Trojans have been very relevant lately, as they are used everywhere :). And most importantly, they are very effective and simply indispensable in pulling the lameriugs :).
But usually everyone uses ready-made, it is not clear how made and crooked trojans that are pumped out somewhere in the internet ... But if you wish, you can write a trojan yourself, how exactly - read on.
Tired of pulling files using MAPI from a remote computer? We'll have to write a Trojan, but already controlled by the TCP/IP protocol.
Stealing Money with a Smartphone: Banking Trojans for Careless Users
Stealing money from bank accounts is becoming more and more common, with new stories constantly popping up on social networks and forums from people who suddenly found their bank account empty.
And if earlier the main tool of theft was a payment card, from which the data and PIN were "copied" somewhere, now it is quite possible to do without physical contact with it - it is enough to have access to a smartphone or a PC working with banking applications.
We write our Trojan from scratch
Hello everyone))) I agree that I am reinventing the wheel, but I want to do everything with my own hands without resorting to open source, etc. to improve your experience in Visual C++ programming. I want to be put on the right path.
So, the goal is to write a Trojan, namely a keylogger) to get a password from vk.com. Googled it. read the manuals for a couple of hours, learned the basic schemes for the penetration of trojans on the computer.
Writing a Trojan to steal a VK password
135 thousand passwords from accounts of the Vkontakte network turned out to be publicly available on the Internet. How could this happen to one of the most popular social networks on Runet is one of the most discussed topics in the Cyrillic segment of the World Wide Web. The Underwater World 2 application, currently blocked by the Vkontakte administration, planted a virus and stole passwords from more than 130,000 users.
How to hack a VK page?
The VKontakte service enjoys the highest popularity among hundreds of millions of users around the world. On vk.com, each person is provided with great opportunities: virtual communication, dating, viewing photos and videos of other people, uploading their own photo and video content.
numerous online games and applications on a wide variety of topics and much more.
USB Thief Trojan Uses USB Drives to Steal Users' Identity
ESET has announced the discovery of a new Trojan called USB Thief. It is notable for the fact that it uses removable USB media for distribution - external hard drives or flash drives.
The Trojan is launched exclusively from a removable USB device and leaves no traces in the system, and the user does not notice that data is being moved from the computer to an external drive.
7 Signs You've Been Hacked
Once upon a time, viruses were written for entertainment, to demonstrate the knowledge of their author. Now they increasingly serve purely practical malicious purposes: stealing passwords, sending spam, creating botnets, and so on. Such an infection can sit in your system for years and give almost no evidence of its presence.
Therefore, it is very important to know the main signs of infection.
If you receive emails saying that your password for some service has been changed while you haven't done anything, then this is a clear sign of an attempt or a successful hack.
Why is it so easy and simple for hackers to crack our passwords?
Cracking user passwords is one of the most widespread crimes on the Web, leaving DoS attacks and the creation of botnets far behind. Why is it so easy for hackers to crack passwords?
And it's all about the notorious human factor. The most important reason is that we subconsciously choose such passwords that are very difficult to guess and remember for strangers, but which a regular personal computer can handle "on time".
This music will last forever
About a year ago we wrote about the Trojan application Music VKontakte. At first glance, this is a music player for playing music from VKontakte on Android devices, created by third-party developers.
However, this player turned out to have additional functionality - it turned out that the application was stealing the passwords of users who installed "Music" on their smartphones and tablets.
ESET has discovered a Trojan stealing passwords from banking applications
User registration in the RIA Club service on the Ria.Ru website and authorization on other sites of the Rossiya Segodnya MIA media group using the user's account or accounts in social networks indicates acceptance of these rules. Comments can be edited on the websites of the Rossiya Segodnya media group, including preliminary comments.
The Russian developer of anti-malware and hacker attacks reports that at the moment the nature of the infection of social network users with the Trojan.RpcTonzil Trojan is becoming epidemic.
So, according to the Cezurity virus laboratory, today at least 50,000 VKontakte users are infected with this malware. This conclusion was led by the analysis of data obtained using Cezurity Cloud, a new generation of cloud-based anti-virus protection technology that is able to detect such threats by detecting anomalies in files. Most antivirus products are only able to detect certain modifications of Trojan.RpcTonzil. Computers running Microsoft Windows operating systems, both 32-bit and 64-bit, can be infected.
As a result of infection, attackers get a number of opportunities - from gaining access to accounts on a social network and then sending spam from hacked pages to stealing user personal data and SMS fraud.
The Trojan.RpcTonzil Trojan modifies computer queries to the DNS server. As a result, when trying to access a social network, the user finds himself on a phishing web page specially created by attackers, which imitates and is practically indistinguishable from the VKontakte page, which reports that the social network account has been hacked. The attackers offer to create a new password and verify that your mobile phone number is linked to your social network account. Users can be deceived by the address that is displayed in the address bar of the browser - it fully corresponds to the correct one and there is a feeling that the page really belongs to VKontakte.
