How to Make a Trojan Horse
Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a simple Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run. Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The source code for this Trojan is available for download at the end of this post. Let’s see how this Trojan works…
Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.
Now lets move to the working of our Trojan
The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the WindowsSystem32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.
The algorithm of the Trojan is as follows
1. Search for the root drive
2. Navigate to WindowsSystem32 on the root drive
3. Create the file named “spceshot.dll”
4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full
5. Once the drive is full, stop the process.
You can download the Trojan source code HERE. Please note that I have not included the executabe for security reasons. You need to compile it to obtain the executable.
How to compile, test and remove the damage?
Compilation:
For step-by-step compilation guide, refer my post How to compile C Programs.
Testing:
To test the Trojan, just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.
NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.
How to remove the Damage and free up the space?
To remove the damage and free up the space, just type the following in the “run” dialog box.
%systemroot%system32
Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.
NOTE: You can also change the ICON of the virus to make it look like a legitimate program. This method is described in the post
How to Hack Using Trojans
maRATs :
RATs also called as Remote Administration tools are popularly used softwares to control other computer remotely plus considering hacking aspects, hack computer remotely. there’s lots of RATs such as:
Prorat
Turkojan
Yuri RAT plus lots of other.
Working of RATs:
To hack computer remotely using a RAT, you’ve to develop a server plus then send this server to victim whose you want to hack computer remotely. Generally, this server is binded to any file say picture or song, so that whenever victim opens this file on his computer, our server is installed plus this server opens port of victim computer plus by using this opened port, you are able to hack computer remotely.
it is this RAT server that then sends all scheme information to PRORAT plus they can then hack computer remotely using PRORAT.
Things you can do by hacking computer remotely:
five times you gain access to remote computer, you can hack computer remotely plus perform any of following:
Thus, you are able to hack computer remotely 100%. This program to hack computer remotely is hence popular.
Disadvantage of remote hacking program RAT:
The main disadvantage of this program – RAT is that the server created to hack computer remotely is recognized by most antiviruses as hacktool plus hence, antiviruses send alert messages when installing RAT server.
But, there’s lots of softwares like Binders or Crypters to hide RAT server plus prevent antiviruses from sending alerts. Even there’s softwares like AVkiller which is used to turn antivirus inactive plus then our server (used to hack computer remotely) can be installed on victim computer easily.
# Install a keylogger
# Monitor Chat windows
# Shutdown computer remotely
# Take control of scheme registry
# Hack locally stored passwords plus licence keys
# Download additional malware plus servers to gain stronger control
# Control plus access all Control Panel options(including add or remover programs)
# Send various Error messages
# Access Printer services
# Erase all disk data by formatting drives
# Open FTP connection plus start file transaction
This is all about RATs – softwares to hack computer remotely. In my next editorial, i will inform about server creation plus installation on remote computer
PRORAT – Remote computer access program:
1. Download PRORAT software for remote computer access. Password: techotips.blogspot.comAlternative download link for PRORAT program.password: netcrewpassword for prorat v1.9: pro (If netcrew doesn’t work).2. Unzip downloaded file using Winzix (download here) to use this remote computer access software3. Now, the unzipped file will contain Prorat.exe file. Run the file on your computer.4. Now, they have to develop a server to send it to remote computer for remote computer access. So, click on develop ->Create Prorat server.5. Go to no-ip.com plus register for an account.
6. Now, in Pro connective notification, enter in IP(DNS) address, the link provided to you by no-ip plus let all remaining fields remain unchecked.7. Alongwith using Pro connective notification, you can even use your mail address to confirm about server installation.8. You can even bind the server with a specific file to prevent victim knowing about the server installation on his computer.9. To change server default icon, click on “Server icon” on left option pane plus select any suitable icon according to binded file.10. Now, when all things are done, hit on “Create server” plus you will get server created in Prorat directory.
First thing’s first, you’ll charge a apple-pie archetype of Prorat V1.9 actuality is a articulation breadth you can get it from.
http://www.megaupload.com/?d=QNR1BZ3G
This book includes:
ProRat V1.9
The english advice file
Skin packs 1-5
The bark builder
pass: netcrew
Now you accept the all-important files, let’s alpha with the tutorial. Extract ProRat V1.9 and run the ProRat application. We’ll alpha with a ProRat server. Bang actualize abreast the basal and a baby ambience card will arise up, for now let’s aloof accomplish a ProRat server, we’ll awning the added types later.
The ProRat server is the server the rat communicates with, all the fun trojany things :P
The bureaucracy is appealing simple we’ll alpha with the notifications area.
Pro affiliation notification-
this is basically the SIN notification. Breadth it asks for you ip abode aloof bang on the little red half-circle on the ancillary and it will locate your alien ip abode for you.
