Breaking-Security.net - Announcements

Actually service has been partially resumed for some weeks now. But I didn't announce it publicly. Why not? Because I got too many emails and requests to answer them all already.
Octopus sales are opened to old and new customers, just note that it may take few days for me to reply to your email!

Cheers

New version 2.0.7 done!
This includes a customizable execution delay function, as requested by some customers. This will run the payload after the specified amount of time. The only action performed before the delay is MessageBox function, if activated. All the other functions such as file execution / dropping, downloader, spreader etc. will be performed after the delay.

It has been added also a size adder function: with this you can increase the size of the output file by a custom number of kilobytes / megabytes.

I added the function to compress keylogger file (using mpress).
 
Size of VKL Private version:
Uncompressed: 72 KB
Compressed: 26 KB

Compressed keylogger remains fully working and cryptable like the original.

In addition to this, now screenshot capture interval is not limited anymore between 5-120 minutes, but you can set the interval you want without limits.

Cheers

Hey guys,

it has been more than 1 year that I haven't put hands on my Keylogger code, but why change something that already works great? Unless for trying to make it even better, of course, but you don't wanna do like Facebook developers.

Actually even if the public version of Viotto Keylogger did not need any update since it seems to work flawlessly, I made today an update to the private version, from 3.0.3 to 3.1.

Some customer in fact reported me an error which happened sporadically when copying/pasting text to/from clipboard. Now it should have been fixed.
Also, option to disable/enable clipboard logging has been added. In previous private versions, clipboard was always logged without the option to disable this function.
VKL customers should be able to get the update directly from their builder, just open it and an update popup message should appear. 

Regards

Hello,
I advice my customers to take note that I will be offline from 7 to 13 september for vacations.
For same reason, my activity will be reduced during the 1st week of september; this means that I will continue to support my old customers, but new customers may have to wait to get replied.

Regards 

Viral code released in C++ sources section!

What I'll write here is obvious for many, but there is anyways people who don't know it and distribute their files to antivirus companies for themselves.

This is what you must not do. I already replaced many stubs for free even if it was customers fault since obviously they didn't know, but ignorance will not be an excuse from now on. Customers will have to pay to get a replacement stub if they don't follow rules below:

1.  Do NOT use VirusTotal, Anubis, and similar services to scan your files. It has been known for years that these services distribute your file among the antivirus industry. Use only safe services where you are sure that your file will not be distributed, such as scan4you.net.
2. Before even downloading stubs to your computer, make sure that the functions in your security software (if present) which send new files to their company are disabled. For example, if you have Nod32, make sure that ThreatSense.net is disabled. 

 Regards

Der Spiegel is a German weekly news magazine. It is one of Europe's largest publications of its kind, with a weekly circulation of more than one million.
As you can see from the cover, main article of Der Spiegel of this week is the digital underworld. Here there is a reference to me and my keylogger, so thanks for the advertising lol

Thanks to Krios to have noticed me about this ;-)

Primary domain of this website has been changed to
breaking-security.net.

Anyways, old domain name viotto-security.net is going to remain active, so you'll be able to access the website with both of these domains.

Regards

Now everybody can buy Octopus.

Best regards

Octopus 2.0 sales are finally opened, but for a short period of time it will be available only for old customers, who have the priority, at the price of 10 € / 15 $ (which is stub price!)
I will open sales to new customers soon, so if you're interested check this blog once in a while :-)

For screenshots and informations you can browse Octopus page

Cheers

New code posted in C++ sources section.
It is a replacement I made for Windows LoadLibrary() function.

Regards

It has been some months that I don't write any news here and I know because of the many emails I receive that many people is interested to know about Octopus 2.0 status.
Well it is 95 % complete :) I expect to complete it in a week or so (I am not sure because development depends on my spare time).
Anyways the development never stopped these months, but it is a big project and there have been a lot of work to do. It is much more advanced than 1.x series: now Builder is in Delphi and stub in C++, I decided to use these languages to use some techniques which are not possible to do in VB6.
There have been also a lot of work to code all the various functions, since it is not a simple crypter.
 
I also have spent a lot of time in some features which are not so visible for the user, but makes generic
 detections much harder for AV companies. For example:

• The stub core is an encrypted DLL which gets saved inside the stub .exe. This DLL gets decrypted and loaded without being dropped to disk. This leaves unencrypted only a decryption routine and a DLL loader, while the rest of the stub code remains always encrypted (including RunPE). What does this mean? It means that for AVs is impossible to analyze the stub code which is contained inside the DLL. The only thing they can analyze is the .exe.
• Statically imported functions in the stub .exe have been kept to minimum. Not even LoadLibrary() or GetProcAddress() are used.
• The stub .exe code, which is not dinamically encrypted on each build (on the contrary of the stub .dll) is manually undetected by me by a C++ source obfuscator I coded. An unique stub is given to each customer.
• The whole data wich gets saved inside the stub is contained in an encrypted block. No constant strings, no settings splitters etc. The only thing which remains unencrypted is the decryption key, which is a random byte sequence of random length. But it is very difficult (except for me) to know which is the encryption key. Probably the only methods to get the key are viewing the crypter source or do a deep analysis with a debugger.  

And more...
 
Now I have just to do some debug to the C++ source obfuscator. After I get it to work good, Octopus will be fully functional.

Octopus 2.0 will soon reach beta stage, so I need few people to test if everything is working correctly!
If you want to be a betatester, you must:

• be already an old trusted customer of Octopus, or if not a customer a trusted person I know;
  
• test any functionality of the software, and report me anything out of normal.

