Thursday, 17 July 2014

How to attach a spy program to an email

We regularly post articles about how to attach a spy program (redpill install module) to an email. Email service providers like gmail are continuously improving their detection methods and becoming more strict with what you are allowed to attach. For that reason, we have to continually look at new options of sending a spy program via email.

We will be looking at gmail for an example as gmail has the strictest policies when it comes to attachments. See below for the attachment file type policy of gmail.



Gmail will not allow you to attach an EXE, not even if you zip it. Encrypting the file within the zip file doesn't work either and even trying to zip an encrypted file within another zip file doesn't work.

So how do you send a spy program (or any application) via gmail? Lets look at a couple of options:

Using an encrypted RAR file.

You could use WinRar and then choose to encrypt the filename as well (winrar can also create zip files  and encrypt the file inside a zip file … but not the file name). When you encrypt the filename within your rar file it does get past gmail. The problem then is you have to ask the person on the other side (the target), to download WinRar so that they can open the rar file.You obviously also need to give them the password for the rar file.

Renaming the extension

Another option is to rename the extension. For example, just rename app.exe to app.ex_
You can then ask the target to just rename it back to app.exe.
Easy, right?  …. not really. By default  Windows Explorer hide extensions. So asking some users to rename an extension is not so easy. They will end up renaming the part they can see and then the program name will be app.exe.ex_ and it will still not run.

Embedding into a Wordpad document

This is not a bad option. The only problem is if the target choose to view the attachment in gmail instead of saving it first, it will not work. It will also display the warning icon over the install module.

Sending a link

The best option is still to email a link. We previously suggested you use gmail drive for this, but then you need to upload a wordpad document. A better option is to use another free service that allows you to upload exe's and create a direct link to the exe.

One such service is https://www.idrive.com/

You can create a free account,  upload your install module and choose to share with a link. You then only need to include the link in your email.


Conclusion

The best option would be to email the target a link to your install module. All the options discussed in this article will work with redpill Detective and redpill Agent.

No comments:

Post a Comment