Tuesday, 11 December 2012

DeadLine's Survey Builder (Adslocker)

Another 'adslock' this time in .NET (so yeah, that come from HF)

Webcheck:
It open a webpage to a text file and look on the txt your hwid, on the list ? allowed.

Builder:


Locker:

Designed to fail.
Open 'random' program not so random, just predefined urls:
And the infected guys must use the 'C' letter for Windows (lol?)
Another example:

Write words, not so random, predefined once again:

Open random predefined sites:

url/pw stored in plain:

For the rest it's just like usual infections, registry persistence via HKCU[...]CurrentVersion\Run, etc...
AdsLocker seems fashion on hackforum since Adslock.A
RazorLock:

FileIce open source AdsLock:

Another AdsLock from HF:

Please guys.. no more .NET
Posted by at 21:38
Labels: , ,

1 comment:

Subscribe to: Post Comments (Atom)