Octopus 2.0 is programmed in Delphi (builder above) and C++ (stub and libraries).

These are some of the functionalities that should be tested:

• Binder / crypter functionalities;
• Undetection rate (currently FUD even without obfuscation);
  

•  EOF data support: Octopus is compatible with applications which store custom data at EOF (Bifrost, Kill Switch etc.);
•  Command line parameters passing support: Octopus is compatible with applications which need to get command line parameters to work correctly;
• USB spreader;
• Multidownloader;
• File icon / informations cloner (I haven't worked on it yet)

and so on. If you are interested send me an email!

Keep in mind that Octopus 2.0 is much more advanced than 1.x series, but the user interface has been kept friendly and easy to use like before. I will not give details for now about crypter's new mechanism, because now I just need to be sure that everything is working good :-)

Regards

Hello, and before anything else, merry christmas!
I inform interested people that Octopus development is still going on. Besides that I am working on a C++ source obfuscator, so it may require some extra time to complete both projects.
Estimated remaining time? I can't be sure, it may be 1 month, it may be more.

Best regards and happy holidays!

I made an addition to Delphi section that some coders may find useful :)
Enjoy

I am receiving many emails from people interested to buy crypter, or asking when new version will be done etc. so I post this to keep everybody informed.

I am steadily working on Octopus 2.0 development, which will be very different from 1.x series, coded from scratch in C++ (Stub) and Delphi (Builder). The stub will be more advanced thanks to the complexity, power and versatility of C++ compared to VB6.
Today I finally completed the main parts, and was able to crypt and run successfully my files, which I later scanned on NVT:
This is scan report of crypted Viotto Keylogger (public version)
Report of original unencrypted Viotto Keylogger server

However I have still much work to do, it may require a couple of months but I am not sure yet! I will let you know ;-)

Regards

Interview made to me by italian hacking site HackersTribe.com.
You can find it here.

Greetings!

As I said in my previous post, due to some extra time I have now that Octopus sales are temporarely closed, I managed to give the last fixes to Poseidon Beta and publish informations here on this website.
Poseidon is a private program, an email client coded in Delphi: you can find all the infos on its pages.

Regards!

Because of latest heuristic detections and lack of enough time to study and bypass them, I decided to stop sales of Octopus for a while. This is needed to me to focus on my future projects. Poseidon will be officially completed within this week. Also, I started working on Octopus 2.0.
Octopus 2.0 will be completely rewritten from scratch, in Delphi and C++. More news will follow while I go on with its development.
I already refunded my customers who bought a stub lately and got 1/20 detected because of this heuristic engine update, because as I wrote in Octopus page, I always guarantee to sell only 0/20 fully undetected stubs.

Regards

Since I've got a busy life I can't stay always connected to Messenger. That's why, for example, I write that if someone wants to contact me to buy some software, it is better if he sends me an email rather than adding me on messenger. Via email I can provide a better service and I usually check the inbox everyday.
If I don't access Messenger for few days as soon as I open it again I receive many offline messages like this: "Are u here?"... If I am offline it means that I am offline, so no, I am not there. Again, instead of sending offline messages, send me an email and you will be answered.

Regards

I was busy the last 2 days, so didn't manage to post in time but:

• 11 september 2009: Octopus v1.0.0 is completed and first sales thread is opened on OpenSC.ws 
• 7 february 2010: viotto-security.net is created and Octopus gets its official webpage
• 11 september 2010: Octopus is now 1 year of unstopped sales and development, except a 7 weeks summer break, reaching now version 1.5.4

I can say that, few crypters after 1 year of their initial release are still being developed, fully undetected, and sold.
During this year antivirus engines have been updated many times and the job of undetecting a software becomes for anyone more and more complicated. The job is not made easier by some retarded antiviruses, in particular Avira, that prefer to produce a thousand false detections, for example tagging as malware blank projects with 1 Windows function, rather then doing a real job and tag as a malware what is really a malware .
Despite this, I am glad to successfully continue my job, bypass all antiviruses, and guarantee customer only fully undetected stubs :-)

Regards

A simple encryption I coded myself in VB6 and shared for free. You can find it in proper section!

Hello everybody,
as I promised, today Octopus sales officially reopen after a 2 months summer pause!
I modified prices too: they are chaper! But they may rise again in the near future, so, don't miss the occasion ;-)

Regards

Sometimes as soon as the KL server got executed, a "type mismatch" error message was showed and the keylogger self-terminated. This bug was caused by a builder .ocx file and is now corrected.
I advise all VKL users to update! You can find the new version in the appropriate section.

I released a C++ snippet to show you mainly how to write / read resources and settings on run-time.

You may now already that this is a very reliable snippet since 100% of my programs here read/write settings in one method or another, in one language or another, so, say thanks and try not to be a ripper but give credits ;-).


Regards

...Because I am not at home this period, and I have not the necessary time to dedicate to Octopus, nor the various tools I usually use to work on it since I don't have my personal computer now. As you can see, I am also learning new programming languages.

I plan to reopen sales in around a month.

Regards

Hi everybody,
I have been quite inactive for some time. That's because summer is usually vacation period! But that's also because in the meantime I have been busy learning Delphi and C++ (I hate wasting my time!) , so I opened a C++ section and a Delphi section, where I will put my free works like I did in VB6.
I will however continue VB6 programming too!
First release in this new languages is a compact downloader written in Delphi (builder and one stub) and C++ (other stub).
I am already planning to release other codes, you will see them here soon!

Cheers