To
show you an example of a malicious program, I will use a well known
Windows Trojan, ProRat using a Rat tool you can hack any email account
in world facebook, yahoo,gmail,..etc.
1. Download ProRat. Once it is downloaded right click on the folder and choose to extract it. antivirus wil detect it as trojan but it is a false positive detection.
2. Open up the program. You should see the following:
3. Next we will create the actual Trojan file. Click on Create and choose Create ProRat Server.
4. Next put in your IP address so the server could connect to you. If you don’t know your IP address click on the little arrow to have it filled in for you automatically. Next put in your e-mail so that when and if a victim gets infected it will send you a message. We will not be using the rest of the options.
5.
Click on the General Settings button to continue. Here we will choose
the server port the program will connect through, the password you will
be asked to enter when the victim is infected and you wish to connect
with them, and the victim name. As you can see ProRat has the ability
to disable the windows firewall and hide itself from being displayed in
the task manager.
6.
Click on the Bind with File button to continue. Here you will have the
option to bind the trojan server file with another file. Remember a
trojan can only be executed if a human runs it. So by binding it with a
legitimate file like a text document or a game, the chances of someone
clicking it go up. Check the bind option and select a file to bind it
to. In the example I will use an ordinary text document.
7.
Click on the Server Extensions button to continue. Here you choose
what kind of server file to generate. I will stick with the default
because it has icon support, but exe’s looks suspicious so it would be
smart to change it.
8.
Click on Server Icon to continue. Here you will choose an icon for
your server file to have. The icons help mask what the file actually
is. For my example I will choose the regular text document icon since
my file is a text document.
9. Finally click on Create Server to, you guessed it, create the server file. Below is what my server file looks like.
10.
A hacker would probably rename it to something like “Funny Joke” and
send it as an attachment to some people. A hacker could also put it up
as a torrent pretending it is something else, like the latest game that
just came out so he could get people to download it.
11. Now, I will show you what happens when a victim installs the server onto his computer and what the hacker could do next.
12. I’m going to run the server on my own computer to show you what would happen. Once I run it the trojan will be installed onto my computer in the background. The hacker would then get a message telling him that I was infected. He would then connect to my computer by typing in my IP address, port and clicking Connect. He will be asked for the password that he made when he created the server. Once he types it in, he will be connected to my computer and have full control over it.
11. Now, I will show you what happens when a victim installs the server onto his computer and what the hacker could do next.
12. I’m going to run the server on my own computer to show you what would happen. Once I run it the trojan will be installed onto my computer in the background. The hacker would then get a message telling him that I was infected. He would then connect to my computer by typing in my IP address, port and clicking Connect. He will be asked for the password that he made when he created the server. Once he types it in, he will be connected to my computer and have full control over it.
13.
Now the hacker has a lot of options to choose from as you can see on
the right. He has access to all my computer files, he can shut down my
pc, get all the saved passwords off my computer, send a message to my
computer, format my whole hard drive, take a screen shot of my computer,
and so much more. Below I’ll show you a few examples
14. The image below shows the message I would get on my screen if the hacker chose to message me.
15. Below is an image of my task bar after the hacker clicks on Hide Start Button.
16. Below is an image of what the hacker would see if he chose to take a screen shot of the victims screen.
As
you saw in the above example, a hacker can do a lot of silly things or
a lot of damage to the victim. ProRat is a very well known trojan so
if the victim has an anti-virus program installed he most likely won’t
get infected. Many skilled hackers can program their own viruses and
Trojans that can easily bypass anti-virus programs.
Post a Comment