What is Trojans Virus and How it Work
What is Trojans Virus and How it Work: in this article you will learn about What is Trojans Virus and How it Work. and if this article helpful for you please like and share its to your friends and all your groups. What is Trojans Virus and How it Work
What is Trojans Virus and How it Work
A Trojan Horse Virus is a type of malware that downloads onto a computer disguised as a legitimate program. The delivery method typically sees an attacker use social engineering to hide malicious code within legitimate software to try and gain users’ system access with their software. What is Trojans Virus and How it Work
NAT – Network Address Translation : THis is the virtual network which mappes the public ip address to private and vice versa.
Trojans are the malicious applications or programs which looks like a normal application but is harmful in nature as it can give the whole remote access of the Target’s Machine to the Attacker’s Machine.
TYPES OF TROJANS ON THE BASIS OF CONNECTION
Reverse Connection Trojan : A reverse connection trojan is that in which we don’t have to get or know the IP Address of the Victim’s Machine. You just have to create a trojan having the Attacker’s IP Address only.
DEPLOYING OF TROJAN IN THE TARGET’S MACHINE
1. DEPLOYING IN THE SAME NETWORK : The attacker just have to create a Trojan of the IP in the same network where a Target is residing.
2. DEPLOYING TROJAN GLOBALLY : In this Scenario, a Attacker is using a Globally hosted DNS with a global IP to get a reverse connection from a Target to itself. For eg. Using NOIP and Port Forwarding.
RAT stands for Remote Administration Tool. It helps in creating Malwares like Trojans and Viruses which provides Remote Connection of a Victim Machine while not letting know the Victim about it.
CREATION OF TROJANS
= IP + PORT = Socket
= Stub = The Malicious Trojan we make through Dark Comet.
1. Left top corner = DarkComet-RAT
2. Go to “Server Module” = Full Editor(expert)
3. Main Settings = Process Mutex
Mutex = Thread which helps me in sharing the computer’s resources
Random Process Mutex
Server ID = Same|Change
Profile Name = Same|Change
4. Goto Network Setting
Insert Private IP Address and a port number(greater than 1200)
Socket = IP Address + Port Number
IP Address = Private IP Address –> 192.168.0.28
Port Number = 1604
CLick On “ADD”
5. Goto “Module Startup” = When my computer start, then what are the things which my trojan will do.
Check box the “Start the stub with windows”
Drop the stub in:
6. Goto Install Message
Tick the check box
Choose the icon
Enter the you want the user to display
7. Goto Module Shield
8. File Icon
Choose any file icon from the list.
9. Goto Stub Finalisation
Build This Stub
Destination for saving the stubb
10. To listen on a specific port
port = 1604
In the dark comet screen, top left corner = DarkComet-RAT = Click on that
Click on “Listen to new port”
enter the port number = 1604 and click on listen
EVADING ANTIVIRUSES AND ANTIMALWARES
HOW ANTIVIRUSES WORKS
Antiviruses and Antimalwares works on the definations or called signatures of an application. If they found that a Signature of a Application is malicious, they will declare the application as a malware and if not they will declare it as a normal running application.
FUD – Fully Undetectable
CRYPTERS AND BINDERS
Crypters are cthose applications which helps as a extra coating layer to an application providing there own self generated “Signatures”. Eg. CHrome Crypter, Urge Crypter
Binders are those applications which binds a file or a malware in any extension while not changing the functionality of the filetype.
Chrome & Urge Crypters = Limbo > Bingo
BOTNETS AND ROOTKITS
Botnets means roBOT+NETwork. THese are the malicious applications such as TRojans etc.. which runs on the Network and are intelligent enough to use there own mechanism.
Rootkits are those Malicious Applications or Codes which are installed in the Boot option such as BIOS and start executing on every startup.
SECURE SYSTEM CONFIGURATION
1. CMD > $ netstat -ona
(This will show all the Sockets : IP+Port Connections with their Stats of that particular machine)
= o stands for ports
= n stands for network IPs
= a stands for all connections
2. CMD > tasklist
CMD > $ taskkill /PID ___ /F
3. Startups Check and Maintaining the list of the Machine.
4. Task Manager > Processes > kill PID (Process ID) of the Malicious Executable(exe)
5. Checking Firewall status and making and creating new Rules Sets. > Outbound Rules & Inbound Rules
6. Services running on the Machine.
1. Create a POC by making a Stub and getting the Remote Connection of a Machine.
2. Report on the World’s First Antivirus.
3. Find an application which can see the “Established” and “Listening” connection of a machine just like “netstat”.