Skip to content

Developing Location Based Malware

Preface

This is a simple POC based on an earlier piece of malware that I developed for Mac OSX. It would allow the malware to only infect systems based on their country of origin. To do this I used to csv and urllib libraries for Python. Anyway on to the POC.

Source Code (POC)

#necissary librarys

import urllib

import csv

#depreciated however this allows for you to do your own ip automatically (usefull for a trojan type program).

whatismyip = ‘http://automation.whatismyip.com/n09230945.asp’

wanip = urllib.urlopen(whatismyip).readlines()[0]

#Does IP Geolocation requests based on the freegeoip service, it’s limited to 1000 per an hour thankfully for malware this won’t be an issue.

freegeoiprequest = ‘http://freegeoip.net/csv/’ + wanip

urllib.urlretrieve(freegeoiprequest, wanip + ‘.csv’)

spamReader = csv.reader(open( wanip + ‘.csv’, ‘rb’))

for row in spamReader:

CountryCode = row[1]

if CountryCode == “GB”:

print “Hack me I’m British!”

#insertmalwarecodehere!

Closing Notes

If you have any simpler or cleaner ways to preform the same action feel free to let me know. If your interested in contacting me feel free to leave a comment or e-mail me at ianmarmour@gmail.com.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: