Re: Looking for a Trojan

[David Maus <maus.david () gmail com>]

On 19. Jan 2009 09:18, Juan B wrote:
> I got myself into an argument with a colleague of mine about
> trojans, he says that now days all old trojans can be detected as
> long as the AV software is updated, I need to show him he is wrong.

No offense, but this debate is mindless: AV detects trojans it knows
and uses some heuristics to catch bad things not known to the AV. AV
does not care about the age of a trojan ('old' -- whatever this
means). As the only criterion for trojan in your debate is its 'age'
and beeing an trojan is (kind of) a classification of software
according to it's principle function there's no way to settle this
debate -- because the set of trojans in question includes every
programm that acts as a trojan that exist somewhere on someones
computer, including trojans that are well customized for a particular
target and the ones never made public.

> I am looking for a Trojan or rootkit to be installed locally on a
> virutal machine ruining Xp. ... the trojan will need to disable the
> AV software ... or just avoid detection by the AV software,

This part of your request indicates that you want to proof your point
by finding a *well known public* trojan that is not detected by
AV. This question is answered:

Uwe Thiess wrote:
> Also when you have a public trojan that kills AV, the user first has
> to run it to make it work, and til then the AV will definetly detect
> it

So, if you debate whether all public well known trojans are detected
by AV or not, your colleague is right. They are. If you debate
whether AV can detect everything, your colleague is wrong.

Regards,
David

-- 
Email..... maus.david () gmail com
Jabber.... dmjena () jabber org
ICQ....... 241051416
OpenPGP... 0x316F4BE4670716FD

Attachment: signature.asc
Description: Digital signature