A small investigation of crack sites

Hello,

lately looking for sites to distribute my own releases I did some searching and noticed that an increasing number of crack sites are using cracks only to attract people in an attempt to have them download/install a series of spyware and adware apps.

At the moment I notice the following behaviors:

- download of an exe immediately started (usually recognizable by names such as readme.exe or download_plugin.exe)
- installation of a IE plugin requested
- executable added to the zip/rar (when run it will download a bunch of spyware and adware on the client machine)

Some sites however distinguish themselves for not doing anything of the above. At most they simply have annoying pop-ups.
Among these probably the best are keygen.us and mscracks.com that seem to be the most correct. Also, pinging all the sites that have proved to be more reliable it seems that they are all hosted in the same class C of IP addresses (and probably by the same host). In fact a few even share the same IP address.

Anyhow, I was wondering what do crack sites gain from spreading spyware and adware apps?


yaa

[JMI]

Like pop-up banners, they are generally paid something by those whose banners and/or spyware benefit from the "clicks" generated by the banners and/or the "information" gained by the spyware.

Regards,

The bad thing is that most of cracks today have the spyware attached in the executable. So running the crack, it silently installs the spyware. That is why I have a copy of windows inside a Virtual PC, to apply the patch and copy the cracked exe to my original box. No worries about spywares. There are plenty of them already installed.

[codeX]

But I think you can trust releases from kegen.us and crack.cd.

But a good antivirus and anti spyware with latest updates will be nice.

@baatazu

I donn't think famous crack groups release spyware installers with theit cracks.

use lavasoft adaware and Spybot - Search & Destroy both have different defenitions and engine .they ere the best.And some of the cracking groups inclludes spywares in a seperate exe such as crack.exe etc..make sure you read the .nfo file before running.

Lately I have seen a rash of renaming files to "known" names so people will click on them.. Thank goodness for Symantec NAV which has caught it most everytime..

use quick heal 7.03 with updated defs it detects most adware and spyware before it is even installed....

[duseng]

Solution:
- Use Non IE Internet Browser . Firefox,Mozilla,Modified Ie Engine(not Recommended),Opera should does the best
- Use Proxy Based Filtering not Windows Title Filtering! use like AdMuncher the best so far
- Don't download from unfamous Crack/0day site. Nowaday they binded with Trojan and bunch of spyware/adware
- If u get the link from the forum.Make Sure u didn't become as the first tester.Wait until 5/6 peep tell that the file(setup+crack,patch) are ok (trojan/malicous free)!.Or u can check 'Tested' word on that topic

Quote:

Originally Posted by duseng

Solution:
- If u get the link from the forum.Make Sure u didn't become as the first tester.Wait until 5/6 peep tell that the file(setup+crack,patch) are ok (trojan/malicous free)!.Or u can check 'Tested' word on that topic

Hmmm... IMHO your first three ideas seem good, but the first part of the last one won't be possible. Because if it's an original post and everyone waits for 5-6 peple to test it, you'll never get the quorum because eveyone would be waiting for other 5 people to do the test...

Cheers,
TGD

[nikola]

Just get FireFox and go to crackz.ws, cracks.am, crackdb.com, andr.net...

I suggest you using Craagle, and you won't get any trojan shit from cracksites. And of course Firefox for safe browsing.

[codeX]

Yes Quick Heal Xgen ( now on 2005 v7.03) does a great job. I'm using it over an year.
Nice update features and easy to crack also....

@Vepergen

In Craggle how to download crack.On selecting download no response .What to do?

[Molasar]

Another way used to install spyware/trojans on victim PC's is that some sites offer full featured "free adult hosting", but they insert javascript code to install they malware in every web page you put in their server, one of them is www.freepimphost.com.

Most of the malware are designed to infect IE, so if you use Opera, you'll be safe.

I agree with verpergen, I often use craagle as it indexes the sites without having to physically visit them.
Also if you download a file from a 'bad' site it will warn you i.e "*WARNING* Do not run Start.exe this is sh**"
Which is a very useful warning for those nieve people in the world!

codeX: Does it list the files?
If you look in the cornor its got a status bar that'll tell you what the app is upto..Sometimes it will just sit on"Connecting" or similar, because all its doing is connecting to the http of a site, so if the sites down then it messes craagle up!

My only hate about craagle is that when you click cancel, it takes about 3 mins to stop!

[Shub-Nigurrath]

most groups, also us for example, just for these reasons have their own ftp or http server (e.g. most times original "clean" cracks are modified adding a spyware program into the archive) where all the releases are placed. Just not immediate as a search engine, but if you are inside this world you should know where the things are or to whom ask.