How to send malware by Hotmail/ Gmail etc?

I find it sometimes dificult to send/ receive malware samples by hotmail/ Gmail. Yesterday I was sending some rootkit samples to a friend by hotmail. I compressed these samples by Winrar and put a pasword and also encrypted their name but inspite of that I was not able to attach them with the mail. I get error each time( that error on hotmail happens due to malware/ susicious / password protected files as I know from my past experience) I tried multiple times but failed. Later on I sent them by Gmail that was sucessful.

Just to be sure I sent a copy of mail to my own Gmail address as well. Later when I tried to download these attachments, I got error each time( that was probably due to suspicious/ password protected files).

I want to ask how I can send the samples by web mail without any hassle. Any tips.

Thanks

 

I've had exactly the same problem in the past with rar files. Now i always use winzip and password protect them, it hasn't failed yet, and i do this every day, try it.


StevieO

 

I tried even ZIP with winrar and failed. Will try later with some other utility but I will be surprized if it is utility specific isssue.

 

@ aigle

I believe it could be a utility specific and compression type isssue, in my case it was, and by converting to rar files. Using Winzip instantly cured all the previous hotmail problems i experienced. So i can only presume that's what the two issues were.

Maybe you get this error message saying there's a problem, as i do with zipped attachments, but all i do is click here http://img255.imageshack.us/img255/8940/error1ys5.png then OK

http://img255.imageshack.us/img255/4469/ok1gf4.png

then this OK http://img255.imageshack.us/img255/8071/ok2pc7.png and then i can send the email with the passworded zipped attatchment no problem.


StevieO

 

Yes, u are right. I used to get exactly same error message.
Unfortunately when I used to click on error I was never taken to next page.
Just now I found that u have to click exactly on the word "HERE" and the word is not so well highlighted as well. It,s OK now, I got it.

Thanks for help. RAR files working now. Thanks again.

BTW I rememer in the past there was a discussion here abouthow difficult it might be to send infected files by gmail. Any experience with gmail?

Thanks

 

Does not Gmail block emails with attachments? I have not got any for ages.
Gmail even puts emails with attachments from people on my contact list to spam.
If I want to send any file, I will upload it to Sendspace and put the link to an email.

 

I have not received( if I remember exactly) but I have sent attachements sucesssfully.

 

Never used it so far.

 

Hi aigle

Was that a response to mine about considering using Googletalk for unlimited filetype drag a drop ?

I second guessed my post and decided it may have been too lateral a response for your particular need - so deleted it.

For what it's worth, on a 1-to-1 basis, it's an efficient way to transfer files to a contact.

 

Ya, it was for u. Actually u are right but I hardly use any messenger and also don,t ransfer files often. Thanks ayway.
I don,t mind even a totally OT post. Ur reply was not even OT I think.

 

aigle, i found that instead of using hotmail/gmail/yahoo/etc... to send malware, i use mail.com. mail.com doesn't scan email attachments at all, so you dont' even have to zip the file or password protect it. hope that helps.

 

Rename the zip file extension and put a message in the body.
This is the only way I can send my code to people :|

 

Some versions of PGP can make self decrypting archives (.sda). These can be used to encrypt malware and it will go right past an AV. I'm not sure if any of the "official" PGP releases have this feature, but the CKT versions do. The one drawback is that the file is substantially larger after encrypting. The recipient need not have PGP installed to open them. They decrypt with a password.
Rick

 

I just finished testing a malware file encrypted as an SDA with PGP. Original file 44.9kb. Encrypted copy 143kb.
VirusTotal scans of infected attachment named postcard.exe. Linked to the images as they are large.
Scan of unencrypted malware.
Scan of same of same file encrypted.
If it isn't recognized at VirusTotal, it'll pass thru any e-mail scanner.
Rick

 

@ aigle

Great i'm pleased it worked for you, and that you can send them now.

@ herbalist

I'm not really surprised the encrypted version didn't get detected by any of them, as i wouldn't have expected them to. A nice idea to do the test though.


StevieO

 

Thanks for all of u. ATM my problem is solved.

@zopzp
I am not sure if it is safe to use mail.com or not?

 

it's "safe" if you want to exchange malware samples without having to worry about zipping and password protecting your malware.

it's unsafe if you have no security setup and download attachments from mail.com senders.

mail.com does NOT scan files for viruses, useful for some (like us on this forum who want to exchange samples without hassle) but dangerous for others (who just want to be protected from infected attachments).

 

You can also use Rapidshare for sharing infected files. A passworded zip file will work there.
Rick