Mail notification-
self explanitory, the server will accelerate you an email to acquaint you the victim has been infected.
ICQ pager-
If you use ICQ you can be notified of infections via that, put in your UIN and aback a victim is adulterated you will be abreast via ICQ
CGI-
This connects to a web cgi folio and uploads the advice aback a victim is infected
Choose whichever you like, I usually use email and SIN (Pro connective.)
Ok let’s move on to the accepted settings now.
Server Port-
the anchorage you run your server off of (default 5110) For the best allotment you don’t appetite to use the absence port
Server password-
Pick a countersign assure alone you accept access
Victim name-
nothing actual important, aloof so you can accelerate abstracted bodies abstracted servers and be able to analyze each, use whatever you appetite here
Give a affected absurdity message-
when the server is run it displays an absurdity message. You can adapt what it says by beat configure afterwards blockage the box.
Melt server-
After the server is installed the server installer is deleted if checked
Kill AV/Firewall-
when the server is run it kills the Anti-virus and Firewall processes to arrest apprehension if checked
Disable win Xp SP 2….. -
This kills the windows firewall aloft beheading if checked
Clear windows xp restore points-
This will annul all arrangement restore credibility to abstain acclimation the adulterated computer if checked
Don’t accelerate LAN notifications-
this disables notifications if addition aural your arrangement is infected, notifications still assignment from alfresco access aloof not on LAN if checked
Invisibility-
All three of these settings advice to adumbrate the server from the user. I’m not activity to explain them, I’ll aloof acquaint you to leave them all checked
Bind with file-
Allow you to accept a book to bind the server to (this helps anticipate detection)
Server extensions-
Pick the addendum blazon that you want
Server icon-
Pick an icon
So you’ve set all of your settings, now bang on actualize server in the basal appropriate bend and delay a few moments while the affairs builds the server. Go acquisition some suckas that will run it and accord them the file.
Now aback at the capital window of ProRat we’re activity to bang on the little check-box abutting to the R on the bar up top. This footfall is accidental if you didn’t use the pro affiliation notification. This listens for the SIN notifications
Put in the IP abode of your victim and the anchorage the server runs on and bang connect, you’ll be prompted for your password.
Now instead of walking you through this, this is the fun part, arena with your toys, I’ll acquaint you what not to try if you are accomplishing the testing on your own PC
CHAT-
Do not attack this unless you are able for a reboot or you are testing with a server on one computer and the applicant on another.
FUNNY STUFF-
Avoid abutting adviser because you won’t be able to see what you are doing.
Same with accessible screensaver
ok these ar the informations about the added server types
Downloader server-
(copy pasted from prorat, apologetic I’m absolutely tired)
Downloader server’s aim is to affect the victim in an accessible way. ProRat server is 350 kb but Downloader server is aloof alone 2kb. It is easier to accelerate to your victim.
Downloader server’s job is to download and run the absolute server on the ambition PC. It downloads the absolute server in a fast way and executes the book afterwards allurement any questions to your victim. Aback Downloader server is binded with a file, the files admeasurement won’t be too abundant big so your victim will not get apprehensive with the admeasurement of the file.
If you appetite to use Downloader server you charge accept a web hosting and you can additionally use a chargeless hosting. Afterwards this you charge actualize a accustomed server and put it into your web hosting area.
Lets say :
You accept a active a chargeless breadth from http://www.tripod.lycos.co.uk/signup/signup.phtml and you got a web hosting like this “http://members.lycos.co.uk/yourarea/” and upload your server that you created with ProRat applicant to this area.
After you uploaded you server your server abode will attending like “http://members.lycos.co.uk/yourarea/server.exe” Now the alone affair you charge do is actualize a Downloader server.
CREATING DOWNLOADER SERVER :
To actualize a Downloader server you charge bang on “‘Create” button first. A popup awning card will appear. Bang on “Create Downloader Server” Button and get into the Actualize Downloader server menu..
When you blazon the URL on the Downloader server card it will save it automatically so aback you appetite to analgesic addition Downloader server it will advice you for extenuative time.
You accept to chase this way:
1-URL :
In the Downloader server card you accept to blazon the URL for the download action that will be done on the ambition PC. For example: “http://members.lycos.co.uk/yourarea/server.exe”
2-Bind With a Book :
You can bind your server\downloader server with a book that you want. You charge bang on the “Bind the server with a file” button and afresh the book button will be activated. You can accept a book to be binded with the server now. The addendum is not so important you can see the admeasurement of binded server in the ”Server Size” part.
3-Server Addendum :
You can accept the addendum of Server\Downloader server that you will create. ProRat server supports 5 extensions. You can use these extensions for server: *.exe – *.scr – *.pif – *.com -*.bat
But 2 of them abutment icons. Added ones don’t supports windows figure service. *.exe and *.scr has got figure abutment so you can accept figure for this extensions.
4-Server Figure :
If you accept a addendum that has got an figure support. You can baddest the one you appetite to use with the server from the baby pictures on the menu, but don’t balloon icons will accomplish the server admeasurement a little bigger afresh the accustomed size.
If you appetite to use these icons bang on the ‘’server icon” area and baddest the ”Server icon” box. Accept one of them and your server will use this figure afterwards created.
If you accept done all the settings, you can actualize Downloader server. Now You alone accept to Bang on “Create Server” button.
After you accept created your Downloader server you can change its name. It will automatically download the absolute server and run it on the ambition PC with invisibility.
Downloader server will restart it cocky until it downloads the absolute server on ambition PC.
Warning: If the ambition PC gets broken while the Downloader server is downloading the absolute server from the web host, the downloading action will not resume from the aftermost allotment it will aloof alone restart to download the absolute server afresh and If you appetite a action like resuming the download from a 2kb affairs you wont behaving adequately adjoin PRO GROUP.
Create CGI victim List
(copy pasted already again)
What is a Victim List? :
Victim annual is a arrangement that will let you appearance the advice beatific from the server aloof like the email and icq notifications. The advice beatific to your CGI annual contains your victims IP address, Anchorage number, countersign etc… that gives you victims all capacity for connection.
Creating Victim Annual :
This is one of the better differences amid added Trojans CGI notifications. ProRat has got the best CGI victim annual architect on its own client. You can acclimatize aggregate you appetite aback you are creating your victim list. You don’t accept to apart time in configuring the victim annual codes like the added CGI victim lists, and you can accept which accent you appetite to use in CGI victim list.
If you appetite to actualize your victim annual you charge bang on the actualize button and a popup card will appear, bang on actualize CGI victim annual button and you will see 4 boxes and a actualize cgi files button. The appearance of the boxes are listed below: :
Victim Annual Countersign :
If you appetite your annual adequate with a countersign you charge address which countersign you appetite to use in the bare box.
CGI Calligraphy Name :
You can accept the calligraphy name that doesn’t accommodate Turkish characters. If you appetite to change the name of the cgi annual afterwards you created your CGI Victim annual will not work. You charge change the name aback you are creating the file. Absence name of your cgi book will be prorat.cgi and it will be the best band-aid for this problem.
CGI calligraphy Abstracts :
You can accept the calligraphy name that doesn’t accommodate Turkish characters. If you appetite to change the name of the dat addendum book afterwards you accept created it will not work. You charge change the name aback you are creating your file. Absence name for your calligraphy abstracts book is log.dat and it’s the best band-aid for this problem. This scripts will save the logs advancing from server.
Max Cardinal for Annual :
This card will let you appearance the cardinal of victims in your list. Absence cardinal is 100. You can accept every cardinal for this bare but if you accept a cardinal like 10000 charlatan will assignment slow.
After you bureaucracy these details. Bang on the “Create CGI files” button.
How To Use:
To use this CGI victim annual tool. You charge accept a host with CGI support. You can booty a chargeless host from these sites
http://www.netfirms.com
http://www.tripod.lycos.com
After you annals an annual from a host, you charge upload “prorat.cgi and “log.dat” to your hosts cgi-bin binder in ASCII mod. Change the CHMOD for “prorat.cgi” to 755, and change the CHMOD for “log.dat” to 600. If you don’t apperceive what is CHMOD amuse apprehend the afterward steps.
INSTALL + IMPORTANT THINGS + FREQUENTLY ASKED QUESTIONS:
1-Learn that your hosting supports CGI. If it doesn’t accept a CGI abutment use addition host with CGI support.
2-Upload your files to the cgi-bin binder on your host and don’t balloon to analysis them you should see 2 files in your CGI agenda afterwards you upload them.
3-You charge upload your files to your host in ASCII mod. If you upload in bifold mod your CGI victim annual won’t work. If you appetite to break this botheration we acclaim to you upload with Cute-Ftp program. Professional FTP programs like Cute-Ftp can automatically accept the mod for extensions of files. If you appetite added capacity chase upload + ASCII + cgi in http://www.google.com
4-Did you bureaucracy the files to CHMOD in you host ?
The amount of the Victim lists capital book that is “prorat.cgi” charge be 755 in CHMOD, and the ‘log.dat’ amount charge be 600 in CHMOD.
