💾 Archived View for gemini.spam.works › mirrors › textfiles › uploads › comp_trojans.txt captured on 2020-10-31 at 01:28:49.
-=-=-=-=-=-=-
|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| |++++++++++| |The Complete Trojans Text |--------|Written On| |(Security Related) | | | |by tHe MaNiAc | |3.04.2000 | |contact me at: themaniac@blackcode.com |--------|++++++++++| |maniac@forbidden.net-security.org | |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| This guide is for educational purposes only I do not take any responsibility about anything happen after reading the guide. I'm only telling you how to do this not to do it. It's your decision. If you want to put this text on your Site/FTP/Newsgroup or anything else you can do it but don't change anything without the permission of the author.I'll be happy to see this text on other pages too. All copyrights reserved.You may destribute this text as long as it's not changed. <--=--=--=--=--=--=--=--=> Author Notes: I hope you like my texts and find them useful. If you have any problem or some suggestion feel free to e-mail me but please don't send mails like "I want to hack the US government please help me" or "Tell me how to blind a trojan into a .jpg" "WHere can I get a portscanner" etc...... Be sure if I can help you with something I will do it. I've started writing security related tutorials and I hope you like that.I'll try to cover much more topics in my future texts and I want to thank to all of the people that like my texts. <--=--=--=--=--=--=--=--=> Links: ------------------------------- \ Here you can find other texts \ written by me or other friends: \ users.ldproxy.com/maniac \ http://www.blackcode.com / blacksun.box.sk / neworder.box.sk / -------------------------------- Table of Contents <---------------------------------------\ | \ |-1.What Is This Text About? \ |-2.What Is A Trojan Horse \ |-3.Trojans Today \ |-4.The future of the trojans \ |-5.Anti-Virus Scanners \ |-6.How You Can Get Infected? \ |-----From ICQ \ |-----From IRC \ |-----From Attachment \ |-----From Physical Access \ |-----From Trick \ |-7.How Dangerous A Trojan Can Be? \ |-8.Different Kinds Of Trojans \ |-----Remote Access Trojans \ |-----Password Sending Trojans \ |-----Keyloggers \ |-----Destructive Trojans \ |-----FTP Trojans \ |-9.Who Can Infect You? \ |-10.What is the attacker looking for? \ |-11.How The Trojans Works \ |-12.The Most Common Trojan Ports | |-13.How Can I Monitor My Comp for trojans without any scanner?| |-14.Software To Help You Monitor Your Computer | |-----Log Monitor /-----------------------> |-----PrcView / |-----XNetStat / |-----AtGuard \ |-----ConSeal PC FIREWALL \ |-----LockDown2000 / |-----TDS / |-15.Placing Backdoors In Programs / |-16.Advices / |-17.Final Words / \_______________________________/ 1.What is this text about? /=-=-=-=-=-=-=-=-=-=-=-=-=-=/ In this text I'm going to explain you interesting things about the trojans and about their future.I hope you'll realize that trojans are dangerous and they're still big security problem although many people say don't download files from the net and you won't get infected which is not right.The main thing I want to explain here is do the trojans have future and other interesting things about them. This text is only for Windows based trojans not Unix one. =-=-=-=-=-=-=-=-=-=-=-=-=-= 2.What Is A Trojan Horse? /=-=-=-=-=-=-=-=-=-=-=-=-=/ A trojan horse is -An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user. -A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user. -Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and probably unwanted) by the user. Trojans can also be called RAT's, or Remote Administration Tools. The trojan got it's name from the old mythical story about how the greeks during the war, gave their enemy a huge wooden horse as a gift. They accepted this gift and they brought into their kingdom, and during the night, greek soldiers crept out of the horse and attacked the city, completely overcoming it. 3.Trojans Today /=-=-=-=-=-=-=-=/ Trojans has always been big security problem even today.Most of the people don't know what a trojan is and they keep downloading files from untrusted sources or from suspicious people.Today there are more than 600 trojans on the net that I know but I think there are many many more.Because every hacker or programer today have it's own trojan made for his/her special needs and not published anywhere.Every hacking group has also it's own trojans and programs. When someone start learning winsock the first creating is chat client or trojan horse.Even the anti-virus scanners I'll talk