illmob

Nick Harbour wrote on his blog about new spyware using fxsst.dll which is present on the system when the system is running as a Fax server. Seems the explorer.exe automatically loads the dll when logging on. Mubix decided to test this out with a .dll generated in Metasploit and it worked every time on his test system (WinXP) but Win7 64bit was still having issues with the dll he generated.

TL;DR – Take any malware DLL, name it fxsst.dll and drop it in C:\WINDOWS or the System32 folder and Explorer.exe will load it at boot time.

Just submitted my first attempt to write something for Metasploit @ dev.metasploit.com. It jacks victim’s bitcoin wallets on windows boxes and sends them back to attacker on meterpreter. saves wallet in your loot folder, on windows it would be %userprofile%\.msf3\loot on nix it would be /root/.msf3/loot

RobinHood is a simple program in assembler that steal’s the victim’s BitCoin wallet.dat and uploads it to an FTP server. You need to assemble the source yourself, get it ::HERE::