Pages

Tuesday 31 January 2012

StyxCrypt

About

World's first fully automated online obfuscation service is a service to provide a full range of obfuscation services of binary data and source code by nine input data formats.

Currently we support the most demanded spectrum of morphing formats which are demanded by thousands of webmasters:

JavaScript;
HTML;
EXE;
DLL;
PDF;
SWF;
IFrame;
PHP;
ASP;

Multi Obfuscator has it's own polymorphic engine which enables a possibility to morph a vide range of inupt data. This means every time you morph something you will get absolutely different binary and source code.
System provides an external API and gives a possibility to automate software and services for all customers.
You will be fully satisfied by morphing quality and speed of updates.







FAQ

Q: What's this service about?
A: Our service is first world-class fully automated multicrypt service. At the moment we have the maximum quantity of morphing input data types, fully automated system based on polymorphic engine and API suported.


Q: What types of crypting do you support?
A: We support nine morphing data tyes:

HTML: source code with or without JavaScript;


JavaScript: inside HTML or standalone (which is helpful for clickunders, popunders and morphing any type of context advertising);
EXE and DLL as Windows Coff PE executables;
PDF: content morphing;
SWF: morping source AS3-scripts;
PHP / ASP source scripts;


Q: Who are your customers?
A: Our customers are partners program, online casino, traffic stocks, banner networks, adult, pharma and so on.


Q: What are your benefits compare to private services?
Firstly no one of private services can't morph such quantity of data types as we can. We have a polymorphic kernel that guarantees that all output code will be fully different and enthropy will be almost 100%. As we have a polymorphic stub every crypted fule will be unique and can live before reversing and disassembly long time. We have rapid updates and you will not wait and waste your time. Also we have API to automate your services. Hope reasons above will help you to make right decision to work with us.


Q: Can you guarantee 100% FUD on Coff/PE? Do you provide money back in this case?
A: No, we cannot guarantee 100% FUD. Also we don't have money back system (but in any case support can add an amount to your balance by it's own opinion in case of detects). If you can use it — welcome. If you noticed a detect please contact support and tell them details and check URL; it can help to make FUD in a short time. For the projects with huge loads we have private cryptor. Please contact support for it.


Q: How can I crypt the file?
A: To encrypt a file or URL simlpy register in the system, charge your balance, select your tariff and upload a file to crypt in the user menu «Obfuscation».
Innovation is an automated service verification, which checks the file after obfuscation, provides a link to check the results of which you can agree (and get a file) or disagree (money back to your balance).
Therefore, if the job is "stuck" on the status of "Pending", you simply open the task, click on the link and make sure that you are satisfied.

Q: Do you have automation and possibility to work with API?
A: Yes, we provide API for development needs and also we have sample PHP library

Q: What's the maximum file size?
A: EXE / DLL is 160 kilobytes and other crypting services are 1 megabyte.

Q: What are your demands to Coff/PE files?
A: Files must be provided as is without packing by any Coff/PE packer like UPX, PECompact and so on.

Q: Can I obfuscate files with greater size?
A: Yes, you can. Knock support, it will answer all your questions.

Q: How scheduler works?
A: Scheduler morphs your source every time to let you get always new and fresh version. Morphing interval can be selected by customer by adding a new task to morph.


Q: What payment methods do you support?
A: Currently we support WebMoney in authomatic mode and Leberty Reserve in manual mode.


Q: I crypted the file, but not satisfied by result. What should I do?
A: You should fill the form in contacts where describe task number and your complain. We will answer in as soon as it will be possible.


Q: Did you pass the tests?
A: Yes, we did. You can ask public and private links by contacting our support.


Q: Is the service anonymous?
A: Yes, it's totally anonymous. All files are fully deleted in 30 days.


Q: What does it mean - Styx?
A: Just read wiki: http://en.wikipedia.org/wiki/Styx
The Styx (Greek: Στύξ, also meaning "hate" and "detestation") (adjectival form: Stygian, /ˈstɪdʒi.ən/) is a river in Greek mythology that formed the boundary between Earth and the Underworld (often called Hades which is also the name of this domain's ruler). It circles the Underworld nine times.