below people still get infected by themselves,by some hacker or by some of your friends. -----------------------> 4.The Future Of Trojans =-=-=-=-=-=-=-=-=-=-=-=-= I think there're a lot of people out there that think the trojans are outdated and they don't have future.Well I don't think so.Trojans will always have future and new things added in them.There are so many things that can be improved by skilled programers in the trojans. Trojans that COMPLETELY hide in the system and of course restart every time Windows is loaded trojans that will lie every trojan and anti-virus program this is the future I think. People that program trojans has a lot of ideas that makes their trojans unique. These people start placing backdoors in ActiveX and who knows maybe in future they'll find other sources they can place the trojans in.Programmers will always think of new and unique trojans with functions never seen before. Trojans are made every day by the programers with new options and with better encryption so the Anti-Trojan software can't detect them.So noone knows how many are the trojans on the net. But the programmers are still programming trojans and they will continue in the future. Technically, a trojan could appear almost anywhere, on any operating system or platform. However, with the exception of the inside job mentioned previously, the spread of trojans works very much like the spread of viruses. Software downloaded from the Internet, especially shareware or freeware, is always suspect. Similarly, materials downloaded from underground servers or Usenet newsgroups are also candidates.There are thousand of programs with not checked source and new programs are appearing every day especially the freeware one so they can all be trojans.So be careful what you're downloading and from where you're downloading it. Always download software from the official page. -----------------------------> 5.Anti-Virus Scanners /=-=-=-=-=-=-=-=-=-=-=-=/ People think that when they have a virus scanner with the latest virus definitions they're secure on the net and they can't get infected with a trojan or noone can have access to their computer.This is NOT right.The purpose of the anti-virus scanners is to detect not trojans but viruses.But when trojans became popular the scanners started adding also trojan definitions.These scanners just can't find the trojans and analyze them that's why they're just detecting the common and the well know from everyone trojans like Back Orifice and NetBus and also several other.As I told they're around 600 trojans I know out there and the anti-virus scanners are detecting just a LITTLE part of them. These scanners are not firewalls that will stop someone that want to connect to your computer or try to attack you as people think they are.So I hope that you understand that the main purpose of these scanners is not to detect trojans and protect you while you're online. Most of the internet users know only Back Orifice and NetBus as trojans. There are some specific tools out there that clean ONLY from these trojans. Again people think that they're secure and protected from every trojan. ---------------------------> 6.How Can I get Infected? /=-=-=-=-=-=-=-=-=-=-=-=-=-=/ Everyone ask this question and often people ask themselves how they got infected.Also when someone ask them did they run some file send to them by someone or downloaded from somewhere people always say they didn't run anything or download some file but they did it.People just don't pay attention to things they do online and that's why they forget about the moment of the infection with the trojan. You can get infected from many places and I'll try to explain you these things here. 6.1 From ICQ 6.2 From IRC 6.3 From Attachment 6.4 Physical Access 6.5 Tricks-diskette 6.1 From ICQ People think that they can't infect while they're talking via ICQ but they just forget the moment when someone sends them a file. Everyone knows how insecure ICQ is and that's why some people are afraid of using it. As you maybe know there's a bug in ICQ allowing you to send a .exe file to someone but it will look as .bmp or .jpg or whatever you want it to look like.This is very dangerous as you see and can get you in trouble.The attacker will just change the icon of the file like a BMP image,tell you it's a pic of him,rename it to photo.bmp then you'll get it and of course before getting it you'll see that it's .bmp and you're secure because the file is not executable. Then you run it see the picture and you think there's nothing to worry about but there is. That's why most of the people say that they didn't