Malware researchers investigating a Trojan linked in a gaming forum as a how-to video for Diablo III got a surprise when the hacker started chatting with them — through a feature in the malware. Franklin Zhao & Jason Zhou of antivirus company AVG were looking for keylogging code in the malware with a debugger after downloading it to a virtual machine when a chat box popped up. The hacker asked, in Chinese, “What are you doing? Why are you researching my Trojan?”
The dialog is not from any software installed in our virtual machine. On the contrary, it’s an integrated function of the backdoor and the message is sent from the hacker who wrote the Trojan. Amazing, isn’t it? It seems that the hacker was online and he realized that we were debugging his baby…
We felt interested and continued to chat with him. He was really arrogant.
Chicken: I didn’t know you can see my screen.
Hacker: I would like to see your face, but what a pity you don’t have a camera.
He is telling the truth. This backdoor has powerful functions like monitoring victim’s screen, mouse controlling, viewing process and modules, and even camera controlling.
We then chatted with hacker for some time, pretending that we were green hands and would like to buy some Trojan from him. But this hacker was not so foolish to tell us all the truth. He then shut down our system remotely.