djboss
12-17-2008, 12:44 PM
HOW TO MAKE A TROJAN LOOK LIKE A JPG
So many questions were asked on bulletin board and IR - for example, how to hide a Trojan in a picture -
that I decided to write this short explanation.
This trick works only by sending a picture to someone on ICQ.
How to make this work?
1 Find a small Trojan. Best not detected by AVP.
2 Find a binder that can bind a JPG to an exe. Best not detected by AVP.
3 Rename the result file and change the icon.
1 First you must find a small Trojan to bind to the picture.
That way the size will not be too big and the receiver won`t get suspicious by long
downloading times or big picture sizes.
The best is to use a small Trojan with ICQ notify.
Then you get a notify on ICQ with IP address.
You need that to connect and to upload another Trojan that has more functions.
Many of them are out there:
MiniCommand 1.2, FC`s InCommand, Slim`s Asylum and Webasylum, WWWPW.
There are lots of them, and new ones getting available every day. Try to get an unpacked server,
so you can pack the server.
If the server is packed, it is harder for antivirus programs to detect it.
Edit the server.
Then test the server on your own computer, to see if you get an ICQ pager.
Make this work. Else edit the server again. Do not forget to remove the server afterwards.
You can do this by connecting to 127.0.0.1, your own IP.
Then give the command: "remove server".
:D
So many questions were asked on bulletin board and IR - for example, how to hide a Trojan in a picture -
that I decided to write this short explanation.
This trick works only by sending a picture to someone on ICQ.
How to make this work?
1 Find a small Trojan. Best not detected by AVP.
2 Find a binder that can bind a JPG to an exe. Best not detected by AVP.
3 Rename the result file and change the icon.
1 First you must find a small Trojan to bind to the picture.
That way the size will not be too big and the receiver won`t get suspicious by long
downloading times or big picture sizes.
The best is to use a small Trojan with ICQ notify.
Then you get a notify on ICQ with IP address.
You need that to connect and to upload another Trojan that has more functions.
Many of them are out there:
MiniCommand 1.2, FC`s InCommand, Slim`s Asylum and Webasylum, WWWPW.
There are lots of them, and new ones getting available every day. Try to get an unpacked server,
so you can pack the server.
If the server is packed, it is harder for antivirus programs to detect it.
Edit the server.
Then test the server on your own computer, to see if you get an ICQ pager.
Make this work. Else edit the server again. Do not forget to remove the server afterwards.
You can do this by connecting to 127.0.0.1, your own IP.
Then give the command: "remove server".
:D