|
-
November 4th, 2003, 03:09 AM
#1
trojan experiment
So I was cleaning up a computer today and found out that it had been taken hostage by w32.ircbot.gen.... it creates a hiddin mirc window yadda yadda zombie "0wn3d" if you will. After a little poking around I found the irc network and channel that it joined (witch was dead) And I thought it might be a good idea to setup one of my p2s outside of my actuall network and invite the trojans in (wile packet sniffing....if i can). My question to everyone is how would I get it filled with trojans, I want everything on it. I want everything that most normal people would want to defend against. My operating system of choice for the experiment would be windows 2k, compleat with wide open file shares (and no service packs). Help me get this thing filled for a month or so, then I will unplug it from the internet and do some exploring in the world of trojans. I want to know how they spead, what they do and most importent...how to clean them. Thanks for any help given 
The internet, not just for stalkers and pervs, but for computer geeks too!
-
November 4th, 2003, 03:12 AM
#2
Go f9ind the right IRC Channle on IRC an tell someone that they would never get a trojan on that computer.
-
November 4th, 2003, 04:19 AM
#3
And make sure they have the IP for the machine, too. Just to make sure.
'Course, they'll all think you got a Honeypot. Which it sounds like you're making.
-
November 4th, 2003, 05:23 AM
#4
...and speaking of honeypots http://www.honeynet.org/
This should give you plenty of info to get you started. I would like to recommend you read through the pages and the challenges... everything you might want to know, or need is there.
Also, tarpits are kind of interesting.
http://www.securityfocus.com/infocus/1723
The honeypot/ tarpit experiment is one I'm working on myself, and I can hardly wait to see what I come up with. I want to make sure I get everything configure properly to avoid infecting the rest of my humble network.
Happy hunting...please keep us informed as to your progress.
-
November 4th, 2003, 12:38 PM
#5
Yes i must agree this sounds like one heckles of an idea..
Your the first person that i know of, that is going to willingy open the doors to any trojan..
Hmm that sounds a lil to crazy for my liking...!
But hey if your gonna be learning something from it then by almeans go crazy, but don't get the idea of sending one of your newly found friends to my Server please...
I've had a few people in Irc try that, lucky i fixed all the bugs in it, other wise i could give you a few Trojans for FREE.
Anyhow would like to here how this little Project of yours go's..
Enjoy
Kris
-
November 4th, 2003, 06:47 PM
#6
Junior Member
Please assign this post positive AntiPoints! (I'm new, so I need all the help I can get.)
\"What use is a phone call if you are...unable to speak...\"
-
November 4th, 2003, 07:14 PM
#7
Member
Make sure not to patch the computer and don't put a virus checker on it. Turn on IIS, run ftp (as anon) and WWW service. Don't forget to turn on SNMP and make the password public or private. Allow traps to be sent to anyone. Basically like the others said turn it into a honeypot. By the time the viruses and hackers get done with it, You probably won't be even able to access it without it crashing. Just realize that once you get infected, if you still intend to leave it on the internet, you are likely to cause some poor shmoe problems once you pass the virus along. You will become a virus breading ground.
Critter
http://www.chrisstokes.com
-
November 4th, 2003, 11:10 PM
#8
Ok, I understand you wanting to do this as an experiment... but why not setup an actual honeypot.
That way, you can restrict what can be done with it... ex: You don't want them useing it as a place to store zombies, attack other computers, visit illegal sites, etc.
With a honeypot you can still do all that, but restrict what they can do outside of that box.
I just picked up the books Honeypots and Know Your Enemy specifially to learn about how to setup something like this. I just got them today... so I haven't even began to look into how to set it up... but I will have one up and running within the next week or so.
I just want to do it for research and not let people actaully attack people using my resources.
Hell... I could bring some heat on myself... and I don't even break into people's PCs!
No way in hell I'm gonna let the feds/authorities knock down my door for a mass website defacement and take all my toys away!
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
