Update: On 2013/08/03 redpill released an update to redpill Agent that allows redpill Agent to again get past the Norton scan of Yahoo if Ghost Protocol is active.Yahoo recently started using Norton to filter email attachments. Currently redpill Detective does not get detected by Norton but redpill Agent from time to time does get detected by Norton. redpill continually work to avoid detection, but in the same way anti virus companies also keep on working on new methods to detect spy software.
If you try to attach the install module (embedded in a wordpad document) to a Yahoo email and it fails, you can email it using another service like gmail. If however you want to email it from or to a Yahoo email address, you need to send it as a link.
How to email the redpill Agent install module as a link
First we are going to create our install module. For this test, we are not going to use one of the default cover install modules but create our own … a ‘SMART Virus Removal Tool’.
Ensure that Ghost Protocol is active. Without Ghost Protocol the possibility that redpill Agent will be detected is almost certain.
We now open a wordpad document (use WordPad and not Microsoft Word) and add some text to convince the target you double click on the icon. We then drag and drop the install module we created into the wordpad document.
Note: Be sure to add some text to tell the target to click on ‘Enable Editing’ if he opens the document using Microsoft Word.
You now need to upload the document to Google Drive. If you don’t have a Google Drive account, create a gmail account (you will automatically get Google Drive as well).
Once you uploaded the document into Google Drive, click on ‘Share’ and choose the option to share it as a link.
Copy the link provided by Google Drive.
We can now type our email in Yahoo. Add some text for the link. For our example we will use ‘SMART Virus Removal Tool’. Highlight the text and select ‘insert link’. Paste the link that you saved from Google Drive into the box.
Your email is now ready to be sent.
When the target gets the email and clicks on the link, Google Drive will show him a download button. When he downloads the file, the wordpad file will open. He will then read the instructions and run the removal tool.
The target will think the SMART Virus was found and removed by the Virus Removal Tool but redpill Agent would have been secretly installed.