A little tutorial on using trojans for real profit

[admin]

This tutorial based on theory what you already have a trojan for grabbing accounts and other private info of victim for you.

First of all after you bought trojan you need webserver, where all your logs will be kept. Using e-mail for it is a not a good idea. First your e-mail account can be stolen. Second thing is a restrictions on free box space and anti-spam features of mail provider. So if you have big botnet which send a lot of logs to you your account will reach free space and no new logs will be received and anti-spam feature can block most of mails sended to you by trojans. It’s hard to avoid anti-spam blocker coz all e-mail providers use their own anti-spam system and programmer should learn all that systems. It will take a lot of time and this game is not worth the candle.

So you need a hosting for storing logs. Most of hosting providers support PHP, ASP, MySQL and other features so you need just to choose what hosting provider you like more then others. Almost all hosting acceptable for use it for keeping logs.
All scripts what you need for my spyware included in package so all what you need is upload it and set right permissions to the files.
One thing you need at your hosting is a PHP option “register_globals” to be On. So check your hosting provider to allow this feature before purchasing hosting.


So we have a hosting. Next we need to distribute trojan to as much victims as we can.
There is a lot of ways to do it
Running the exe file:

If it's someone you know, you could try tricking them into running the file. Make up some story to get them to run it. After they run it, they will be infected with it.
You could also have it "hidden in another exe file". This is called exe binding, if you search google for it you will find a dozen exe binders. What this does is you get some exe file, perhaps an actual game, bind it to trojan, and get them to run the new exe file. What this will do is after you say "I just got a cool game, check it out" and send them the game&trojan exe, they won't suspect anything because it actually is a game.

Using an exploit

There are several exploits for Windows, for Internet Explorer, etc. An exploit is a flaw in the program that you can exploit to do a desired task. For example, there was a flaw in Internet Explorer a while back which allowed you to give a link to someone that would display anthing you wanted in the address bar and it would go to whatever website you wanted (eg display "http://www.ebay.com" while it actually went to "http://www.yourfakepage.com". Anyway, if you can find out what operating system your victim is using, you could try to find an exploit on the internet that allowed you to run remote code on their computer.
Most popular is exploits for Internet Explorer which upload and run trojan at victims computer.

People, who using this way making a scam page where they place an exploit and trojan and make people to visit their page. So then victim visit swindler’s page he will be infected by virus. It’s simple, but you have to compel people to visit your site. For this swindler using SPAM or companies who sell traffic, clicks or pop-up banner shows. Swindlers card traffic companies and they get people to visit your page and get infection. How they do it is a other story and to explain it I will have to write another tutorial, so lets keep it undisclosed. Just they force people to visit your site

Using RTSW.Smash I-WORM or other trojan droppers:

Another way is using a viruses called i-worms. This is a self-spreading systems which spread to victims computer by itself. It uses e-mail, p2p network, operating systems vulnerabilities, other backdoors/i-worms or other methods of spreading to infect a victim. After infection such programs can download to a victim any program you wish to victim computer. It can be trojan or just a joke program. Anything what you want
So all you have to do is distribute i-worm as much as you can and just sit down and wait. Your botnet will grow by itself.
This small tutorial is only for learning. All things, described here is only for learning and showing flaw in a computer systems. I’m not responsible if someone will practice it. Keep in mind what all things described here is an illegal.

Sorry for my english. It’s not my native language.
Thanks to Itbook for help in writing this tutorial.

 

[bybydejau]

thanks for this tutorial

 

[frostj085]

nice tut enjoyed reading and Ur English was on point

but i have a question about Trojan drops:

1. how effective is this method of spreading
2. with a Trojan droper you only have to infect one machine right then after that it would spread from there onwards ?

 

[objectionable]

some spreading?

 

[developer]

Ok is nice info here

 

[privileges]

this best tutorial

 

[destractions]

spyeye or zeus
to selling you logs,accounts,sites,shells do to traffic server

 

[2012CarderPro]

thanks for this tutorial

same think

 

[ProfessionalsOnly]

How about binding it to a video?

 

[Carding 4 Carders]

Trojans - what it is, the most famous types + protection against them​

All types of known Trojans
They got their name from the infamous mythological horse of the same name - a malicious component penetrates the system under the guise of a useful program or utility.

As a rule, a Trojan program is offered to be downloaded under the guise of a legitimate application, but instead of the declared functionality, it does what the attackers need. And the main task of Trojan programs is precisely in various destructive activities: from blocking various programs or installing advertising banners to encrypting files and intercepting passwords to payment systems.