run any files because they know that they've run an image not executable. A way to prevent this bug in ICQ is always to check the type of the file before running it.It may has an BMP icon but if at the type of the file is written executable I thin you know that it will be mistake if you run that file. 6.2 From IRC You can also get infected from IRC by receiving files from untrusted sources.But I advice you always to be paranoid and do not receive files from ANYONE even from your best friend because someone may stolen his/her password and infect you.Some people think that they can be 100% sure that the other person is their friend when they ask him/her something like a secret or something else that only he/she know but as I told you be paranoid because someone may infect your friend and just check his/her IRC logs and see what is this secret about or learn other things.Be paranoid it's more secure as I say and do not receive files from anyone on IRC or from somewhere else like e-mail,ICQ or even your online friends. 6.3 From Attachment The same thing goes about the e-mail attachments.NEVER run anything even if it says you'll see hot porno or some passwords for server or anything else.The best way to infect someone with a trojan is mass e-mailing the server because there're new people on the net and they'll of course get infected.This is the best way of infecting as I said that's why it's preferred by the people that want to infect the masses. 6.4 Physical Access You can of course get infected by some of your "friends" when they have physical access to your computer.Let's suppose you leave someone on your computer just for 5 minutes,then of course you can get infected by one of your "friends".There are some very smart people out there that keep thinking of new ways of getting physical access to someone's computer.Here are some tricks that are interesting: 1.You "friend" may ask you "Hey bro can you give me some water" or something that will leave him alone.You'll go to take some water and then........You know 2.The attacker may have a plan.Let's say you invited him/her at 12:00 at your home and that attacker told one of your "friends" to call the victim at 12:15 and start talking about something with the victim.The attacker again have time to infect you. Also the "friend" that is calling you may say something like "Is there anyone around you,if so move somewhere else I don't want anyone to hear what we are talking about" The attacker is again alone and have time to infect you. 6.5 Trick This is one trick that may work on people that really want something and the attacker knows what is it. Let's say that the victim wants to watch some porno or want xxx passwords,then attacker can just leave a diskette with the trojan in the front of the victim's house and put the trojan with some xxx pics of course. This is bad things because sometimes if you really want something and you finally found it you don't think about anything else except to check it you.You again get infected. I hope now you understand how you got infected the last time (if you got infected of course). -----------------------------------> 7.How dangerous a trojan can be? /=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/ Many people that don't know what a trojan is think that when they run an executable nothing happened because their computer is still working and all the data is there,if it was a virus their data will be damaged and their computer will stop working. Someone is downloading and uploading files on your computer. Someone is reading all of your IRC logs and learning interesting things about you and your friends. Someone is reading ALL of your ICQ messages. Someone is deleting files on your computer. These are some examples how dangerous a trojan can be. There people that use trojans just to place virus on the infected machine like CIH and destroy the machine. ---------------------------> 8.Different Kinds Of Trojans =-=-=-=-=-=-=-=-=-=-=-=-=-=-= Remote Access Trojans ------------------------------- These trojans are the most popular trojans now. Everyone wants to have such trojan because he or she want to have access to their victim's hard drive. The RAT'S (remote access trojans)are very simple to use.Just make someone run the server and you get the victim's IP and you have FULL access to his or her computer.They you can almost everything it depends of the trojan you use. But the RAT'S have the common remote access trojan functions like: keylogger,upload and download function, make a screen shot and so on.Some people use the trojans for malicious purposes. They want just to delete