Trojan How Bad is It? Trojan Demonstration

[Ceyfer √]

Warning : This article is for Security Purpose Only, Raymond.cc forum is not liable for any damages it may cause upon reading this article. I share this in order to INFORM the public how dangerous a Good Trojan is.

...............Trojan Demo...............

The following is a demo of how a Trojan horse works. For this demo we have used the well known Sub Seven Trojan (aka Backdoor). The reader should be aware that this demo only outlines some of the more popular Trojan functions. This demo is only provided as a brief outline of what some Trojans allow the Hacker to do. Trojans become more advanced every day. Trojan programmers are always on the lookout for new startup methods as well as ways to get around both hardware and software firewalls.

SubSeven Trojan Demo

The Hacker Can Retrieve All Of Your Passwords:
Above is a screen shot of the SubSeven user interface showing the section relating to passwords. As you can see your passwords for your dial up and mail accounts and any sites that you visit requiring a password can all be stolen just at the click of a button if your machine was compromised by this Trojan. The simplicity of use of this powerful Trojan is the reason it's popularity has exploded.


Above is a screen shot of the SubSeven user interface showing the section relating to passwords. As you can see your passwords for your dial up and mail accounts and any sites that you visit requiring a password can all be stolen just at the click of a button if your machine was compromised by this Trojan. The simplicity of use of this powerful Trojan is the reason it's popularity has exploded.

Hacker's Are Scanning For Infected Computers:
You will often be probed on ports 1243, 27374 and port 6667 TCP by exploiters subnet scanning for computers infected by this backdoor. After receiving a list of all your cached passwords hackers will often use these passwords to access your mail accounts or if you are on a dial up connection they will use your account to hack from or trade with other hackers. ICQ and AOL instant messenger screen/nicknames are often taken over and stolen in the same way. Sites that you pay for or subscribe to and online banking accounts that you may use are all now accessible by the hacker.

Hacker's Can Take Over Your Accounts:
If you have your own web site you can pretty much expect the hacker to access that and exchange your trusted download files for Trojans or just to deface and delete your site and then change the password to deny you access to your hard work. Some hackers use the ICQ takeover feature which basically downloads your ICQ database files and your personal and private chat history along with your password to their own ICQ. Once they have done this they log onto ICQ as you and change the account password and change the e-mail address that ICQ should send lost or changed passwords to. The account is now secured by the hacker and you have very little chance of getting it back. Often their next trick would be to message all your friends on ICQ that have known you a long while and trust you and then send them Trojan horse files which most will readily accept and run because they know and trust you.

The Hacker can access your files just as though they were their own.

Using the file manager part of the program the hacker can access all of your drives including hidden drives and has full access to all of your files. Normally the hacker will go to the My Documents folder first looking for personal items about you or lists of passwords or financial details. They can download any files they wish to again just at the click of a button. Often hackers find it funny to delete files that are important or have taken a lot of time and effort like a resume document or a school project or business accounts.

The Hacker Can See Every Computer Key You Press:

The key logger logs every key that you press on your keyboard and the application that you typed to. Any e-mail that you write or any texts that you write or private messages to friends in chats are logged just as above. The key logger not only records all the keys pressed but even saves a log of the keys that you pressed when not connected to the Internet for the hacker to simply download and read at their leisure again just at the touch of a button. If the hacker is logging keys while you are online and typing something then he sees the keys as they are pressed. If the hacker was spying on you chatting on ICQ then they could simply enable the key logger to see your replies to messages and enable the ICQ spy tool to see the incoming messages. All these processes run hidden from you and a skilled hacker will use this type of program stealthily and you will never know that they are there.

Trojans Can Send IRC & ICQ Pages To The Hacker:

A hacker can also find a compromised computer if they were the one to edit and alter the server because they can set it up in such a way as to have the infected computer send an ICQ pager as illustrated above or to broadcast on an IRC ( Internet Relay Chat Network ) or by sending an e-mail the moment the computer connects to the Internet This information gives the hacker the IP address you are at and the port number to connect to as well as the password and the version of the Trojan. Above is an ICQ WWW Pager message informing the hacker that one of his target computers is online and awaiting his attentions. Some hackers receive hundreds of these pagers every day and it has become such a problem that ICQ have tried on numerous occasions to deny these pagers being sent via their network to very little avail as SubSeven is updated just as fast as ICQ stops the pagers with a new workaround version.

The Hacker Can Hide Behind Your Connection:
Above is a client screen shot of the port redirect function after it has been enabled which shows how the hacker can activate a port on your machine to open up and point to any destination they like. This one was set up so the hacker could connect to an IRC chat server. The hacker then simply opens up an IRC script of choice and types /server 127.0.0.1 9000 ( 127.0.0.1 denoting the IP address of the computer that was port redirected ) and hits connect and usually moments later ends up connected to IRC but with a difference. The difference is that they are showing your address now instead of their own and can anonymously commit crimes like trading credit card numbers or denial of service attacks with you getting the blame or being reported for it. A lot of compromised machines are being used in just this way. Not only that but the hacker can have your machine connect to an IRC server as a drone or a zombie machine.

These zombie machines are used to spy on other IRC networks or as IRC channel bots and are controlled by commands typed in the channel or by private messages to the zombie. By these means the hacker can control 1000's of these machines just by one command and use them as a flood net or to attack other computers or web sites. By using IRC the hacker does not even need to connect to the machines that they control. Distributed Denial Of Service ( DDOS ) attacks are illegal but often impossible to pinpoint the individual that launched the attack. Generally if your machine was involved in the attack then you can expect a visit from the authorities and your machine is your own responsibility. Even though you never launched an attack or even knew about it the fact is that the attack came from your machine regardless.

The Hacker Can Use Your Connection To Scan For Other Infected Computers:

Here we see the scanner options in the client. The scanner can be run from the client itself or it can be launched from the compromised machine. The hacker can make your machine illegally probe 1000's of machines for Trojans as well as waste your bandwidth. Then as above use port redirection to try and connect to these computers that your computer probed and reported as being Trojan. infected

The Hacker Can Turn On Your WebCam And Watch You Without Your Knowledge:

Above we see what is possible if the compromised computer has a webcam. The hacker can actually sit and watch you without your knowledge and I think you agree the possibilities are endless as to what the hacker may see using this spying feature. The hacker is also able to look at your desktop and click your mouse for you as shown below or obtain a full screen image of your desktop.

The Hacker Can Watch Everything That You Do On Your Computer As If You Were On TV:


----------------
Copyright 2003 LockDown Corp
---------------

[shan]

very interasting. :) and =)

@and about keyloggers. my games are keyloggers i think. as kaspersky detected some of them as keyloggers when i tried to run it. is it normal for games or.......im i in trouble

[Solaris]

Their behavior is like keyloggers, but they will not be keyloggers for sure. Do not worry, that happens generally with game .exe files. For example EA games are detected as keyloggers as the game exe files use Game.dat file for gameplay.

[prashanthpai]

ya sub7 is legendary - i used to do that in ma computer class LAN.

along with this i used to use nc.exe - NetCat

[Raymond]

About 10 years ago, Subseven was the best trojan around. It beats Back Orifice and Netbus in terms of features.