Automatic infection from removable media 10-19-2012, 07:51 PM
#1
One of the easiest ways of spreading your malware is by creating removable storage media. Metasploit and SET give you nice tools for doing this.
First, you need to have a malware, obviously. Get an installation CD/DVD/USB for something (best case scenario, installers usually use autorun). Bind malware with installer using the method described here: http://www.hackcommunity.com/Thread-Usin...D-malwares .
When you have binded malware, run Social Engineering Toolkit (it should be provided with Metasploit). Choose 'Infectious Media Generator' -> 'Standard Metasploit Executable' -> 'Import your own executable'. Specify path to your binded malware. Now time for encoding. Shikata Ga Nai and Backdoored EXE are good choices although if you're FUD you might go with No Encoding. If you already used crypters, encoding might mess up your malware.
SET will tell you where your files are (usually in SET directory). So now it's time to make your infectious media. Get a CD/DVD/USB and place all the original content minus the installer and autorun file there. Instead of installer place binded and encoded malware made with SET and SET's autorun file. Now share your new infectious media with people you want to infect :] Infectious media is very good for infecting workplace/library/internet cafe/etc. computers without suspicion (even if you get picked up by AV, it's not suspicious that there is a virus on your USB as they are a real plague).
PS. You can use Metasploit and SET to create infectious media with other backdoors - choosing option different than 'Import your own executable' allows you to get things like reverse meterpreter shell or VNC server. I prefer to spread my RATs and keyloggers though.
First, you need to have a malware, obviously. Get an installation CD/DVD/USB for something (best case scenario, installers usually use autorun). Bind malware with installer using the method described here: http://www.hackcommunity.com/Thread-Usin...D-malwares .
When you have binded malware, run Social Engineering Toolkit (it should be provided with Metasploit). Choose 'Infectious Media Generator' -> 'Standard Metasploit Executable' -> 'Import your own executable'. Specify path to your binded malware. Now time for encoding. Shikata Ga Nai and Backdoored EXE are good choices although if you're FUD you might go with No Encoding. If you already used crypters, encoding might mess up your malware.
SET will tell you where your files are (usually in SET directory). So now it's time to make your infectious media. Get a CD/DVD/USB and place all the original content minus the installer and autorun file there. Instead of installer place binded and encoded malware made with SET and SET's autorun file. Now share your new infectious media with people you want to infect :] Infectious media is very good for infecting workplace/library/internet cafe/etc. computers without suspicion (even if you get picked up by AV, it's not suspicious that there is a virus on your USB as they are a real plague).
PS. You can use Metasploit and SET to create infectious media with other backdoors - choosing option different than 'Import your own executable' allows you to get things like reverse meterpreter shell or VNC server. I prefer to spread my RATs and keyloggers though.
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)