and delete.This is lame.But a have a guide about the best way to use a trojan.You should read it. There are many programs out there that detects the most common trojans,but new trojans are coming every day and these programs are not the maximum defense. The trojans do always the same things. If the trojan restart every time Windows is loaded that means it put something in the registry or in win.ini or in other system file so the trojan can restart. Also the trojans create some file in the WINDOWS\SYSTEM directory.The file is always looking to be something that the victim will think is a normal WINDOWS executable.Most trojans hide from the Alt+Ctrl+Del menu.This is not good because there are people who use only this way to see which process are running.There are programs that will tell me you exactly the process and the file from where it comes.Yeah but some trojans as I told you use fake names and it's a little hard for some people to understand which process should they kill.The remote access trojans opens a port on your computer letting everyone to connect. Some trojans has options like change the port and put a password so only the guy that infect you will be able to use the computer.The change port option is very good because I'm sure you don't want your victim to see that port 31337 is open on their computer.Remote access trojans are appearing every day and they will continue to appear. For those that use such trojans: BE CAREFUL you can infect yourself and they the victim you wanted to destroy will revenge and you'll be sorry. --------------------------------------- Password Sending Trojans The purpose of these trojans is to rip all cached passwords and send them to specified e-mail without letting the victim about the e-mail. Most of these trojans don't restart every time Windows is loaded and most of them use port 25 to send the e-mail.There are such trojans that e-mail other information too like ICQ number computer info and so on.These trojans are dangerous if you have any passwords cached anywhere on your computer. ---------------------------------------- Keyloggers These trojans are very simple.The only one thing they do is to log the keys that the victim is pressing and then check for passwords in the log file. In the most cases these trojans restart every time Windows is loaded.They have options like online and offline recording.In the online recording they know that the victim is online and they record everything.But in the offline recording everything written after Windows start is recorded and saved on the victims disk waiting for to be transferred. ---------------------------------------- Destructive The only one function of these trojans is to destroy and delete files.This makes them very simple and easy to use.They can automatically delete all your .dll or .ini or .exe files on your computer. These are very dangerous trojans and once you're infected be sure if you don't disinfect your computer information will no longer exist. ----------------------------------------- FTP trojans These trojans open port 21 on your computer letting EVERYONE that has a FTP client to connect to your computer without password and will full upload and download options. These are the most common trojans.They all are dangerous and you should me careful using them. --------------------------------------> 9.Who Can Infect You? /=-=-=-=-=-=-=-=-=-=-=/ Well basically you can get infected by everyone that know how to use a trojan(it's VERY easy) and of course know how to infect you. People that use trojans are wannabe hackers that are just at the stage of using trojans.Some of these people don't move to the next stage and they're lamers that can only use trojans and as I said it's VERY easy. But after reading this text you'll know the most common ways that someone can infect you with a trojan and it will be hard for the people using them to infect you. ------------------------> 10.What Is The Attacker Looking For? /=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/ Some of you may think that trojans are used for damage only. Well they can also be used to spy on someone's machine and take a lot of private information from it.Wellthe common data an attacker looks for would include but not limit to the following. -----> Credit Card Information -----> Credit Information -----> Checking Account Information -----> Any accounting data -----> Data bases -----> Mailing Lists -----> Personal Addresses -----> Email Addresses -----> Account Passwords -----> Home Office / Small Business Information -----> Company Accounts / Subscribed for Services -----> Resumes -----> Email -----> Any Company Information / Services He Can Access -----> Your or spouse's first and last name -----> Children's names / ages -----> Your address -----> Your telephone number -----> Letters you write to people -----> Email -----> Your personal resume -----> Your family pictures -----> School work -----> Any school accounts / information 11.How The Trojans Works /=-=-=-=-=-=-=-=-=-=-=-=/ Here I'll explain you how the trojans work.If you don't know some words you can check the "Terms Used In The Text" section and read about them there. When the victim runs the server it does functions like opening some specific port and listening for connections.It can use TCP or UPD protocols. When you connect with the victim IP the you can do what you want because the server let you do the trojan functions on the infected computer.Some trojans restart every time Windows is loaded. They modify win.ini or system.ini so the trojan can restart but most of the new trojans use the registry so they can restart. Trojans communicate like client and server.The victim runs the server,the attacker sends command to the infected server with the client and the server is just following what the client "says" to it. --------------------------> 12.The Most Common Trojan Ports /=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/ Here's a list of the most common trojan ports: Satanz Backdoor|666 Silencer|1001 Shivka-Burka|1600 SpySender|1807 Shockrave|1981 WebEx|1001 Doly Trojan|1011 Psyber Stream Server|1170 Ultors Trojan|1234 VooDoo Doll|1245 FTP99CMP|1492 BackDoor|1999 Trojan Cow|2001 Ripper|2023 Bugs|2115 Deep Throat|2140 The Invasor|2140 Phineas Phucker|2801 Masters Paradise|30129 Portal of Doom|3700 WinCrash|4092 ICQTrojan|4590 Sockets de Troie|5000 Sockets de Troie 1.x|5001 Firehotcker|5321 Blade Runner|5400 Blade Runner 1.x|5401 Blade Runner 2.x|5402 Robo-Hack|5569 DeepThroat|6670 DeepThroat|6771 GateCrasher|6969 Priority|6969 Remote Grab|7000 NetMonitor|7300 NetMonitor 1.x|7301 NetMonitor 2.x|7306 NetMonitor 3.x|7307 NetMonitor 4.x|7308 ICKiller|7789 Portal of Doom|9872 Portal of Doom 1.x|9873 Portal of Doom 2.x|9874 Portal of Doom 3.x|9875 Portal of Doom 4.x|10067 Portal of Doom 5.x|10167 iNi-Killer|9989 Senna Spy|11000 Progenic trojan|11223 Hack?99 KeyLogger|12223 GabanBus|1245 NetBus|1245 Whack-a-mole|12361 Whack-a-mole 1.x|12362 Priority|16969 Millennium|20001 NetBus 2 Pro|20034 GirlFriend|21544 Prosiak|22222 Prosiak|33333 Evil FTP|23456 Ugly FTP|23456 Delta|26274 Back Orifice|31337 Back Orifice|31338 DeepBO|31338 NetSpy DK|31339 BOWhack|31666 BigGluck|34324 The Spy|40412 Masters Paradise|40421 Masters Paradise 1.x|40422 Masters Paradise 2.x|40423 Masters Paradise 3.x|40426 Sockets de Troie|50505 Fore|50766 Remote Windows Shutdown|53001 Telecommando|61466 Devil|65000 The tHing|6400 NetBus 1.x|12346 NetBus Pro 20034 SubSeven|1243 NetSphere|30100 Silencer |1001 Millenium |20000 Devil 1.03 |65000 NetMonitor| 7306 Streaming Audio Trojan| 1170 Socket23 |30303 Gatecrasher |6969 Telecommando | 61466 Gjamer |12076 IcqTrojen| 4950 Priotrity |16969 Vodoo | 1245 Wincrash | 5742 Wincrash2| 2583 Netspy |1033 ShockRave | 1981 Stealth Spy |555 Pass Ripper |2023 Attack FTP |666 GirlFriend | 21554 Fore, Schwindler| 50766 Tiny Telnet Server| 34324 Kuang |30999 Senna Spy Trojans| 11000 WhackJob | 23456 Phase0 | 555 BladeRunner | 5400 IcqTrojan | 4950 InIkiller | 9989 PortalOfDoom | 9872 ProgenicTrojan | 11223 Prosiak 0.47 | 22222 RemoteWindowsShutdown | 53001 RoboHack |5569 Silencer | 1001 Striker | 2565 TheSpy | 40412 TrojanCow | 2001 UglyFtp | 23456 WebEx |1001 Backdoor | 1999 Phineas | 2801 Psyber Streaming Server | 1509 Indoctrination | 6939 Hackers Paradise | 456 Doly Trojan | 1011 FTP99CMP | 1492 Shiva Burka | 1600 Remote Windows Shutdown | 53001 BigGluck, | 34324 NetSpy DK | 31339 Hack?99 KeyLogger | 12223 iNi-Killer | 9989 ICQKiller | 7789 Portal of Doom | 9875 Firehotcker | 5321 Master Paradise |40423 BO jammerkillahV | 121 ---------------------------------> 13.How Can I Monitor My Computer Without Scanner? /=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/ Again the masses think that when they have some trojan scanner or anti-virus one they're secure. Well the best way you can check for trojans is to do it by your own.You're not sure is the trojan scanner working correctly so start checking it alone. In this text I've included one list of software and reviews of course that will help you check your system for trojans. Well you always need to check which ports are opened on your system and if you see that one of the common trojan ports is open you're probably infected.