Security researchers from AVG were decompiling a trojan -- it had been originally posted to a Diablo III forum, masquerading as a how-to video -- when the malware's author popped up in a window on their screen. It turned out that the trojan had a built-in chat, as well as a screen-capture facility. The hacker who wrote the malware saw them working on defeating her or his virus and decided to tell them off for their audacity. Franklin Zhao and Jason Zhou, the AVG researchers, wrote up their experience:
The dialog is not from any software installed in our virtual machine. On the contrary, it’s an integrated function of the backdoor and the message is sent from the hacker who wrote the Trojan. Amazing, isn’t it? It seems that the hacker was online and he realized that we were debugging his baby...
We felt interested and continued to chat with him. He was really arrogant.
Chicken: I didn’t know you can see my screen.
Hacker: I would like to see your face, but what a pity you don’t have a camera.
He is telling the truth. This backdoor has powerful functions like monitoring victim’s screen, mouse controlling, viewing process and modules, and even camera controlling.
We then chatted with hacker for some time, pretending that we were green hands and would like to buy some Trojan from him. But this hacker was not so foolish to tell us all the truth. He then shut down our system remotely.