I'm going to do a project in digital forensics.The task is pretty flexible.
I was thinking about dumping some USB sticks with a form of "malware".
However, the "malware" must not do anything else than send system information about the target PC, and maybe spread? The idea is to track the amount of "infections" and see the different system info for the different types of victims, and get an idea how fast a malware could potentially spread.
The problem is that using an actual malware is unethical and would not be approved.
However, is there any form of "ethical" trojans meant for testing? Which only sends system information, and doesn't give access to files or further surveillance capabilities?
As long as it's an unintended installation without the agreement of the user it will be considered malware. Second of all, sending pc specs is considered as personal information. The only "ethical" malware I could think of is an installshield setup.exe then it just sends a "test" string through tcp. Spreading is also malware since unintended install will occur.
tl;dr, to make an "ethical" malware you just need to be a big company like M$:
>unintended install of w10
>sends screenshots of your desktop every minute
>shares p2p updates with nearby pc's (here's your spreading technique)
>records yourkeypresses
>records apps opened and closed
>sends your personal data to m$
>makes sure it's difficult to change OS by creating a shitty safeboot feature
looks like a RAT, to me, the best RAT ever invented because the malware IS your OS.
>search github
>rat
>trojan
>>62363870
Sounds boring, you should at least use it to set up a reverse shell.
>>62364062
Fair enough, valid points. It looks like its too unethical for now
>>62364077
>ethical
>>62364089
Yes however the unethical aspect seems to ruin it
If any of you have suggestions that may bypass ethics/law, shoot. A InstallShield Wizard would be one but unpractical. How about a script that autoruns on USB? If the script sends an email notifying "I've been plugged in" or something. It would have to be able to differ the different clients, as the point is to get a number of how many machines are plugging the different USBs in.
Just make a simple keygen interface in VB and stick your stick your rat into it then make YouTube video of you pretending to crack some popular new game out now with it then post it on all the torrent trackers and anywhere else and let it spread. I done it for that football manager and day one i had thousands of brazilian steam and email accounts. its ethical because pirates and thus the lowest form of scum.
>>62364213
I agree its fun, I've done it a decade ago when I was 12 following a Turkojan youtube video, spreading it as a multiplayer game cheat.
However, this is an university task so the issue is that it must be an ethical form of "trojan", but it seems there is no way of going about it without consent of user.
>>62364213
I pirate software.