You can acclimatize CHMOD afterwards you upload files with Cute-Ftp. Appropriate bang on the book and bang on CHMOD and chase the accomplish :
prorat.cgi :
Owner permissions :
[X]READ [X]WRÄ°TE [X]EXECUTE
Group permissions :
[X]READ [ ]WRÄ°TE [X]EXECUTE
Public permisions :
[X]READ [ ]WRÄ°TE [X]EXECUTE
log.dat :
Owner permissions :
[X]READ [X]WRÄ°TE [ ]EXECUTE
Group permissions :
[ ]READ [ ]WRÄ°TE [ ]EXECUTE
Public permisions :
[ ]READ [ ]WRÄ°TE [ ]EXECUTE
5-If you say I did all the settings appropriate but my annual didn’t assignment :
Did any adapt your prorat.cgi book afterwards you created it? If you edited your prorat.cgi book your annual may not assignment and actualize a fresh CGI file.
6-If you say, I’m accounting my countersign into my CGI victim annual but my victim annual doesn’t accessible we anticipate that you accept afflicted the names of your CGI files afterwards you created them, and this may annual this problem.
Don’t balloon if you appetite to change names of files you charge name them aback you are creating the files from the client, But if you are an avant-garde user you can accessible “prorat.cgi” with a argument editor and adapt the settings as you appetite to do in “prorat.cgi”.
7-If you are accounting the actual URL for your victims annual but it says “****** called book cannot be found”.
If you accept a botheration like this maybe you forgot to upload “log.dat” book to cgi-bin binder in host or you afflicted name of the log.dat book afterwards you created it.
8-IF you forgot the countersign that you put to your victim list. Actualize a fresh one and change the fresh prorat.cgi with the earlier one and don’t balloon to agenda it somewhere.
9-If you accept abounding victims but they don’t get listed on your victim list. Accessible prorat.cgi with a argument editor and arise to settings allotment and $show_list = “xxx”; address a amount instead of xxx like absence cardinal for that is “100″ , afterwards you set it, upload and alter t with the old file. If you say I can’t do that actualize a fresh prorat.cgi from Applicant and blazon a bigger amount for the max cardinal of annual for archetype 200.
10-if you say I did all the things but I don’t apperceive how to affix to my victim list. Blazon http://yoursite/cgi-bin/prorat.cgi on your browser and you will see your login page. The important point of you CGI URL is the end of your URL be the name of you cgi book of prorat.cgi and blazon it to the end of your URL.
For archetype you accept a annual like http://prorat.netfirms.com and you didn’t accord the absence name for prorat.cgi and instead you acclimated the name counter.cgi. your URL should be like this http://prorat.netfims.com/cgi-bin/counter.cgi
11-if you say I took a host from tripod but it doesn’t accord me permission to adapt manually CHMOD. That is accurate some hosts don’t gives permission for this but we can break this botheration with afterward steps.
Login on tripod’s folio with your username and countersign and go to FÄ°LE MANAGER. Your files will be apparent in a appropriate calligraphy folio and go to cgi-bin folder, analysis the box abutting to the ProRat cgi book and bang on the button at the larboard top (EDIT). Now annul all the things in prorat.cgi and archetype the prorat.cgi that is in your PC to your host and save it.
12-If you say I did all the things but I can’t upload log.dat. Blazon article on log.dat and try to accelerate it again. Afterwards you install your victim annual you can annul logs with the button called ‘Empty Page’ button.
13-If you say that you took a chargeless host with cgi abutment but the hosting aggregation bankrupt my account.
If you accept abounding victims, this cartage can be alerted to the admin of aggregation or you alone use cgi-bin of your annual it can active them too. Now you can accessible a fresh annual and put a armpit with 2-3 pages, and put a basis and affix to your ex users change the earlier cgi annual articulation with online editor.
14-If you don’t actualize prorat.cgi with ProRat applicant and downloaded it from about or if you appetite to upload it afterwards a continued time, you can change it to bifold mod while you are alteration it or downloading it. Download ProRat Applicant and actualize your own Victim list.
15-If you say I approved aggregate and I did all the things appropriate but my annual didn’t work:
If your age is beneath 16;
We acclaim you to not use ProRat for a brace of years and instead application ProRat go and comedy amateur or use your computer for education.
You will require to have Winzix to get PRORAT – remote computer access program. Download Winzixhere.Now, when you’ve created PRORAT server, next step is to send this server to victim computer plus then use PRORAT for remote computer access. I will explain in my next editorial about how to connect to remote PRORAT server on remote victim computer plus then use this for remote computer access. If you’ve any problem in using this
lost door v 3.2 Stable (Build 2)
[Image] lost door v 3.2 Stable (Build 2) done at 21 May my birthday date (happy birthday to me :lol: )
Lost door Official Website www.lostdoor.cn download http://www.lostdoor.cn/download.html Whats New :
———–
# [+] Remote Nat viewer
# [+] Rmote Resotr Manager
# [+] Added Some Graphics
# [+] Some minor Bugs fixed
# [+] Some Forms Has Been Modified
# [+] News Navigator was Added
Pictures :
