 2. 3. public static extern int GetAsyncKeyState(Int32 i);

You can learn more about the GetAsyncKeyState function on MSDN:

To understand: this function determines whether a key was pressed or released at the time of the call and whether it was pressed after the previous call. Now we constantly call this function to receive data from the keyboard:

1. while (true) 2. ( 3. Thread.Sleep(100); 4. for (Int32 i = 0; i< 255; i++) 5. { 6. int state = GetAsyncKeyState(i); 7. if (state == 1 || state == -32767) 8. { 9. Console.WriteLine((Keys)i); 10. 11. } 12. } 13. }

What's going on here? This loop will poll each key every 100ms to determine its state. If one of them is pressed (or has been pressed), a message about this will be displayed on the console. In real life, this data is buffered and sent to the attacker.

Smart keylogger

Wait, is there any point in trying to remove all the information from all applications?
The code above pulls raw keyboard input from whatever window and input field currently has focus. If your goal is credit card numbers and passwords, then this approach is not very effective. For real-world scenarios, when such keyloggers are executed on hundreds or thousands of machines, subsequent data parsing can become very long and ultimately meaningless, because Information valuable to an attacker may be out of date by then.

Let's assume that I want to get my hands on Facebook or Gmail credentials to sell likes. Then a new idea is to activate keylogging only when the browser window is active and the word Gmail or facebook is in the page title. By using this method I increase the chances of obtaining credentials.

Second version of the code:

1. while (true) 2. ( 3. IntPtr handle = GetForegroundWindow(); 4. if (GetWindowText(handle, buff, chars) > 0) 5. ( 6. string line = buff.ToString(); 7. if (line.Contains("Gmail")|| line.Contains("Facebook - Log In or Sign Up")) 8. ( 9. //keyboard check 10. ) 11. ) 12. Thread.Sleep(100); 13. )

This snippet will detect the active window every 100ms. This is done using the GetForegroundWindow function (more information on MSDN). The page title is stored in the buff variable, if it contains gmail or facebook, then the keyboard scanning fragment is called.

By doing this, we ensured that the keyboard is scanned only when the browser window is open on the facebook and gmail sites.

An even smarter keylogger

Let's assume that the attacker was able to obtain the data using a code similar to ours. Let’s also assume that he is ambitious enough to infect tens or hundreds of thousands of machines. Result: a huge file with gigabytes of text in which the necessary information still needs to be found. It's time to get acquainted with regular expressions or regex. This is something like a mini language for creating certain templates and scanning text for compliance with given templates. You can find out more here.

To simplify, I will immediately give ready-made expressions that correspond to login names and passwords:

1. //Looking for postal address 2. ^[\w!#$%&"*+\-/=?\^_`(|)~]+(\.[\w!#$%&"*+ \-/=?\^_`(|)~]+)*@((([\-\w]+\.)+(2,4))|(((1,3)\.)( 3)(1,3)))$ 3. 4. 5. //Looking for password 6. (?=^.(6,)$)(?=.*\d)(?=.*)

These expressions are here as a hint to what can be done using them. Using regular expressions, you can search (and find!) any constructs that have a specific and unchanging format, for example, passport numbers, credit cards, accounts, and even passwords.
Indeed, regular expressions are not the most readable type of code, but they are one of the programmer's best friends if there are text parsing tasks. Java, C#, JavaScript and other popular languages already have ready-made functions into which you can pass regular regular expressions.

For C# it looks like this:

1. Regex re = new Regex(@"^[\w!#$%&"*+\-/=?\^_`(|)~]+(\.[\w!#$%&"* +\-/=?\^_`(|)~]+)*@((([\-\w]+\.)+(2,4))|(((1,3)\.) (3)(1,3)))$"); 2. Regex re2 = new Regex(@"(?=^.(6,)$)(?=.*\d)(?=.*)"); 3. string email = " [email protected]"; 4. string pass = "abcde3FG"; 5. Match result = re.Match(email); 6. Match result2 = re2.Match(pass);

Where the first expression (re) will match any email, and the second (re2) will match any alphanumeric structure greater than 6 characters.