Sunday 29 January 2012

Ann Loader

English Translation by @Sherb1n

Ann Loader Seller – Noncenz - Adv on Forums

You know our team from projects like RedZone password recovery system, MKL professional keylogger, Destination Darkness DDoS bot (aka Optima), PassView password viewer, and others. AnnLoader is a worthy addition to this collection!

[Functionality]

• You can set up tasks: X installs in country A, and so on.
• Set task priority
• Edit and re-arrange the tasks
• The build is only 14KB
• The program is written in API
• You can adjust the bot load and set up a white zone
• AnnLoad has a stable, fast, easy-to-use and safe admin panel.
• The control panel does not store your password in the config file, only in cache!
• AnnLoad algorithm does not contain anything that can mess with the encryption process (service mode, tls, etc…)

[Admin panel screenshots]












[Additional modules]

1) ThiefX. Version: 1.3. Password grabber. This module can grab passwords from 14 programs (more can be added upon request):
• Fxp (ftp)
• Total commander (ftp)
• Filezilla (ftp)
• Wsftp (ftp)
• Mozilla Firefox (включая 7-ю версию) (web, forms)
• Opera (включая последние версии) (web, forms, ftp)
• CuteFTP (ftp)
• Qip2005 (icq)
• Qip2010 (icq, eml)
• QipInfium (icq, eml)
• The bat (eml)
• RDP (rdp)
• Google Chrome (web)
• Safari (web)

2) Substitution. Version: 1.0. The module allows you to edit/substitute the hosts file on your bots.

3) We can create a module that will be modifying the Webmoney purse id in the clipboard. Contact us on ICQ if interested.

4) MKL Keylogger. Version: 1.1. Dependable keylogger, supports Cyrillic, can send logs to HTML/FTP.

[License agreement]

By accepting the license terms for this software, you acknowledge that you will use AnnLoad exclusively for testing your own systems. Any other use of this software is in violation of this agreement and of the laws of the Russian Federation. If you do not agree to one or more clauses of this agreement, do not use the software in any way or manner.
The DD team shall not be liable for any damage to you or third parties arising from the use of this software.
The product is delivered “as is”.
You may lose your license for violating the terms of this agreement or if such decision is made by the DD team.

[Payment]

•WebMoney (WMR/WMZ/WMU/WME).
•Liberty Reserve. (+ 5% of the price)
•Perfect Money.(+ 5% of the price)
•LiqPay. (+6% of the price)
•AlertPay (+6% of the price)
•YouMax (+ 7% of the price)
•Ukash (+5% of the price)
•We can work with an escrow. Escrow fees are paid by the client.
•We do not work with protection.

[Why you should buy from me]

• Fairness, friendliness, politeness.
• Honesty (I am ready to work through an escrow, but on your dime).
• I’m often online (daily, with rare exceptions).
• Personal WM passport (BL >120).
• I have been selling software for over 10 months.
• I will always try to answer all your questions, like ‘where to go for hosting’, ‘where to buy installs’, ‘who to order a script from’, etc.

[Referral program]

• Very straightforward: bring in a client, get anywhere from $45 to $100. The more clients you bring, the more $$$ you get!

[Price list]

• Minimal: Loader, no free updates - $330
• Standard: Loader, +1 month of free updates - $380
• Bronze: Loader, +3 months of free updates, plus 1 fee re-build - $480
• Silver: Loader, +6 months of free updates, plus 2 free re-builds - $530
• Gold: Loader, + free updates forever, + 5% discount on our other products, + 5 free re-builds, + module of your choice for free - $630.
• Platinum: Loader, + free updates, + 25% discount on our other products, + free re-builds, + 2 modules of your choice for free - $725.
• Diamond: Loader, + free unlimited updates, + free unlimited re-builds, + 30% discount on our other products, + all modules for free = $825.
• Updates - $35-$85 (depending on the importance of the update).
• Re-build (change of URL) - $35.
• Source code – contact us.
• New functionality – contact us.