Modern Trojan programs have evolved to such complex forms as, for example, a backdoor (intercepts administrative functions of the operating system on the computer) and a bootloader (installs malicious code on the victim's computer).

These highly dangerous applications can perform the following actions that are not authorized by the user:

• deleting data
• blocking data
• changing data
• copying data
• slowing down of computers and computer networks.

Next, we will look at the classification of Trojan programs by the type of actions they perform on your computer, in more detail.

ArcBomb
These Trojan programs are archives that are specially designed in such a way as to cause abnormal behavior of archivers when trying to unpack data, such as freezing or significantly slowing down the computer or filling the disk with a large amount of "empty" data.

There are three types of such Trojan archives:

• containing an incorrect archive header or corrupted data inside the archive - all this may cause a specific archiver or decompression algorithm to fail when parsing the archive contents;
• containing a large object consisting of repeated data. this allows you to pack it into a small archive (for example, 5 GB of data is Packed into a 200 KB RAR archive);
• containing identical objects - a huge number of identical objects in the archive. It also has almost no effect on the archive size when using special methods (for example, there are techniques for packing 10 thousand identical objects into a 30 KB RAR archive).

Backdoor
A backdoor Trojan program provides attackers with the ability to remotely control infected computers. By infecting a computer, attackers can remotely perform any actions on it, including sending, receiving, opening and deleting files, displaying data, and rebooting. Depending on the functionality of a particular backdoor, the attacker can install and run any software on the victim's computer, save all keystrokes, download and save any files, and turn on the microphone or camera. Backdoors are often used to combine a group of victim computers into a botnet (zombie network) for criminal purposes.

Separately, we should mention a group of backdoors that can spread over the network and be embedded in other computers, as network worms do. What distinguishes such backdoors from worms is that they are distributed over the network not spontaneously (like worms), but only by a special developer team.

Banker
Banking Trojans are designed to steal the credentials of Internet banking systems, electronic payments, and Bank cards (both credit and debit).

Clicker
Such Trojan programs are designed for uninitiated user access from an infected computer to certain Internet resources (usually, to web pages). This is achieved either by sending appropriate commands to the browser, or by replacing system objects that contain "standard" addresses of Internet resources (for example, the hosts file in the Windows operating system).

Attackers can pursue the following goals:

• increasing traffic to any sites in order to increase ad impressions;
• organizing a DoS attack (see below) to any server;
• attract potential victims to get infected with viruses or Trojans.

DoS
DoS Trojans are designed to perform denial-of-service attacks on targeted web addresses. In such an attack, a large number of requests are sent from infected computers to the system with a specific address, which can cause it to overload and lead to denial of service requests from real users.

Often, in order to carry out a successful DoS attack, attackers first infect many computers with Trojans of this type (for example, through massive spam mailing), after which each of the infected computers attacks a given victim. Such an attack is called DDoS (Distributed Denial of Service).

Downloader
Trojan programs like Downloader can download and install new versions of malware, including Trojans and adware, on the victim's computer. Programs downloaded from the Internet are then either launched or registered by the Trojan for startup.

This type of destructive software has recently been frequently used to initially infect the computers of visitors to infected web pages containing exploits.

Dropper
These programs are used by hackers to covertly install Trojans and / or inject viruses found in the body of such Trojans, as well as to prevent malware detection, since not every antivirus program is able to detect all the components of such Trojans.

After saving a malicious program like Dropper on disk (often in the Windows system directory), it is executed, and usually without any messages (or with false messages about an error in the archive, an incorrect version of the operating system, etc.).

As a result, attackers achieve two goals:

• covert installation of Trojans and viruses;
• protection against detection of destructive programs by antivirus programs, because, as already noted, not all of them are able to check all the components inside such Trojans.

Exploit
Exploits are programs with data or code that exploit a vulnerability (or several vulnerabilities) in applications running on a computer for a deliberately destructive purpose. Attackers usually use exploits to break into the victim's computer and then inject malicious code (for example, infecting all visitors to the hacked website with malware).

Exploits are also used extensively by worms to break into a computer without the administrator's knowledge. The so-called Nuker programs are also widely known, which send specially formed requests to a local or remote computer, as a result of which the system stops working.

FakeAV
Programs like FakeAV simulate the operation of antivirus software. With their help, attackers try to extort money from the user in exchange for the promise of detecting and removing non-existent threats that they report to him.

