Re: [PEN-TEST] penetrating trojan

[Joakim Sandström <jode () TRIBALSTORM COM>]

Ok I know this is a bit evil BUT:

I once wrote a small piece of software (Win32) that after planted made
system tests like ->

        1. Check if can reach some ex. geocities/angelfire through http. If
success ->
                Read instructions -> do something
        2. Check NNTP ports if success -> write encrypted messages
describing system
            and dump ex. directory structure as attachment and post to new
group (usually some
            asian group) with header easily recognaisible by attacker who
know can see the troijan
            and can by different means communicate to it -> directly by
asking it to call home (specifying
            port in news post) or posting command directly (encrypted) to a
newsgroup. Theese commands
            can hold information about which files should be moved and by
which means and to where. ex..
            move all files in folder to a public ftp site.. (some big with
allot of users)..

You can easily built further and further on troijans like this. When I quit
developing on thisone I was working
on a Packet Relay Network to make it even harder to track back to the
attacker if he has infected more than
1 computer on your network. Usually you would track him quite easily down by
traditional methods and find out
to where he's "speaking" etc.. but by sending packet's randomly through a
"cluster" or several "clusters" of infected
computers it makes it even harder.. though this was never 100% implemented..
got sort of bored ..! :)

These are just examples of what could be done by this.. but my main question
is -> Any tool out there
capable of doing this sort of thingies?  I'd be interrested in knowing what
effective methods has been
used to infect other computers after gaining access to a domain on some
level..

Calling home isn't IMO that smart.. easy to track down.. call the seven 11
instead there is allot more ppl there..
to suspect..

/JODE