Let’s face it – although torrents and P2P networks are used to distribute illegal goods 99% of the time, that 1% of legitimate use is what keeps them in business. Torrent and P2P networks are the two most popular forms of finding the files you want to download. When is the last time you googled “index of /music” to find some sweet mp3s? A while, I bet. P2P and torrents are the new filesharing networks – so why not use them to distribute your malware?
Sites such as MegaUpload and RapidShare allow anyone to upload any file at any time, anonymously. There are more sites like these, but these two are the most popular – and what I’ll talk about.
What you want to do first, is find a niche that you want to appeal to. Common ones are hacking tools and illegal warez, such as games, cracks, and keygens. These type of files are commonly misrepresented as malware, so people will be more likely to ignore an annoying message from their antivirus telling them to delete whatever it is they got from you.
Forums are great ideas for niches. Want hacking? How about some warez forums? They’re brilliant ideas. If you find a site or forum where people go to either request or fufill requests for hard-to-find things such as specific anime, porn, programs, or videos, it’s an excellent place to spread your dirty stuff. The harder-to-find something is, the longer someone is going to look, and the more frustrated they’ll become when they don’t find it. The more frustrated they become, the more likely they’re willing to run VB6_nocdkey-crackedby-_-gibson-_-.exe.
Filenames are key. Pretend you’re downloading a “cracked version” of Flash 8 Professional from some unknown website. Would you be more willing to run flash.exe, f8p.exe, flash_8_professional_rusk_cr4ck.exe, or even flash8setup.exe? It’s up to you – pick what you want to name your file according to your niche. For best results, research common names that are already in use and base yours off them. Sometimes networks have keywords you might not be familiar with if you’re just jumping into the game.
Speaking of keywords, I want to mention torrents. I won’t go into much detail in this article (perhaps later) but I will have to say they are just as efficient as P2P networks – if used right. With torrents, you have to build up seeds and prevent negative comments. If a victim downloads your botnet client and a big, scary command prompt with green text on a black background screams at them, “YOU’VE BEEN INFECTED HAHAHAHAHA,” they’re obviously going to comment on the torrent that it’s a virus – and tell others not to download it. They will probably even report it, where it’ll be taken down quite quickly.
I recommend, for torrents, to make a fancy GUI frontend in either Visual Basic or with a GUI extension for your programming language (like Tk). It makes the program more believable. If you’re supposed to be generating keys for World of Warcraft, have a fancy WoW program that generates keys that look like WoW keys. It’s much better for someone to report on the torrent site, “The keys have all been used!” than “This is a rootkit in a box.”
In conclusion, torrents and P2P networks are very efficient ways to spread malicious code and software. Many people are desperate for many things, and many people just don’t know any better. Many people will download and run your programs – so have fun!
Please note that you may link to torrents off server, but may not host or store them.
Indeed – this article deals with manual spreading. You, I guess, could automate uploading things to rapidshare/others, but I don’t think it’d be too efficient if they changed their design and broke your script.