The Trojan also blocks access to the websites of most antivirus companies and Microsoft's update servers. Thus, antivirus laboratories often do not have enough data to notice the spread of an infection. Separate variants of Trojan.RpcTonzil have been detected and detected by antivirus companies since the beginning of March this year. However, Trojan.RpcTonzil continues to spread today, and most antiviruses either don't detect the malware at all, or only detect some modifications.
The difficulty of detecting all modifications of Trojan.RpcTonzil is due to the fact that the Trojan program uses a rather complicated technique of hiding from antiviruses. At the same time, a Trojan program can get onto victims' computers in various ways. In some cases, infection can be prevented by behavioral protection mechanisms built into antiviruses.
"After infecting a computer, the Trojan exists only in encrypted form. Its decryption and autorun is carried out using a small modification of the rpcss.dll system library," says Kirill Presnyakov, Cezurity's lead virus analyst. "The Trojan uses an infection technique similar to the EPO (Entry Point) method. Obfuscation, a hidden entry point). is random."
Another possible obstacle to the detection and treatment of malware may be the geographic focus of the attack - the infection only harms users of Russian social networks.
"This Trojan is curious not as an example of infection techniques - the antivirus industry has long been familiar with similar methods," says Alexei Chaley, CEO of Cezurity, "rather, the history of the distribution of the Trojan well illustrates the situation in the antivirus industry. Thus, the malware has been known for three months, continues spread, however, most anti-virus products are either not detected at all, or they are not able to correctly cure a computer after infection.
08.05.2017 15:10
Doctor Web's specialists managed to detect new malicious activity that poses a threat to users of one of the most popular social networks in Russia, VKontakte. The malware is called Trojan.MulDrop7.26387 or MulDrop7 for short.
Cases of infection with this virus appeared quite harmless at first glance. Spam often began to appear in Doctor Web's official group on the social network. Moderators have previously successfully dealt with such entries, but the more often they appear, the longer it takes to delete it. Moderators were not always able to cope in time, which is why such spam lingered on the page.
Spammy entries appeared as comments on pages under various entries. In them, distributors offered users to download supposedly license keys for the Dr.Web anti-virus program, which are available completely free of charge. Those users who fall for such messages and want to use the keys offered will put their computer in very serious danger.
Most often, spam comments contain a short link that should provide the user with the same keys, but instead of them, a malicious program is downloaded to the computer. The link suggested in the comments leads to Rghost hosting. As soon as a person clicks on it, he is immediately shown an offer to download the RAR archive, which weighs only 26 KB. Naturally, it does not contain any keys for an anti-virus program, and in this way, attackers force users to download malware onto their personal computer on their own.
When trying to open the archive, the user will find that it contains the icon of a plain text document. The company's researchers managed to find several samples of malicious code, but they all turned out to be exactly the same. In order to hide malware from antivirus software, hackers repackage it every time. Thanks to this, the virus can spread for quite a long time and stay on the computer completely unnoticed. Detection occurs only after the next update of the virus databases and the entry of a new threat into them.
After a detailed study of the malware, Doctor Web's experts came to the conclusion that the functions performed by MulDrop7 are, for the most part, very funny. Although some of them can cause very serious harm. For example, after penetrating the computer of its victim, the virus establishes a connection with its control server and transfers to it all available information about the PC, including the presence of a connected webcam.
With the help of a Trojan, an attacker can perform functions such as displaying messages with pre-prepared text on the screen, restarting a PC, using a speech synthesizer to pronounce the necessary phrases, hide the Windows taskbar, open any page in a web browser, including those containing other malicious code, edit the system registry, make screenshots of the screen without the user's knowledge and transfer them to the system registry, download and run executable files, update the Trojan file, etc. Among the executable functions, there are also a few funny ones that cannot cause much harm. These include the ability to assign opposite functions to the mouse buttons, open and close the optical drive, turn off or turn on the monitor at any time, change the desktop wallpaper, etc.
The keylogger is one of the most dangerous functions of this Trojan. This means that MulDrop7 keeps track of which buttons the user presses when entering passwords and sends this information to a remote server. Thus, hackers will be able to get passwords from all user accounts.
The Trojan has another feature integrated that is used more for fun than for harm. MulDrop7 allows you to display terrifying videos on the screen at any time.
According to experts, novice hackers add such functionality to their virus programs for fun.
Sun skirt: types and how to wear it Black sun skirt with a T-shirt how to wear
Ground bird cherry Ground bird cherry cook
Own business: production of chips
How to care for your skin in spring Face masks in spring
Seizures in the corners of the mouth: causes and treatment in adults and children