Free and completely undetectable

In my example, I used Visual Studio - you can use your favorite environment - to create such a keylogger in 30 minutes.
If I were a real attacker, then I would aim at some real target (banking sites, social networks, etc.) and modify the code to match these goals. Of course, I would also run a phishing email campaign with our program, masquerading as a regular invoice or other attachment.

One question remains: will such software really be undetectable by security programs?

I compiled my code and checked the exe file on the Virustotal website. This is a web-based tool that calculates the hash of the file you downloaded and searches it against a database of known viruses. Surprise! Naturally nothing was found.

This is the main point! You can always change the code and develop, always being a few steps ahead of the threat scanners. If you are able to write your own code it is almost guaranteed to be undetectable. In this

Information Security

Add tags

To detect signs of malware spying activity, listen to your personal feelings. If you feel like your computer is running much slower or your Internet connection is no longer as fast as it should be, these are the first symptoms that require further investigation.

By the way, not every antivirus reliably recognizes the danger. An overview of the best systems can be found in the table below. You will have to pay from 800 to 1800 rubles for them, but they will protect you relatively well from attacks. At the same time, you should not be afraid of a drop in performance due to the use of an antivirus. Modern versions have virtually no effect on the speed of the computer.

Cybercriminals are spreading 100 new viruses per hour. The desktop computer is the main target of spyware. Pests can only be detected with the right choice of utilities. Only a few programs will reliably protect your computer from spyware. Below are the market leaders.

		price, rub. (OK.)	Overall rating	Recognition	False anxiety	Performance
1	Kaspersky Internet Security for all devices	1800	99,9	99,7	100	100
2	BitDefender Internet Security	1600	97,5	100	96,3	93,6
3	Symantec Norton Security Standard	1300	96,9	98,1	96,7	94,7
4	Trend Micro Internet Security	800	94,3	90,8	98	97,5
5	F-Secure SAFE	1800	83,6	84,5	82,5	83

Use multiple scanners in parallel

Spyware burrows itself either into the system under the guise of a service or in individual programs. Some particularly deep-seated viruses can hide even from modern security tools. In recent years, information security specialists have constantly discovered vulnerabilities in antivirus systems: only recently did an expert Tavis Ormandy working in the department Project Zero Google Corporation, revealed deep holes in Symantec products.

In particular, he took advantage of the fact that Symantec has the right to unpack code inside the Windows kernel. By using a buffer overflow technique, the engineer was able to execute malicious code with kernel rights and thereby bypass antivirus protection - to name just one example.

Therefore, it is very important to check with several utilities. For additional security, use the program Farbar Recovery Scan Tool, which saves logs of running services.

Launch the utility and click “Scan”. Once the process is complete, you will find a log called “frst.txt” in the program folder. Open this file and go to the "Services" section. Here, look for names that indicate spyware, such as “SpyHunter.” If you are not sure about any of them, check in Google search.

If you detect uninvited guests, run the program SpyBot Search & Destroy and scan the system. After that, run again Farbar Tool. If as a result you no longer see the suspicious service, the virus has been removed. If SpyBot doesn't detect anything, use a scanner from Malwarebytes or ESET Online Scanner.

Protection instructions

Scan your PC using Farbar (1). This utility will display all active services in the log. If nothing suspicious was found, go through the system with ESET Online Scanner (2). The most insidious viruses can only be removed with the Rescue Disk solution from Kaspersky Lab (3).

Special programs for assistance in emergency situations

Even when carrying out various checks, it is worth considering that there are particularly insidious viruses, for example, rootkits, hiding so deep in the system that scanning with Farbar and other programs is not able to detect them.

Therefore, finally, always check the system with a tool Kaspersky Rescue Disk. It is a Linux system that runs separately from Windows and scans PCs based on modern virus signatures. Thanks to it, you will expose even the most intricate malware and clean your computer of spyware.

To block sniffing programs in the future, you must use the latest version of your antivirus and install all key system updates. To ensure that third-party offerings that are not automatically updated are always up to date, check out a comprehensive antivirus package Kaspersky Internet Security(a license for two devices costs 1,800 rubles). It will also provide anti-spy protection.

Photo: manufacturing companies

Sometimes it is important to know what is happening to the computer in your absence. Who does what on it, what sites and programs it includes. Special spy programs can report all this.

