Security Basics mailing list archives
Re: Looking for a Trojan
From: Wagner Brett <bwagner62 () gmail com>
Date: Wed, 21 Jan 2009 08:43:04 -0500
If I may introduce myself my name is Brett and I am fairly new to this forum greetings to all. It has been many years since I have been involved in this type of work so I am going to ask questions rather than make any assertions.
If an individual was to hide a malicious program (trojan) in another program (a legitimate one) perhaps even one like "Go to My Desktop" send it to a user as a Free Demo and got them to install it them selves would this work and avoid detection by the AV. I understand that a script would need to be written to install the trojan, but that should not be too difficult and it would require the person receiving it to be uninformed, which we know does not exist in the world of computer users :-} smirk.
Thanks for any consideration and answer to my question. On Jan 20, 2009, at 1:49 PM, David Maus wrote:
On 19. Jan 2009 09:18, Juan B wrote:I got myself into an argument with a colleague of mine about trojans, he says that now days all old trojans can be detected as long as the AV software is updated, I need to show him he is wrong.No offense, but this debate is mindless: AV detects trojans it knows and uses some heuristics to catch bad things not known to the AV. AV does not care about the age of a trojan ('old' -- whatever this means). As the only criterion for trojan in your debate is its 'age' and beeing an trojan is (kind of) a classification of software according to it's principle function there's no way to settle this debate -- because the set of trojans in question includes every programm that acts as a trojan that exist somewhere on someones computer, including trojans that are well customized for a particular target and the ones never made public.I am looking for a Trojan or rootkit to be installed locally on a virutal machine ruining Xp. ... the trojan will need to disable the AV software ... or just avoid detection by the AV software,This part of your request indicates that you want to proof your point by finding a *well known public* trojan that is not detected by AV. This question is answered: Uwe Thiess wrote:Also when you have a public trojan that kills AV, the user first has to run it to make it work, and til then the AV will definetly detect itSo, if you debate whether all public well known trojans are detected by AV or not, your colleague is right. They are. If you debate whether AV can detect everything, your colleague is wrong. Regards, David -- Email..... maus.david () gmail com Jabber.... dmjena () jabber org ICQ....... 241051416 OpenPGP... 0x316F4BE4670716FD
Current thread:
- Looking for a Trojan Juan B (Jan 19)
- Re: Looking for a Trojan Rob Nelson (Jan 20)
- Re: Looking for a Trojan Uwe Thiess (Jan 20)
- RE: Looking for a Trojan Nick Vaernhoej (Jan 20)
- Re: Looking for a Trojan michael (Jan 20)
- Re: Looking for a Trojan Adam Pal (Jan 20)
- Re: Looking for a Trojan Shreyas Zare (Jan 20)
- RE: Looking for a Trojan David Harley (Jan 20)
- Message not available
- Re: Looking for a Trojan Shreyas Zare (Jan 20)
- Re: Looking for a Trojan David Maus (Jan 20)
- Re: Looking for a Trojan Wagner Brett (Jan 21)
- Re: Looking for a Trojan Javier Reyna Padilla (Jan 20)
- Re: Looking for a Trojan ArcSighter Elite (Jan 27)
- <Possible follow-ups>
- Re: Looking for a Trojan dan . crowley (Jan 22)
- Re: Looking for a Trojan Eitan Adler (Jan 22)
- Re: Looking for a Trojan Sarapan (Jan 23)