Saturday, February 16, 2013

How to Make a Trojan Horse


How to Make a Trojan Horse

How to Make a Trojan HorseMost of you may be curious to know about how to make a Trojan or Virus on your own. Well, here is an answer to your curiosity. In this, post I’ll show you how to make a simple trojan on your own using C programming language.
This trojan when executed will eat up the hard disk space on the root drive (The drive on which the Windows is installed, usually C: Drive) of the computer on which it is run. Also, this trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run.
So, I’ll call this as Space Eater Trojan. Since this program is written using a high level programming language, it is often undetected by antivirus programs. The source code for this program is available for download at the end of this post. Let’s see how this trojan works:
Before I move on to explain the working of this program, you need to know what exactly is a Trojan horse and how it works. Unlike what many of us think, a trojan horse is not a virus. In simple words, it is just a program that appears to do a favorable task but in reality performs undisclosed malicious functions that allow the attacker to gain unauthorized access to the host machine or cause a damage to the computer.

Now lets move to the working of our Trojan:

The trojan horse which I have created appears itself as an antivirus program that scans the computer for malware programs. However, in reality it does nothing other than eating up the hard disk space on the root drive by filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result, the the root drive gets filled up completely with in minutes of running this program.
Once the disk space is full, the trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any of the cleanup program. This is because, the trojan intelligently creates a huge file in the Windows\System32 folder with the .dll extension. Since the junk file has the.dll extension it is often ignored by the disk cleanup software. Hence there is now way to recover the hard disk space other than reformatting the drive.

The algorithm of the Trojan is as follows:

1.    Search for the root drive.
2.    Navigate to %systemroot%\Windows\System32 on the root drive.
3.    Create the file named “spceshot.dll“.
4.    Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full.
5.    Once the drive is full, stop the process.
You can download the Trojan source code HERE. Please note that I have not included the executable for security reasons. You need to compile it to obtain the executable.

How to compile, test and fix the damage?

Compilation:
For step-by-step compilation guide, refer my post How to compile C Programs.
Testing:
To test the trojan,  just run the SpaceEater.exe file on your computer. It will generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up the hard disk space.
NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.

How to fix the damage and free up the space?

To remove the damage and free up the space, just type the following in the “run” dialog box:
%systemroot%\system32
Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.
 NOTE: You can also change the ICON of the virus to make it look like a legitimate program. This method is described in the post: How to Change the ICON of an EXE file ?
Please pass your comments and tell me your opinion. I am just waiting for your comments…

No comments:

Post a Comment