Spying on someone is, to say the least, not good. Or even criminally punishable (violation of the right to confidentiality and all that)... However, sometimes it won’t hurt to know, for example, what your child is doing at the computer in your absence or what the employees of your organization are doing when there are no bosses. Or maybe they are watching you?!!

Computers and mobile devices have long been exposed to danger from all kinds of viruses. However, there is a class of software that, without being malicious, can perform the same functions as, for example, Trojans - keep a log of application launches on the system, record all keystrokes on the keyboard, periodically take screenshots, and then send all the collected information to the one who installed and configured surveillance of the user.

As you understand, today we will talk specifically about spyware, their work and detection methods.

Differences from viruses

In the field of antivirus solutions, the class of spyware is known as “spyware” (from the English “spy” - “spy” and abbreviated “software” - “software”). In principle, some of the applications that will be discussed below are perceived by antiviruses as malicious, but in fact they are not.

What is the difference between real spyware and computer tracking programs? The main difference here is in the scope and method of operation. Spyware viruses are installed on the system without the user's knowledge and can serve as a source of additional threats (data theft and corruption, for example).

Spyware programs for monitoring a computer are installed by the user himself in order to find out what another user is doing on the PC. At the same time, the user himself may be aware that they are being monitored (for example, this is done in some institutions to record the working hours of employees).

However, in terms of operating principles, spyware is essentially no different from any Trojans, keyloggers or backdoors... So, we can consider them some kind of “defector viruses” that have switched to the “light side” and are used not so much for stealing information from a PC to control its operation.

By the way, in the West, the practice of introducing tracking software on the computers of users of corporate networks and on home PCs is quite common. There is even a separate name for this kind of program - “tracking software”, which allows, at least nominally, to separate them from malicious spyware.

Keyloggers

The most common and, to a certain extent, dangerous type of spyware are keyloggers (from the English “key” - “button” and “logger” - “recorder”). Moreover, these programs can be either independent viruses that are introduced into the system, or specially installed tracking utilities. There is essentially no difference between them.

Keyloggers are designed to record the presses of all buttons on the keyboard (sometimes also the mouse) and save the data to a file. Depending on the operating principle of each specific keylogger, the file may simply be stored on a local hard drive or periodically sent to the person conducting surveillance.

Thus, without suspecting anything, we can “give away” all our passwords to third parties who can use them for any purpose. For example, an attacker could hack our account, change access passwords and/or resell them to someone...

Fortunately, most keyloggers are quickly detected by most antiviruses because they are suspiciously intercepting data. However, if the keylogger was installed by an administrator, it will most likely be included in the exceptions and will not be detected...

A striking example of a free keylogger is SC-KeyLog:

This keylogger, unfortunately, is detected by the antivirus at the download stage. So, if you decide to install it, temporarily disable the protection until you add the necessary files to the “white list”:

program executable file (default: C:\Program Files\Soft-Central\SC-KeyLog\SC-KeyLog2.exe);
executable file of the tracking module, which will be created by you in the specified folder;
library (DLL file) for hidden data processing, the name of which you also set at the settings stage and which is stored by default in the C:\Windows\System32\ folder.

After installation you will be taken to the setup wizard. Here you can specify the email address to which data files should be sent, the name and location of saving the executable keystroke interception modules mentioned above, as well as the password required to open logs.

When all the settings are made and the keylogger files are included in the list of trusted antivirus programs, everything is ready to work. Here is an example of what you can see in the log file:

As you can see, SC-KeyLog displays the titles of all windows with which the user works, mouse button presses and, in fact, the keyboard (including service keys). It is worth noting that the program cannot determine the layout and displays all texts in English letters, which still need to be converted into a readable Russian-language form (for example,).

However, keylogger functions can be hidden even in popular non-specialized software. A striking example of this is the program for changing the text layout Punto Switcher:

One of the additional functions of this program is the “Diary”, which is activated manually and, in fact, is a real keylogger that intercepts and remembers all data entered from the keyboard. In this case, the text is saved in the desired layout and the only thing missing is intercepting mouse events and pressing special keyboard keys.

The advantage of Punto Switcher as a keylogger is that it is not detected by antivirus software and is installed on many computers. Accordingly, if necessary, you can activate tracking without installing any software or additional tricks!

