Various years ago I thought it would be a fun way to brighten someones start of the day by having the browser go to a Youtube clip of “Hey DJ”; a nice reference to his nickname (DJ). One way of doing this in Windows is by adding a shortcut to the “Startup” folder, making it pretty obvious and easy to remove. Further, it avoids any resets of the homepage (group policy and/or login scripts). Many months after this I noticed that he quickly closed his browser after he had to restart his pc. Despite him raising various tickets with the helpdesk; his browser kept going to Youtube whenever he logged in. The helpdesk couldn’t figure it out; not even after looking at it various times over the course of a few weeks. It was just easier to keep closing the browser than to try and get it fixed. My attempt to make him laugh had some unexpected results! After that I decided better not to do anything even if not meant in a bad way.
Though in previous example I didn’t have any bad intentions, some people think it is funny to prank you by changing things on your computer. I don’t particularly like people touching my computer, even if I forgot to lock it. One person changed my chat status. I wanted to get a bit overboard in my response to avoid having to deal with it ever again. This requires delving into Windows, MS Office, etc.
In my example I was trying to be obvious. This time the goal is to make it difficult enough to detect. Knowing the knowledge of the helpdesk, my concern was more with the ability of the person than the helpdesk. It should still be kept simple as that’s often overlooked. As such I thought of the following:
- Run a script as a scheduled task (to avoid being able a running process)
- Execute actions randomly to avoid figuring out that the script is scheduled:
- Only once every random X minutes
- Only after a delay of a random seconds (Windows task scheduler can do this automatically)
- Only starts at least 1 day after being installed (to avoid noticing any link between “infection” method and results)
Above is actually really easy to do from VBA (the horrid language used in MS Office). Though VBA is terrible the automation options within Windows are endless and way better than Linux. Almost anything on the system is exposed as an object so you don’t need to mess around with starting commands and checking either exit codes or parsing command output. You can easily control the scheduler as an object for instance.
On to the pranking itself: What to do was fairly easy thanks to Google. Not only can you quickly find nice suggestions, there’s often some code included as well. In the end I created a script which randomly selects from the following pranks:
- Say something via the speaker (using text to speech engine)
- Mute/unmute sound
- Send enter key to running application
- Send backspace key to running application
- Increase the volume 3 steps
- Decrease the volume 1 step
- Press capslock key
- Press alt-tab (switches applications)
- Change mouse to a left handed mouse
- Show Google in the browser
- Minimize all windows
- Tile all windows horizontally
- Show taskbar properties
- Show the window switcher mode (win+tab)
- Send users name to the running application
- Open some internal website
Some actions are only executed based on the idle state. E.g. not idle, idle for 2 min, etc. This helps in ensuring the person gets really annoyed.
Outcome: Infection was fairly easy. However, I made a very stupid error, resulting in the person being really suspicious and eventually figuring out that I put a script on his pc. Fortunately the person is still unable to find the script (yay hidden files!), nor is aware that something like a task scheduler exists (simplicity is good). Even if he’d know about the task scheduler, you can even hide tasks in there (which I obviously did). To be clear: the person is still suffering from all pranks listed above.
Initially I wanted to post the source code as well, but I’ll spare you. There’s nothing like try/except, etc.