Re: Looking for a Trojan

[ArcSighter Elite <arcsighter () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Juan B wrote:
> Hi,
>
> I got myself into an argument with a colleague of mine about trojans, he says that now days all old trojans can be 
> detected as long as the AV software is updated, I need to show him he is wrong.
> I am looking for a Trojan or rootkit to be installed locally on a virutal machine ruining Xp. the machine has AV 
> software and It will be accessed via the internet. I need the Trojan to supply me screenshots of the victim 
> computer,maybe to send them to an E mail address etc.. the trojan will need to disable the AV software (which I dont 
> know which version is installed) or just avoid detection by the AV software, I know that trojans like subseven 
> Backorfice etc will be detected immediately by AV software so they don't help much..
>
> someone knows of such a trojan /RAT ?
>
> thanks a lot !
>
> Juan
>
>
>       
Ok.
I won't get into the "political" issues of posting such a question. But
instead, I'll try to provide you some help, we're here for this, aren't we?

First, if you want to get introduced into the RAT world, then you must
understand first how AV works, reactive and proactive methods they use
in detecting malware solutions. After that, you need to get some
background about the techniques malware creators have come with along
the time for evading AVs, the history is long: Poly/metamorphism, EPO,
Encryption, IAT, hooks, etc.

If you just want to make a point, then go and shop an undetectable
trojan/rootkit.

Secondly, as someone posted of course s7 and BO are pretty old.
Whats interesting is my next topic, you could get melissa-99 virus
completely undetectable to all running AVs if you know about the methods.

I won't point you to any guides in here, google and forums will do fine.

But if, instead of buying, you decide to get the knowledge first, my
preferred method BTW, then you should research about stealth methods,
coming from signature finding/modification and/or RIT method, runtime
encryption, along with a lot of topics as (poly|meta)morphism,
executable packing/unpacking, PE format, etc. and yes, you need to code
and to know assembly in the minor case.

Sometime ago, before I dropped RATs, I preferred Bifrost and it was only
"noted" by KAV 7's proactive defense as "Invader" because of KAV's
hooks, and eventually that got bypassed to.

So, get into the communities, get the knowledge, and if I have the time,
I'm pleased providing you some feedback.

Sincerely.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkl928sACgkQH+KgkfcIQ8cRXwCg21VlGEH7Lckk5tn3ATV4Z9t5
hxEAnRLDJUpI2ZNsCE3WvQ61N5LB+hDi
=XaVL
-----END PGP SIGNATURE-----