[Modules]

• ThiefX. Password grabber - $50
• Subsitution. Hosts file substitution - $35
• MKL Keylogger - $55. This module can be purchased as a stand-alone product for $85.
• New modules request – contact us.

Saturday 28 January 2012

Citadel Zeus bot

English Translation by @Sherb1n

- New clone of Zeus after ICE IX

Coder- Aquabox - Adv on Underground Forums

Citadel 1.1 - FF/IE/Chrome Grabber + Video Recording & Anti Tracker Protection

We’re offering a great solution for creating and updating your botnet.
We’re not trying to re-invent the wheel or come up with a revolutionary product. We have simply perfected the good old Zeus, making significant functionality improvements, adapting it to the survival conditions of today’s security landscape, and giving it a new name. Originally, we developed it for our own needs; during the development process, we also decided to create a “social circle” of support community, which is described later in this article.

Changes have been made both to the bot itself and to the web components.
We don’t sell “eye candy”. What you are paying for is the new functionality and coders’ motivation to support the product.

New features for the bot:

[+] Fixed VNC bug on Vista/Win7. Internet Explorer is now fully supported (there used to be a rendering problem in IE)

[+] Added support for Mozilla Firefox 7.0 (recent versions have had problems sending the reports; the problem is now fixed)

[+] Crypto-protection (the body is decrypted in memory)

[+] DNS-redirects (not through hosts). Any URL can now be blocked/redirected, undetectable by heuristics. For example, block AV servers or redirect bank pages to a different host.
!BONUS! The list of popular AV server URLs to clock is included.

[+] Software version is included in the report. The report will contain detailed information on the holder’s browser version. This can be used to imitate the holder’s settings.

[+] Extra layer of protection from trackers – Login Key.

[+] Authentication mechanism for config updates (no direct URLs). Adequate protection against established trackers.

[+] Grabber support for Google Chrome. (tested on latest versions 15.x/16.x)

[+] Inject support for Google Chrome. (tested on latest versions 15.x/16.x)

[+] Added function search caching, for faster hook setting in Chrome.

[+] Added feature: bot can run system CMD commands at startup (the CMDList section) and upload the report to server. For example, you can specify that upon installation your bot should upload the output of “ipconfig /all” or the list of all shared drives. This is a good feature to have when analyzing a company’s internal structure. (For example, you can often see bots with names like ACCOUNTANT_PC, POS_SERV, DATABASE…)

[+] Added mechanism to check the integrity of hooks in some Windows.

[+] Environment heuristic analyzer can use a stop-list to terminate undesirable software (significantly improves stealth), all popular AV products are included in the list.

[+] Small bugs have been fixed.

[+] Video grabber gives you a unique opportunity to see how your injects work “through the eyes of the holder”. Just specify the list of URLs and the recording time in seconds in the config file, and the bot will start recording video (in MKV format) as soon as the holder visits one of the URLs. Make sure your server can receive files of 10-60MB.

[+] Removed the “cookie clearing” feature, because it was messing up the machine’s fingerprint.

[+] Added support for HTTP 1.0 and extended headers (for example, the response doesn’t always look like “HTTP/1.1 200 OK”, sometimes it can be “HTTP/1.1 200 follow document”, where code 200 is followed by a couple of words), this is applicable to Firefox & Chrome

[+] Added gate generator (in case you want to place files on an intermediary host for redirect)

[+] All of Zeus’s basic functionality is included. I don’t think it needs to be listed here.

[+] Fully revamped, more user-friendly web-admin interface.


Figure 1. Builder, main screen



Figure 2. Web-panel, main screen



We’re not going to talk about the bot’s uptime, you’ll see it for yourself. Gratitude is accepted in the form of LR tokens.

