08-15-2011, 08:29 PM
Actually that was a raised idea on my forum as well
Even if they had to use something as simple as A=1, B=2, etc... And the total unique key ID would have to be something like 50 in sum. If it wasn't then they input key on the phone would return a voiced message "This key is invalid, please make sure you entered it correctly." This would raise less suspicion if they had inputted the wrong key given, making it seem more legit.
After all that process, it would give you another key to put back into the application (A random spoken key with some standardized value again) And if the trojan recognized that value hidden behind that unique key, it would unlock your computer. The key doesn't have to be Unique to each computer, it could be a random generated key with a hidden value that only the trojan would recognize...
If they thought about that for this trojan of theirs, I think it would have been a perfectly engineered malware "system".
The only thing needed would be a phone bot that could calculate random ID's with a hidden standard value that both the phone bot and the trojan could recognize. Then it wouldn't' matter what key was inputted to the phone bot, and what key was received by the phone bot, but each would be different.
Even if they had to use something as simple as A=1, B=2, etc... And the total unique key ID would have to be something like 50 in sum. If it wasn't then they input key on the phone would return a voiced message "This key is invalid, please make sure you entered it correctly." This would raise less suspicion if they had inputted the wrong key given, making it seem more legit.
After all that process, it would give you another key to put back into the application (A random spoken key with some standardized value again) And if the trojan recognized that value hidden behind that unique key, it would unlock your computer. The key doesn't have to be Unique to each computer, it could be a random generated key with a hidden value that only the trojan would recognize...
If they thought about that for this trojan of theirs, I think it would have been a perfectly engineered malware "system".
The only thing needed would be a phone bot that could calculate random ID's with a hidden standard value that both the phone bot and the trojan could recognize. Then it wouldn't' matter what key was inputted to the phone bot, and what key was received by the phone bot, but each would be different.
But thanks for the heads up.
![[Image: 2.png]](http://browserbattle.net/s/2.png)