Complex spies

A keylogger is good if you only need to know what the user enters from the keyboard and what programs he launches. However, this data may not be enough. Therefore, more complex software systems were created for comprehensive espionage. Such spy complexes may include:

keylogger;
clipboard interceptor;
screen spy (takes screenshots at specified intervals);
program launch and activity recorder;
sound and video recording system (if there is a microphone or webcam).

So that you can better imagine how such programs work, let’s look at a couple of free solutions in this area. And the first of them will be a free Russian-language surveillance system called (attention, antiviruses and browsers can block access to the site!):

The program features include:

intercepting keyboard keystrokes;
taking screenshots (too frequent by default);
monitoring running programs and their activity time;
Monitoring PC activity and user account.

Alas, this complex for tracking a PC is also detected by antiviruses, so to download and install it you must first disable the protection. During installation, we will need to set a key combination to call the program interface, as well as a password for accessing the collected data. After the installation is complete, add the entire folder with the spyware to the antivirus “white list” (by default C:\Documents and Settings\All Users\ Application Data\Softex) and you can activate the protection back.

Softex Expert Home will run in the background and will not create any shortcuts or active icons anywhere. It will be possible to detect its operation only by pressing the hotkey combination you have specified. In the window that appears, enter the access password, first of all go to the “Settings” section on the “Screenshots” tab and increase the minimum interval between shots, as well as the timer interval (by default, 2 and 10 seconds, respectively).

Such a spy is quite enough to monitor your home computer. In addition to the features already mentioned above, Expert Home has a function for remote viewing of statistics, which allows you to view logs via the Internet. To activate it, just click the button to connect to the server in the “Internet monitoring” section, and then wait for the computer ID and access password to be issued, which you will need to enter on the developers’ website:

It is worth clarifying that in the free mode, statistics are stored on the server for only one day. If you want to access a longer period, you will have to pay from 250 (7 days) to 1000 (30 days) rubles per month.

Another free comprehensive computer monitoring program is:

Despite the fact that the name of the program includes the word “keylogger”, in fact it has much more capabilities. Among them:

The program itself is not detected by the antivirus, however, with active heuristic algorithms, its “suspicious” activity is detected. Therefore, it is best to install and configure it with protection disabled.

At the installation stage, no preliminary preparation is required (the only thing you need is to choose for whom the program is being installed and whether its icon should be displayed in the tray). However, after installation, you need to add the program folder (by default C:\WINDOWS\system32\Mpk) and its executable file MPKView.exe to the antivirus exclusions.

When you launch it for the first time, the settings window will open. Here we can change the language from English to, for example, Ukrainian (for some reason there is no Russian...), set our own keys for quickly calling the program (by default ALT+CTRL+SHIFT+K) and a password for entering the control panel.

That's all, actually. The main disadvantage of the free version of the program is its limitations in some aspects of tracking (not all programs are available, for example), as well as the inability to send logs by mail or via FTP. Otherwise, almost everything is good.

Spyware exists not only for desktop computers, but also for mobile platforms. If you want to know what your child is doing on a tablet or smartphone, you can try using the free multi-platform tracking system KidLogger.

Sniffers

The last, and most insidious, means of espionage can be the so-called sniffers (from the English “sniff” - “sniff out”). This class of programs is scientifically called “traffic analyzers” and is used to intercept and analyze data transmitted over the Internet.

Using a sniffer, an attacker can connect to a user's current web session and use it for his own purposes on behalf of the user himself by replacing data packets. If you are very unlucky, then with the help of a sniffer they can “steal” your logins and passwords for entering any sites where traffic encryption is not used.

Those who use one or another public network (for example, a Wi-Fi access point) to access the Internet are most at risk of becoming a victim of a sniffer. Also, users of corporate networks with an overly “entrepreneurial” administrator may be under theoretical threat.

So that you can roughly understand what a sniffer is, I suggest considering a representative of this class of programs developed by the popular team NirSoft:

This sniffer is intended mainly for intercepting data packets on a local PC and serves more for good intentions (like network debugging). But its essence is the same as that of hacker tools.

A person who understands the principles of data transmission via network protocols and understands what kind of information is transmitted in a particular packet can decrypt its contents and, if desired, replace it by sending a modified request to the server. If the connection is over a simple HTTP channel without encryption, then a hacker can see your passwords right in the sniffer window without having to decode anything!

The problem is aggravated by the fact that previously there were sniffers only for desktop operating systems. Today, for example, there are numerous sniffers for Android. Therefore, an attacker analyzing traffic can be practically anywhere (even at the next table in a cafe with free Wi-Fi! A striking example of a sniffer for Android is the mobile version of the popular sniffer WireShark:

Using this sniffer and the Shark Reader log analysis program, an attacker can intercept data directly from a smartphone or tablet connected to a public access point.

Countering spies

So we learned how the main types of spyware work. And a logical question arises: “How can you protect yourself from surveillance?”... This is a “difficult, but possible” task.

As you can see, almost all spyware programs can be detected by antivirus software. Therefore, the first step is to update the anti-virus databases and your installed security software. In addition, be sure to open the “white list” of your antivirus package and see if it allows files with suspicious names located in system folders.

If you use the mentioned Punto Switcher (or its analogues), be sure to check if someone has turned on “Diary” without your knowledge.

If no suspicious parameters are found either in the antivirus settings or in Punto Switcher, you can resort to scanning the system with special antivirus scanners. I recommend using programs that I have personally tested more than once and .

In addition, you can check currently running processes using special anti-virus task managers. An example of this is a free utility. This tool allows you not only to see the names and addresses of all running processes, but also to quickly assess the degree of their maliciousness (even potential).

The hardest thing is to counteract sniffers. If you cannot completely refuse to use public networks, then the only type of protection may be the use of sites that support the encrypted HTTPS data transfer protocol (most social networks now have it). If the site or service you need does not support encryption, then, as a last resort, you can organize a secure data transfer tunnel using VPN.

conclusions

As you can see, installing and monitoring any computer is not so difficult. Moreover, this can be done completely free of charge using small programs. Therefore, if you use public networks or work on a PC that is used by several users, then theoretically there is a chance that you are already being monitored.

Excessive carelessness and trust can cost you, at a minimum, the loss of passwords from your accounts on social networks, and, in worst cases, for example, the theft of money in your electronic accounts. Therefore, it is important to follow the principle of “trust but verify.”

If you yourself decide to spy on someone’s computer, then you must honestly warn the user about this. Otherwise, if espionage is detected, you can earn a lot of problems on your head :) Therefore, before you spy, think twice about it!

P.S. Permission is granted to freely copy and quote this article, provided that an open active link to the source is indicated and the authorship of Ruslan Tertyshny is preserved.

Prank viruses are simple programs that can be slipped to a friend (or enemy) to make them think that their computer has been hacked, infected with a virus, or seriously damaged. Prank viruses can be written in regular Notepad: you just need to write commands into a file that slow down the computer, disable the operating system, or simply scare the user, and then force him to run this file. Prank viruses can be anything from an annoying nuisance to a system-breaking nightmare. The "viruses" in this article are meant to be harmless pranks only, the worst thing they can do is shut down your computer. Attention: These joke viruses are designed for Windows computers only, they will not work on Mac OS without special training. Let's start with step 1.

Steps

We write a fake virus that opens “endless” windows

Launch Notepad. Batch (.BAT) files contain commands for the computer in text form. In order to write a BAT file, you do not need a special editor - Notepad from the standard set of Windows programs is enough. Notepad can be found in the Start menu or in the Accessories submenu. You can also open Notepad by pressing the Win+R key combination, type “notepad” in the text field of the dialog box that appears and press Enter.

Type "@echo off" and then, on a new line, "CLS". By default, BAT files open a command prompt window and output executable commands. The "@echo off" and "CLS" commands prevent commands from appearing in the Command Prompt window, making the source of the joke invisible to the "victim".

Write commands to open many (or an infinite number) of windows. Now it’s time to write a sequence of commands, executing which, your fake virus will open many windows of different programs once or will open these windows endlessly. It's important to know that if you open too many windows endlessly, your computer may eventually freeze. Read on to learn how to make both types of “virus”:

To open certain number of windows, from a new line type the following command in Notepad: start (program name). Instead of the phrase in brackets, enter the name of the program on the “victim’s” computer or or the full name of the executable file. This command instructs the computer to open a specified program window. For example, start iexplore.exe will open an Internet Explorer window. Repeat the "start" command as many times as you want, and your "virus" will open the window as many times as you specify. Here are a few programs that can be entered after the “start” command:
- iexplore.exe - Internet Explorer browser
- calc.exe - Calculator
- notepad.exe - Notepad
- winword.exe - Microsoft Word
To open infinite number of windows, first type on a new line :A, including the colon. On the next line type start iexplore.exe(or other program). And finally, on the line below, type goto A. This sequence of commands will cause the computer to open an Internet Explorer (or any other program) window, return to the location just before the window opened, and then immediately open a new window until the Command Prompt window is closed or the computer freezes.

Write a message in the “virus”. For a frightening effect, you can add a message to the “virus” that will make the user think that something is wrong with his computer. To display a message, start a new line and type echo Your message. Then on a new line type pause. The "pause" command will stop the execution of the "virus" after the message appears.

To make your joke believable, write a message similar to real error messages, for example: Fatal error. The C:// directory is corrupted.

Save the text as a batch file. When you're done, from the Notepad menu, select File > Save As..., and then specify the file extension ".bat" (for example, "pinball.bat"). From the File Type drop-down list, select All Files. Save the file somewhere on the “victim’s” computer.

Force the user to open the file. For your joke to work, you need to get the “victim” to start it. This can be achieved in different ways. One of the ones that works is to create a shortcut to your batch file and change its icon to something the user actually uses, then change the name of the shortcut to match the icon. Sit back and watch the results from the comfort of your seat!

How to write a .VBS with a bug or hack message

Launch Notepad. Like the previous joke, this one requires you to write a few simple commands in Notepad. However, this time the effect will be different - instead of opening windows, this joke creates several error messages that will make the user think that there is an error in their operating system or that the computer has been hacked.

Type "x=msgbox("MessageText", 5+16, "MessageTitle") exactly as specified here, including brackets and quotes, and replace "MessageText" and "MessageTitle" with the desired text. This command opens the standard Windows error dialog box with the error message and window title you specify. To make your joke believable, use real-life messages and titles. For example, try "Terminal Error" as the title and "In directory C:/" as the message. /Users/Windows/system32 a critical problem has been detected."

You might want to take your joke further in the hacking direction. In this case, use messages like: “I have full access to your system. Prepare to be hacked." Nothing like that will actually happen, so it will only work with people who are not good with computers.
The expression “5+16” tells the computer to create a dialog box with a critical error icon and two buttons, “Retry” and “Cancel.” By changing these numbers, you can get different types of error windows. Simply substitute any one-digit number for 5 and any two-digit number for 16 from the numbers below:
- 0 (OK button)
- 1 (OK and Cancel buttons)
- 2 (Cancel, Redo and Skip buttons)
- 3 (Yes, No, and Cancel buttons)
- 4 (Yes and No buttons)
- 5 (Redo and Cancel buttons)
- 16 (Critical error icon)
- 32 (Help icon)
- 48 (Warning icon)
- 64 (Information icon)

Repeat the error message as often as you like. Repeat the commands above as many times as you wish with any error messages. Messages will appear one after another, that is, as soon as the user closes one message, another will open. You can use this fact to create a longer message that is increasingly urgent.

Save the document as a Visual Basic (VBA) file. Once you have entered all the desired messages, save the file. From the Notepad menu, select File > Save As..., give your file a name with the extension ".vba". Be sure to select "All Files" from the "File Type" drop-down list. Now, for the joke to succeed, you need to force the “victim” to run this file, for example using the trick from method 1.

Using a pre-written batch file

Launch Notepad. This prank uses commands from Notepad to force the computer to open programs randomly until the batch file is disabled or the computer freezes. To make this prank you just need to copy and paste the commands given in this section. However Note that this will not work on all computers.

Copy and paste the following commands:@echo off cls begin goto %random% :1 start cmd.exe goto begin:2 start mspaint.exe goto begin:3 start pinball.exe goto begin:4 start iexplore.exe goto begin:5 start explorer.exe goto begin: 6 start solitaire.exe goto begin:7 start explorer.exe goto begin:8 start edit.exe goto begin:9 start iexplore.exe goto begin:0 start mspaint.exe goto begin

:(number, letter or word) - label. You can go to it using the “goto” command.

Note: in the example above we have 10 labels. If we miss one number, the program will exit if %random% generates that number.

Here is a sample of one of the most annoying programs and its code:
@echo off
:a
start notepad
goto a

All it does is open Notepad an infinite number of times until the user closes the Command Prompt window. Do not run it on your computer unattended - it may end badly.
This is a simplified version of Method 1 discussed above.
Experiment with different commands! If you want to make the joke malicious, use a command that deletes files or erases data from your hard drive.

Warnings

You may have problems with malicious batch files being used or school or public computers being corrupted. Unintended transmission of such files over the Internet or recording of them on public systems is prohibited.
Don't overdo it. 10 copies of something like Pinball is very annoying. Hundreds of copies can cause your computer to freeze and put someone out of work.

When using the Internet, you should not assume that your privacy is protected. Ill-wishers often monitor your actions and seek to obtain your personal information using special malware - spyware. This is one of the oldest and most common types of threats on the Internet: these programs enter your computer without permission to initiate various illegal activities. It is very easy to fall victim to such programs, but it can be difficult to get rid of them - especially when you do not even know that your computer is infected. But don't despair! We will not leave you alone with threats! You just need to know what spyware is, how it gets onto your computer, how it tries to harm you, how to eliminate these programs, and how you can prevent spyware attacks in the future.

What is spyware?

History of spyware

The term “spyware” was first mentioned in 1996 in one of the specialized articles. In 1999, this term was used in press releases and already had the meaning that is assigned to it today. He quickly gained popularity in the media. A little time passed, and in June 2000 the first application designed to combat spyware was released.

“The first mention of spyware dates back to 1996.”

In October 2004, the media company America Online and the National Cyber Security Alliance (NCSA) conducted a study on this phenomenon. The result was incredible and frightening. About 80% of all Internet users have at one time or another encountered spyware infiltrating their computers; approximately 93% of computers had spyware components, while 89% of users were unaware of it. And almost all users who were victims of spyware (about 95%) admitted that they did not give permission to install it.

Today, the Windows operating system is the preferred target for spyware attacks due to its widespread use. However, in recent years, spyware developers have also been paying attention to the Apple platform and mobile devices.

Spyware for Mac

Historically, spyware authors have targeted the Windows platform as their main target because it has a larger user base than the Mac platform. Despite this, the industry experienced a significant surge in Mac malware activity in 2017, with the majority of attacks carried out through spyware. Mac spyware has a similar behavior pattern to Windows spyware, but is dominated by password stealers and general-purpose backdoors. Malicious activities of software belonging to the second category include remote execution of malicious code, keylogging, screen capture, arbitrary file upload and download, password phishing, etc.

“The industry experienced a significant surge in Mac malware activity in 2017, with the majority of attacks carried out through spyware.”

In addition to malicious spyware, so-called “legitimate” spyware is also common on the Mac. These programs are sold by real companies on official websites, and their main purpose is to control children or employees. Of course, such programs are a classic “double-edged sword”: they allow the possibility of abuse of their functions, since they provide the average user with access to spyware tools without requiring any special knowledge.

Spyware for mobile devices

Spyware does not create a shortcut and can reside in the mobile device's memory for a long time, stealing important information such as incoming/outgoing SMS messages, incoming/outgoing call logs, contact lists, email messages, browser history and photos. In addition, mobile device spyware can potentially track keystrokes, record sounds within the range of your device's microphone, take photos in the background, and track your device's position using GPS. In some cases, spyware even manages to control the device using commands sent via SMS and/or coming from remote servers. Spyware sends stolen information via email or via data exchange with a remote server.

Don't forget that consumers are not the only target of cybercriminals who create spyware. If you use your smartphone or tablet at work, hackers can attack your employer's organization through vulnerabilities in the mobile device system. Moreover, computer security incident response teams may not be able to detect attacks carried out through mobile devices.