This is the basic package. Price: $2,399.00

Important:

Our software does not work on Russian-language systems. If a Russian or Ukrainian layout is detected, the bot terminates.

This is done to prevent installs on CIS systems. You may disagree, but that’s taboo for us.

If you want to test the bot or develop your own injects – install an English-language system. We will provide URLs to download the OS image and VMWare to save you some time.

ADDITIONAL MODULES:

List of new features for web-admin panel (individual modules):

[+] Full-featured VNC control panel.
Now you can:
- Collect data on specific companies and accounts of interest into a separate DB and a separate script. It has a nice layout, you can see the list of online bots and details of the collected accounts.
- Create a VNC connection to any bot in 2 mouse clicks.
- View stats on active/dead accounts (or bots).
- Add/edit memos to the collected accounts.
- Receive automated Jabber alerts whenever a new account is added or a bot comes online. For convenience, the alert contains the IP:PORT for VNC connection.
- Sort the bots depending on their online/used/unused status.
- Specify a BotID, and have a VNC connection automatically created whenever the bot comes online.
Price: $495.00

Figure 3. VNC control panel



[+] High-quality SOCKS checker module.
You can specify several DBs of different botnets. The module uses web surfing to check the SOCKS, for a 99.9% accuracy.
Price: $49.00

[+] Executable files auto-encryption module.
Tired of manually encrypting your files or waiting for that encrypter to come back online? Automate the encryption task with this awesome auto-crypt module that will automatically refresh your botnets’ exe files. The script operates through Death’s jabber service called cbot. $15 per encryption.
We are not responsible for the encryption quality. Script is triggered through cron and can encrypt the file as many times as you need.
Price: $395.00

[+] Log parser module.
Many of you have had this problem: lots of bots generate tons of logs, and today’s DB search technologies take up way too much time. We have developed a script that can look across several DBs simultaneously and extract all http/https URLs and related data.
Additional features: caching and memos, for your convenience.
Price: $295.00

Modules can be purchased only if you also buy the basic package; they cannot be sold separately. When buying a module, you get the right to receive updates and support for this module.

CURRENTLY IN DEVELOPMENT:

[*] Advanced file search and upload. Search masks are specified in the config file. For example, “passwords*.txt”

[*] Ability to load the video-grabbing module from a remote host, to reduce the size of the build.


SERVICE & SUPPORT COMMUNITY (SOCIAL CIRCLE)

It’s hardly a secret that any product in this niche is a pile of junk on somebody’s hard drive unless it’s supported by a group of developers. As time goes on, a product must continue to satisfy the needs of the clients, but usually that’s where the problem occurs: there are lots of clients, but only one developer, and your IMs are often ignored. Time is money, that’s why we have created a social network-like platform for our clients.

Citadel CRM Store lets you influence the development of the product, namely:

- Report bugs and errors you discover in our software. All tickets are reviewed by tech support. You will receive a response in a timely manner and will not have to try to catch the developer in ICQ/Jabber.

- Every client has the right to create an unlimited number of requests and suggestions for new module/functionality. These requests can be public or private (visible to you only).

- Every client has the right to vote for ideas submitted by other members and to contribute money towards developing the module/functionality. Based on the voting results, the developers decide which module should be built.

- Every client has the right to comment on requests and talk to other members. Now you can find partners and like-minded people and take an active part in product development discussions.

- You can see all the stages of the development work if the new module is approved by the community. We provide timely updates on the status and completion date.

- If the module is approved, you can start making the initial deposits (50%). As soon as the deposits are made, developers start working on the project: the money is paid directly to the coders, and there will be no delays or procrastination. The process is transparent, every stage of the development work is displayed.

- Convenient notifications via Jabber about new comments or requests.

You will really appreciate this new approach!

When buying the basic package, you agree to make monthly maintenance payments of $125 (payments can be made for several months in advance). What’s included in this cost:

- We’re interested in working with our clients. There are lots of people who promise to “support the product, blah-blah”, but then either their updates come out once every 3 months, or the author just disappears. The problem is, authors need to be motivated. In our case – you support us, and we support you. As simple as that.

