Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Undetectable Trojans???

  1. #11
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Oh come on guy's Port 5000 on a Win system!!!

    UNIVERSAL PLUG AND PLAY..

    Check if that is enabled.. if the OS is WIN-XP the you have two services to disable..

    UPNP is one SSDP Discovery is the other.. disable these and port 5000 shud be closed..


    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #12
    Banned
    Join Date
    May 2003
    Posts
    1,004
    I know of no... um COTS(? heh) trojans that are undetectable.
    This is by the definition of a trojan being something that looks good to the client so they invite it in.
    It is however possible to backdoor a system in a manner that would be undetectable by all current detection methods so long as the system is running any services.
    I have seen this done to a linux system.

    steps.
    1. The box was rooted.
    2. trojan the kernel
    3. trojan the compilers so that all future kenels are also trojaned
    4. trojan tripwire
    5. trojan whatever service (ideally ssh/https) you want to piggy back
    6. you can even include a very minor trojan on the nic cache, but this is likely overkill

    This is one of the serious drawbacks of open source everything. Not looking to start a flame war, I know open source has many fine qualities as well, this just happens to be a downside.

    catch

  3. #13
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    It is quite possible that a trojan could make itself extremely difficult to detect.

    It would modify either the C library or the kernel such that the view of the filesystem was modified in the following respects:

    - Any inspection of the modified files showed them not having been modified (despite the fact that they are)
    - Any files belonging to the trojan itself would be invisible
    - Any directories it had created would be invisible
    - Any boot scripts needed to start it up (or registry on windows) would appear unmodified.

    Essentially, once installed, it alters the system to make it look like it isn't. This is technically feasible (if not terribly easy), and some Linux kernel rootkits do do this. Also there was a Windows trojan reported which also used such techniques (although not very successfully - as it bluescreened boxes)

    Additionally, given administrator/root privileges, it could identify any known virus checkers running and prevent them from working although this would be unnecessary if the above steps were entirely effective.

  4. #14
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    There are trojans which can be EXTREMELY difficult to find, some of these are LKM's(loadable kernel modules) on linux or the newly emmerging thing on Win32 machines is kernel hacking or rootkits. See http://www.rootkit.com/ for more.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  5. #15

  6. #16
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    Hmmm...a custom designed Trojan would be undetectable....coz it would be the first and only of it's kind...although it's behaviour might ring some bells.....but generaly, I don't think a generic of-the-net Trojan is undetectable...it might be hidden, but AV's and Hunter-seeker programs find em pretty quick..

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  7. #17
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    I know about some proof-of-concept trojans (not very functionals but proving that the idea can be done) on various systems (I heard about Linux and Windows) using the 2nd OSI layer instead of higher layers in order to bypass firewalls, netstats and such detections technics.
    Real trojans communicating through this way would be currently undetectable if they wouldn't be known by AV softwares. Which is often the case with recent trojans.

    KC
    Life is boring. Play NetHack... --more--

  8. #18
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Well What was his problem then guys?

    is it an undetectable trojan or is it normal M$ security holes?

    because that is his question..

    PSE not I am not attacking the comments in this thread, this information is gud and handy.. just trying to keep the thread on topic to help ..


    cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  9. #19
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    Ah... an undectable trojan would be one that comes along with a virus to totally fsck up a large list of AVKits.

    You can make it so the AVKit becomes simply useless, or have it so that it will simply skip the folder that you install this trojan/backdoor on. Or make it, so even if its manually forced to scan that folder, it won't pick it up (only the particular backdoor/trojan your using).

    That would be quite bitchin', and be hell to fix up.
    ...This Space For Rent.

    -[WebCarnage]

  10. #20
    Senior Member
    Join Date
    Aug 2001
    Posts
    267
    There are Key Loggers that are NOT detected by AntiVirus.

    Do they count as a 'Trojans' ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •