Security Basics mailing list archives
Re: Looking for a Trojan
From: ArcSighter Elite <arcsighter () gmail com>
Date: Mon, 26 Jan 2009 10:50:50 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Juan B wrote:
Hi, I got myself into an argument with a colleague of mine about trojans, he says that now days all old trojans can be detected as long as the AV software is updated, I need to show him he is wrong. I am looking for a Trojan or rootkit to be installed locally on a virutal machine ruining Xp. the machine has AV software and It will be accessed via the internet. I need the Trojan to supply me screenshots of the victim computer,maybe to send them to an E mail address etc.. the trojan will need to disable the AV software (which I dont know which version is installed) or just avoid detection by the AV software, I know that trojans like subseven Backorfice etc will be detected immediately by AV software so they don't help much.. someone knows of such a trojan /RAT ? thanks a lot ! Juan
Ok. I won't get into the "political" issues of posting such a question. But instead, I'll try to provide you some help, we're here for this, aren't we? First, if you want to get introduced into the RAT world, then you must understand first how AV works, reactive and proactive methods they use in detecting malware solutions. After that, you need to get some background about the techniques malware creators have come with along the time for evading AVs, the history is long: Poly/metamorphism, EPO, Encryption, IAT, hooks, etc. If you just want to make a point, then go and shop an undetectable trojan/rootkit. Secondly, as someone posted of course s7 and BO are pretty old. Whats interesting is my next topic, you could get melissa-99 virus completely undetectable to all running AVs if you know about the methods. I won't point you to any guides in here, google and forums will do fine. But if, instead of buying, you decide to get the knowledge first, my preferred method BTW, then you should research about stealth methods, coming from signature finding/modification and/or RIT method, runtime encryption, along with a lot of topics as (poly|meta)morphism, executable packing/unpacking, PE format, etc. and yes, you need to code and to know assembly in the minor case. Sometime ago, before I dropped RATs, I preferred Bifrost and it was only "noted" by KAV 7's proactive defense as "Invader" because of KAV's hooks, and eventually that got bypassed to. So, get into the communities, get the knowledge, and if I have the time, I'm pleased providing you some feedback. Sincerely. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkl928sACgkQH+KgkfcIQ8cRXwCg21VlGEH7Lckk5tn3ATV4Z9t5 hxEAnRLDJUpI2ZNsCE3WvQ61N5LB+hDi =XaVL -----END PGP SIGNATURE-----
Current thread:
- Re: Looking for a Trojan, (continued)
- Re: Looking for a Trojan Uwe Thiess (Jan 20)
- RE: Looking for a Trojan Nick Vaernhoej (Jan 20)
- Re: Looking for a Trojan michael (Jan 20)
- Re: Looking for a Trojan Adam Pal (Jan 20)
- Re: Looking for a Trojan Shreyas Zare (Jan 20)
- RE: Looking for a Trojan David Harley (Jan 20)
- Message not available
- Re: Looking for a Trojan Shreyas Zare (Jan 20)
- Re: Looking for a Trojan David Maus (Jan 20)
- Re: Looking for a Trojan Wagner Brett (Jan 21)
- Re: Looking for a Trojan Javier Reyna Padilla (Jan 20)
- Re: Looking for a Trojan ArcSighter Elite (Jan 27)
- Re: Looking for a Trojan dan . crowley (Jan 22)
- Re: Looking for a Trojan Eitan Adler (Jan 22)
- Re: Looking for a Trojan Sarapan (Jan 23)