Spyware typically infiltrates smartphones in three ways:

An unsecured free Wi-Fi network that is often installed in public places, such as airports and cafes. If you are registered on such a network and transmit data through an unsecured connection, attackers can monitor all the actions you perform while you remain on the network. Pay attention to warning messages that appear on your device's screen, especially if they indicate a failure to verify the server's identity. Take care of your safety: avoid such unsecured connections.
Operating system vulnerabilities can create the preconditions for malicious objects to penetrate a mobile device. Smartphone manufacturers often release operating system updates to protect users. Therefore, we recommend that you install updates as soon as they become available (before hackers try to attack devices that have outdated software installed).
Malicious objects are often hidden in seemingly ordinary programs - and the likelihood of this increases if you download them from websites or messages rather than through the app store. It's important to pay attention to warning messages when installing apps, especially if they ask for permission to access your email or other personal data. Thus, we can formulate the main security rule: use only trusted resources for mobile devices and avoid third-party applications.

Who is targeted by spyware?

Unlike other types of malware, spyware developers do not aim to target any specific group of people with their products. On the contrary, in most attacks, spyware spreads its networks very widely to target as many devices as possible. Consequently, every user is potentially a target for spyware, because, as attackers rightly believe, even the smallest amount of data will sooner or later find its buyer.

“In most attacks, spyware casts its networks very widely to target as many devices as possible.”

For example, spammers buy email addresses and passwords to send malicious spam or impersonate someone else. As a result of spyware attacks on financial information, someone can lose funds in a bank account or become a victim of scammers who use real bank accounts in their scams.

Information obtained from stolen documents, images, videos and other digital forms of data storage can be used for extortion.

Ultimately, no one is immune from spyware attacks, and hackers don't think much about whose computers they infect in pursuit of achieving their goals.

What should I do if my computer is infected?

Once inside a system, spyware tends to remain undetected and can only be detected if the user is experienced enough and actually knows where to look. So many users continue to work, unaware of the threat. But if you think that spyware has penetrated your computer, you must first clean the system of malicious objects so as not to compromise new passwords. Install a reliable antivirus that is capable of providing adequate cybersecurity and uses aggressive algorithms to detect and remove spyware. This is important because only aggressive antivirus actions can completely remove spyware artifacts from the system, as well as restore damaged files and broken settings.

Once your system has been cleared of threats, contact your bank to alert them to potential malicious activity. Depending on what information was compromised on the infected computer (especially if it is connected to a business or organizational network), you may be required by law to report the virus to law enforcement or make a public statement. If the information is of a sensitive nature or involves the collection and transmission of images, audio and/or video, you should contact a law enforcement official to report potential violations of federal or local laws.

One last thing: Many identity theft protection vendors claim that their services can detect fraudulent transactions or temporarily freeze your credit account to prevent damage from malicious malware. At first glance, blocking a credit card is a really sound idea. However, Malwarebytes strongly recommends against purchasing identity theft protection products.

“Many identity theft protection vendors claim that their services can detect fraudulent transactions.”

How to protect yourself from spyware?

The best protection against spyware, as with most types of malware, depends primarily on what you do. Please follow these basic guidelines to ensure your cybersecurity:

Do not open emails from unknown senders.
Do not download files from unverified sources.
Before clicking on a link, hover your mouse over it to see which web page it will take you to.

But as users have become more sophisticated in cybersecurity, hackers have become more sophisticated, too, creating increasingly sophisticated ways to deliver spyware. This is why installing a proven antivirus is extremely important to combat the latest spyware.

Look for antiviruses that provide real-time protection. This feature allows you to automatically block spyware and other threats before they can harm your computer. Some traditional antivirus and other cybersecurity tools rely heavily on signature-based detection algorithms—which are easy to bypass, especially when it comes to modern threats.
You should also pay attention to the presence of functions that block the penetration of spyware into your computer. For example, this could include anti-exploit technology and protection against malicious websites that host spyware. The premium version of Malwarebytes has a proven track record of providing reliable anti-spyware protection.

In the digital world, dangers are an integral part of online reality and can await you at every turn. Fortunately, there are simple and effective ways to protect yourself from them. If you maintain a healthy balance between using an antivirus and taking basic precautions, you will be able to protect every computer you use from spyware attacks and the actions of the criminals behind them.
You can read all our spyware reports