GameThief
Game Trojans steal information about online game participants ' accounts and pass it on to an attacker.

IM
Trojan programs like IM steal usernames and passwords to instant messaging programs such as ICQ, MSN Messenger, Skype, and others, and transmit this information to an attacker. For data transfer, you can use email, FTP Protocol, web requests, and other methods.

Rootkit
Rootkits are programs designed to hide certain objects or actions in the system. Often, their main goal is to prevent detection of malicious programs in order to increase their working time on the infected computer. The rootkit itself does not do anything malicious, but in the vast majority of cases it is used by malware to increase its own lifetime in affected systems due to the difficulty of detecting it. As a rule, registry keys (for example, those responsible for autorun of malicious objects), objects and processes in the infected computer's memory, and destructive network activity are hidden. This is made possible by the close integration of the rootkit with the operating system. And some rootkits (so-called bootkits) can start working even before the operating system is loaded. However, no matter how this type of Trojan develops, sophisticated modern antivirus programs can detect and neutralize almost all existing types of rootkits.

How Trojans work
All Trojan horses have two parts: a client and a server. The client manages the server part of the program over the TCP / IP Protocol. The client can have a graphical interface and contain a set of commands for remote administration.

Server part of the program-installed on the victim's computer and does not contain a graphical interface. The server part is designed to process (execute) commands from the client part and transmit the requested data to the attacker. After getting into the system and taking control, the server part of the Trojan listens on a specific port, periodically checking the Internet connection, and if the connection is active, it waits for commands from the client part.

The attacker uses the client to ping a specific port of the infected host (the victim's computer). If the server part has been installed, it will respond with a confirmation to the ping that it is ready to work, and when confirmed, the server part will tell the attacker the IP address of the computer and its network name, after which the connection is considered established. Once a connection has been made to the Server, the Client can send commands to it, which the Server will execute on the victim machine. Also, many Trojans connect to the attacker's computer, which is set to accept connections, instead of the attacker trying to connect to the victim itself

Symptoms of infection

• appearance of new applications in the autorun registry
• showing fake uploads of video programs, games, porn videos, and porn sites that you haven't uploaded or visited;
• creating screenshots;
• opening and closing the CD-ROM console;
• playing sounds and / or images, displaying photos
• restarting the computer during the start of an infected program;
• accidental and / or random shutdown of the computer.

Deletion methods
Since Trojans have many types and forms, there is no single method for removing them. The simplest solution is to clear the Temporary Internet Files folder or find a malicious file and delete it manually (Safe Mode is recommended). In principle, antivirus programs can detect and remove Trojans automatically.

If the antivirus program is unable to find the Trojan, downloading the OS from an alternative source may allow the antivirus program to detect the Trojan and remove it. Regular updates to the antivirus database are extremely important to ensure better detection accuracy.

Disguise
Many Trojans can be located on the user's computer without their knowledge. Sometimes Trojans are registered in the Registry, which causes them to start automatically when Windows starts. Trojans can also be combined with legitimate files. When a user opens such a file or launches an application, the Trojan runs in the same way.

Protection
Trojans are so named because they require your permission to run on your computer-either when you run the program yourself, or when you open a document or image, which then runs the program.

Based on this, the first and best protection against Trojans is to never open an email attachment or run a programif you are not 100% sure of the source of files downloaded from peer-to-peer programs or websites. But in today's interconnected world, this is rarely possible, so you need to take a few specific security measures.

• always update your software. This is doubly relevant for important programs, such as your operating system and browser. Hackers exploit known security flaws in these types of programs, and through them send Trojans to your computer that do their dirty work. The SOFTWARE manufacturer usually releases patches for these vulnerabilities, but they won't do you any good if you don't maintain the latest version of the software on your device. To ensure that your Internet connection is as secure as possible, you must always have the firewall enabled. Both software-based and hardware-based network screens do an excellent job of filtering out malicious traffic and can often prevent Trojans from downloading to your computer.
• to fully protect yourself, you should install an antivirus or Trojan removal utility. This SOFTWARE (provided that it is regularly updated) scans your system for Trojans and automatically checks any program or file that you run to ensure its security. There are free Trojan removal tools on the Internet, but few of them are regularly updated, and some are even Trojans themselves.

Conclusion
By following a few simple rules for safe online behavior and using a reliable security solution, you can be sure that your computer is protected from the vast majority of Trojans and other malicious programs.