All About Trojan And How to Make One

Trojan consists of two parts :

1. A Client component

2. A Server component.

One which resides on the Victim’s computer is called the server part of the Trojan and the one which is on the attacker’s computer is called the client Part of the Trojan. For the Trojan to function as a backdoor, the server Component has to be installed on the 

Victim’s machine.

1. Server component of the Trojan opens a port in the Victim’s computer and invites the Attacker to connect and administrate the computer.

2. Client component of the Trojan tries to connect the Victim’s computer and 

administrate the computer without the permission of the User.

Wrapper

A Wrapper is a program used to combine two or more executables into a single packaged program. The wrapper attaches a harmless executable, like a game, to a Trojan’s payload, the executable code that does the real damage, so that it appears to be a harmless file.

Hackers use Wrappers to bind the Server part of the Software behind any image or any other file. Wrappers are also known as Binders. Generally, games or other animated installations are used as wrappers because they entertain the user while the Trojan in being installed. This way, the user doesn’t notice the slower processing that occurs while the Trojan is being installed on the system—the user only sees the legitimate application being installed.

Reverse Connection in Trojans :

Reverse-connecting Trojans let an attacker access a machine on the internal network 

from the outside. The Hacker can install a simple Trojan program on a system on the 

internal network. On a regular basis (usually every 60 seconds), the internal server tries 

to access the external master system to pick up commands. If the attacker has typed something into the master system, this command is retrieved and executed on the internal system. Reverse WWW shell uses standard HTTP. It’s dangerous because it’s difficult to detect - it looks like a client is browsing the Web from the internal network.

Now the final part...

Detection and Removal of Trojans :

The unusual behavior of system is usually an indication of a Trojan attack. Actions/symptoms such as,

• Programs starting and running without the User’s initiation.

•  CD-ROM drawers Opening or Closing.

• Wallpaper, background, or screen saver settings changing by themselves.

• Screen display flipping upside down.

• Browser program opening strange or unexpected websites

All above are indications of a Trojan attack. Any action that is suspicious or not initiated by the user can be an indication of a Trojan attack. One thing which you can do is to check the applications which are making network connections with other computers.

One of those applications will be a process started by the Server Trojan.

You also can use the software named process explorer which monitors the processes executed on the computer with its original name and the file name. As there are some Trojans who themselves change their name as per the system process which runs on the computer and you cannot differentiate between the Trojan and the original system process in the task manager processes tab, so you need PROCESS EXPLORER.

Countermeasures for Trojan Attacks :

Most commercial antivirus programs have Anti-Trojan capabilities as well as spy ware detection and removal functionality. These tools can automatically scan hard drives on startup to detect backdoor and Trojan programs before they can cause damage. Once a system is infected, it’s more difficult to clean, but you can do so with commercially available tools. It’s important to use commercial applications to clean a system instead of freeware tools, because many freeware removal tools can further infect the system. In addition, port monitoring tools can identify ports that have been opened or files that have changed.

The key to preventing Trojans and backdoors from being installed on a system is to not to install applications downloaded from the Internet or open Email attachments from parties you don’t know. Many systems administrators don’t give users the system permissions necessary to install programs on system for the very same reason.

Making a Trojan using Beast v2.06

Download Beast v2.06 : http://www29.zippyshare.com/v/qVlgO9tt/file.html

& Follow These Simple Steps : 

1. Open the software you will get the screen as shown below.

2. Now click on “Build server “button.

3. Now in this window click on the notifications tab.

4. In the notifications tab click on the e-mail button.

5. Now In this window fill your proper and valid email id.

6. Now go to "AV-FW kill” tab.

7. Now In this put a tick mark on the “disable XP firewall ".

8. Now click on "EXE icon” tab.

9. In this tab select any icon for the file from the list or you can browse the icon from the directory and can use it.

10. Now click on the ”Save Server” button and the Trojan will be made.

11. Now send this Trojan File to victim.

12. As and when the victim will install the Trojan on his system you will get a notification e-mail on your specified email

13. id while making the Trojan. This Email consists of the IP address and port of the 

victim.

14. Put This IP address and Port in the place shown in the below snap-shot.

15. After That Click on the "Go Beast” Button and You will be connected to victims P.C.

16. Now select the action or task you want to execute on victims PC form the given list.

17. Now to destroy or kill the Trojan click on the “server “tab from the menu.

18. Now click on the “Kill Server “button and the Trojan will be destroyed from the victims PC.

19. You are Done Now.

Please Do Not Harm or Destroy any ones PC, This Tutorial is Only for Educational Purpose.