Monday, September 9, 2013

Inside BestRecovery / MyBestRecovery

BESTRECOVERY (FOR LEGAL AND LEGITIMATE USE ONLY) 
BESTRECOVERY logs all keystrokes, mouseclicks, applications, windows, websites, email sent and received, chat conversations, system events. [source]

MyBestRecovery.net is best described as a paid key logging or key spy service. Customers of this service first register an account and are given access to the "builder" application. This builder is used to assemble an executable "spy" program that is to be distributed by the customer to any victims he chooses. Once the "spy" program is run by a victim, it records all keystrokes and sends the data back to the BestRecovery control panel, allowing the BestRecovery user to spy on his victims.

In the summer of 2013, the BestRecovery website was hacked and the user database was leaked. It contained about 3400 user accounts of this pay-to-spy service.



The hideous login screen for MyBestRecovery keylogging service. Note the support email address ainey_cool@ymail.com



Once you log in, you are presented with another ridiculous looking page. This laundry line themed control panel displays your metrics on a clothes pin note. 

A user can navigate the site from this main control panel. Some of the options include:
  • Check logs
  • Search Logs
  • Download icons
  • Download SPY! 


The main user control panel. 

Since I'm a new user and I have no idea how this disgusting site works, I'm forced to click "help" and read up on this awesomeness. 


 The BestRecovery help page. 


+ [First Time Use]
FIRST LOGIN TO YOUR ACCOUNT IT WILL FORWARD YOU TO THE HOME PAGE
THEN CLICK ON DOWNLOAD SPY! ...AFTER DOWNLOAD THE SETUP FILE INSTALL IT!
& THERE YOU WILL SEE BESTRECOVERY FOLDER ON YOUR DESKTOP
OPEN IT & YOU WILL SE BUILDER FROM WHERE YOU CAN BUILD YOUR OWN CLIENT FILES!
OPEN IT ..IF ITS OLD BUILDER IF WILL ASK YOU TO UPDATE THE BUILDER CLICK YES!
(NOTE) UPDATE IS MUST IF YOU WANT TO AVOID ANTIVIRUSES DETECTIONS)
AFTER UPDATION OPEN THE LATEST BUILDER! & THEN YOU WILL HAVE TO PUT YOUR USERNAME (case sensitive) 
ANY NOTE (MEMO) SELECT ANY OUTPUT EXTENSION YOU KIKE! THEN LOAD ANY FILE IN FILE SECTION TO BIND IT WITH THE FILE
SO THE CLIENT WILL SEE THE FILE BINDED (ie PDF FILE, JPG FILE)
THEN YOU CAN DOWNLOAD ICONS FROM YOUR HOME PAGE (NOTE: FRESH ICONS ARE MUST IF YOU WANT TO AVOID ANTIVIRUSES DETECTIONS) 
YOU CAN LOAD ANY ICON IN ICON SECTION & CLICK BUILD.. IT WILL BUILD YOUR CLIENT FILE WITH NAME (IMAGE.SCR, IMAGE.EXE etc) 



Wow.

Ok, so we learned a few things from the help page.

1. This service is For Skids By Skids - its like the blind leading the blind. Fresh icons to evade antivirus? Hilarious.

2. The builder they are giving out is actually a file binder, not an actual bot builder.

I downloaded the "SPY!" and installed the setup file. This dumps a folder to the desktop that contains the binder/builder and some icons.




I mentioned that BestRecovery is a pay-for-keylogging service. To renew your subscription simply click, the "Renew My Account", select the subscription package...



confirm the package..

and get redirected to Liberty Reserve...fail. 

https://sci.libertyreserve.com/?lr_acc=U5423822&lr_store=mykeyspy&lr_amnt=300&lr_currency=LRUSD&lr_comments=xxx%2F1+YEAR&user=xxx&package=1+YEAR&payfor=renew&auth=5&email=xxx&pay=PAY+NOW+%3E%3E

Note the name of the LR_store: MyKeySpy




MyBestRecovery has since been "seized" by the US Global Illicit Financial Team


More to come soon..



Links 

No comments:

Post a Comment