Friday, February 13, 2009

The Art of Deception: Trojan horses

An introduction

Trojan horses are programs which appear to be legitimate but contain harmful payloads such as malware or virii. Trojan horses were actively used throughout warfare, not only as the Trojan horse Troy used but food trucks concealing missiles, etc. This tactic can also be used for cyber warfare, as many military tactics can.

Setting up the payload

Now decide on what payload you wish to use. I won’t go into much detail for this, because it’s simple, but I will focus on the “deception” part. Let’s say you wish to send an EXE concealed as a picture. Once the payload has been done, the file size isn’t very correct for a standard picture file.

Standard picture files are approximately 1 MB in size. To make your Trojan larger, just add large picture or music files into the project Trojan before compiling until you get the size wanted.

Next, a mistake which inexperienced Trojan makers make. Do not use the whole installation package. Otherwise, when the trap is sprung an installation application would pop up. Something like Troy giving the enemy a “Terms of use” contract and asking him to sign it. Just save it, compile the program in a sandbox and then get the app in the /bin file of your project in the Programming Language directory.

Concealing the Trojan

Now for the introduction of another program, Icon Changer, available from http://www.shelllabs.com/ . Download the trial version and install it. Now, go to the Trojan you wish to conceal and right click it. Select the option ‘Change Icon’.

The Icon Changer window will pop out. Now, select the icon you wish to use for the Trojan. Search your C: drive for icons. For this Trojan I will use the picture icon. Just double click it and the icon will be changed. The icon will stay the same on different Operating Systems because the core icon in the file is changed.

Springing the trap

Let’s say you’re going to upload it to a website/ send it over instant messaging. There will be security feature so that you can’t send EXEs over. Now, time for a little trick. Put the Trojan into a .zip file and send it. Of course there’s a little social engineering involved.

Have a nice day,
IncandescentLight

No comments: