Trojan Horse Virus

What is a Trojan Horse :

This is favorite tool for hackers. It’s really a fantastic tool which gives complete unauthorized access of remote computers. Hackers can sit anywhere and can control any pc in the world, if it has Trojan.

Same as the keylogger, it takes 1-2 minute’s time to install in victims system. Even it can bind up with games or other software’s.

After successful installation of Trojans in victims in victim’s pc. Attacker can switch on victims webcam without his/her permission or knowledge, access files, completely control victim’s pc.

Prevent Trojan Horse :

Firewall is hunter of these Trojans. A firewall will be there by default in windows operating system. You can find it in control panel and also download 3rd party firewall like comodo or zone alarm or get antivirus integrated with firewalls.

Note: in fact if we add exception to firewall it will allow Trojan too.

1. Detecting Trojans Manually:

TCP view is one of the fantastic tools among sysinternals suite which detects Trojans. This tool shows all the connections from your computer to remote computer.

Since a Trojan will uses ports to communicate with hacker system you can find it with uses ports. You can find it with the help of TCP view

2. Detecting Trojans by Antivirus :

Signature based (definitions)
Heuristic

1. Signature based:

All antivirus can save all known virus signatures in it database and compares it against the files, we selected to scan. If the signature of those file database then it says its virus else not.

2. Heuristic Detection:

This mechanism is clever here antivirus study the activity of the process. If the activity of the process is suspicious then it says virus. Some antivirus like kaspersky brings to our notice about suspected process and seeks our permission to allow it execution or not.

Best Antivirus Programs:

Steps to Attack Victim Computer:

Now we are going to discuss about a popular Trojan known as 'ProRat'.

Create a server file from ProRat client.
Open ProRat window, Then create.
If you want to use notifications or reverse connection set it, also select icon for your Trojan file.
After setting appropriate settings click on create a server.
Then you can see below message saying server file has been created
A file will be created in the same folder where your ProRat located.
This is the file which gives complete access to our enemy system.
after creating server file, upload to file sharing sites and then send it to a victim.
Before sending this as it is, use crypters to make it undetectable by antivirus.
Make it undetectable by using binders.
Execute server.exe (actual Trojan file) at victim’s computer.
Open prorat client in your computer, enter victim ip/system name and connect it. (You can use reverse connection, if you don’t know victims IP).

Best Trojan Tools:

Suggestions:

1. No-IP:

if you don’t have static public IP for reverse connection, then no-ip.com is the solution. No-ip is dynamic dns provider. We can host sites in our pc; even we don’t have a public IP at www.no-ip.com

2. Binders:

If we execute above prorat server file, it will start its operations in background. Also it won’t display any message or image to victim. Then, victim may suspect us. At this time binders will help us, to hide our Trojans behind some other trusted software or in games.

Trojan+game=game with Trojan

If you bind this Trojan with a game then victim plays the game, you can play with victim’s pc as the Trojan too will be executed in backdrop.

Prorat has this binding feature, select 'bind with file' while creating server.

I’m binding yahoo messenger with Trojan server file and Making Trojans or antivirus undetectable.

Even though we bind our Trojan with other software’s antivirus can easily detect them. It’s because of the signatures database. Before learning about crypters and making Trojans undetectable, let’s see how an antivirus detects.

Credit: Sai Satish