- Every month (around the 20th of the month) you get a builder update, including updated AV protection (bot body encryption, heuristic analysis prior to process injection).

- You get access to the CRM: a great opportunity to suggest new features and improvements, vote for others’ projects, and communicate with other members of the Citadel CRM Store.

- You get our support: we answer your questions (via ticketing system), provide installation assistance and usage recommendations. You are prohibited from transferring your personal CRM account to anyone else.

- In the near future, our CRM will start working with web programmers who will be focused exclusively on injects (including auto-transfers). The CRM allows our clients to create tasks, declare completion dates and prices, so that our coders can work on the approved projects. If you can write high-quality injects, let’s talk.

Figure 4. Citadel CRM Store



Demo access upon request (allow up to 24 hours).

Builder is tied to your PC; you can create unlimited number of domains.

We accept LR only. For WM-LR conversions, go to forums like mmgp.ru. We do not accept Webmoney.

To avoid wasting our time (and yours), don’t send us messages like “You there?”, etc. Just give us your request in this format: “Need to buy basic package, plus VNC, Auto-crypt, and SOCKS modules. What’s the total price with the discount?”

Citadel Zeus Bot Version 1.3


http://cyb3rsleuth.blogspot.co.uk/2012/03/citadel-13.html

Saturday 21 January 2012

Game Hacker Shop






Online Game Account Project:

We only need large quantity online game account usa server and europe server.
First of all you need find some good game site, type key word “mmorpg” search on google,then try hack them and put trojan on site to collect player account information.

The account information we need :

For example :

Game Name : World Of Warcraft
Server : USA
Account Name : xxxxxxxxx
Account Password : xxxxxxxxx

PS: “World of Warcraft” Online account is hot now.We are buying World Of Warcraft Accounts always, unlimited quantity,If you have 10 000 accounts, we will buy 10 000 accounts.

usually we pay 100 accounts each time, and we will check if the accounts works, we will pay money in 1 hours.as more accounts you selling to us as higher price we will pay.

For each account,the price is not stable, it is around 1-2 usd for each accounts. if you got a good site, usualy you can get 1000 -10 000 accounts information.

Collect information and send to us, we will help you exchange account information to cash, as soon as possible.

In the future we will keep find some new projects which no law risk and high profit.and post them on my site.

We think if you have ability ,sure you will get rich !

Welcome be partner with us !

(All online game account we buying must be Europe Server and American Server,online Game Account from korea,china mainland ,taiwan is very cheap, only 0.3-0.5 usd around each one.
Japanese online account higher price, but not easy to sell. So USA and Europe Account will be the best.)

List of Game We buying:

USA server and Europe Server:

World of Warcraft
Star Wars: The Old Republic
RuneScape
Final Fantasy XI
RIFT: Planes of Telara
EverQuest
EverQuest 2
Eve Online
Dark Age of Camelot
Rappelz Online
Lineage 2
Aion
Dungeons & Dragons Online
Tibia
City of Heroes
Guild Wars

Other MMORPG game, if you have large quantity of accounts, please contact us, we will try to buy them all.

----------------

This project are no risk on law, Most of countries in the world they do not have a law to protect virtual wealth in game. and especially If we do this business in another country. for example, you are in russia or usa, but you take account information from Europe.There are no police will start a case for 100-1000 accounts.

So the law risk for online game account business currently is zero.

--------------------
We can help you convert online game account to cash in 1-3 days, depending on the quantity of accounts.

We are also expecting good hackers to join us for new projects.We will pay money directly to you by West Union, or WEBMONEY E-gold、Liberty Reserve.

If you are good hacker,We will be glad to work with you for longtime partnership.and we will pay higher price for longtime partners.

Fast , Safe, that is always our target for online business.

Email onlineAbusiness@gmail.com
ICQ 607157280
Gtalk onlineabusiness