Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: virus/ torjans

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    219

    virus/ trojans

    can anyone tell me any good use (ethical) of a virus or torjans??
    there must be some, as everything has some good sides...
    think over it!!
    Riya
    Now is the moment, or NEVER!!!

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Not really.

    Some viruses have been designed to "clean" other specific viruses off machines they infect. The main problem is, although they have no deliberately malicious payload, these viruses can still break your machine by accident.

    The so-called "Remote access trojans" - programs which invisibly provide remote access to a machine (sometimes while pretending to do something else) have no real legitimate purpose, as there are plenty of legitimate remote access programs which are not technically trojans.

    However, it is a fine line, things like VNC, which is used quite legitimately by many people for remote admin and other purposes, can be re-purposed as a RaT, or used as a component by remote access trojans.

    I guess the problem for AV companies is: where does a legitimate remote access tool begin and a remote access trojan end?

    You have to ask the question:
    - What was the author's original intentional use for the program?

    If it was good, it counts as a remote access tool, if it was bad, it counts as a remote access trojan.

    In principle, either may be used as either, but I can't see many sysadmins using (the likes of) BackOrrifice as a legit tool. The program is advertised as being useful for gaining unauthorised remote access, therefore, there's no guarantee that it ONLY grants this access to the user (i.e. backdoors in the backdoor seem quite likely to me )

    Slarty

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hello Riya

    Sit back and relax with a nice cup of tea whilst "uncle nihil" (or is it Remus) tells you some tales from his dark past

    A few years ago (quite a few) we were running Windows 3.11 for Workgroups, Office 4.3 and a Novell network. We had four Head Offices and were merging them all into a single huge one on a different site.

    One of my colleagues had a problem as he required that a certain progress report form that he sent to all the HOs and connected peripheral sites (17 of them). He created the form in MS Word, form protected it, and sent it out as a .dot (template) document. For some reason when the form came back, it had lost its form characteristics, and become a simple document (.doc) This made it difficult for Al to complete his parts of the form as the tab from field to field facility had been lost.

    I used a modified version of the MS Word proof of concept virus, and modified the macro detection program (I had dissected that and the "your code goes here" promps gave me the idea)

    It worked just fine and Al was a very happy guy

    I have also used "stolen" virus code to make registry changes and distribute code to remote sites when that was the best solution. To do it "properly" would have required desktop visits, 54Mb e-mail attachments and would have taken far too long. I did not have time to code it, so I stole (mea culpa, mea culpa). The modified "virus" code worked, and I was saved.

    A number of Admins who contribute here will write stuff that works just like a virus, to do admin tasks like this. I actually used modified live virus code, which I think proves the similarity beyond doubt?

    The moral is that it is the intent and effect of the code that makes it malware, not the code itself, and its functionality.

    Trojans are similar?..........not much difference between remote support software and a RAT/trojan is there.........other than that remote control is being handed over knowingly, and for good reasons.

    Hope this helps.............interesting topic BTW

    Cheers

    "Remus"

  4. #4
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    Isn't PC-Anywhere considered a good trojan? . I could be wayyyyy off lol.

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    A good trojan? PC-anywhere isn't a trojan, it's not run unnoticed.
    Actually things like Netbus, Sub7 etc. are just simple forms of PC-anywhere alike software, they only don't show up in the Task List (mostly).
    And a trojan doesn't necessarily has to be a backdoor, any software that does something else than it claims to do can be considered a trojan.
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    el-half,

    And a trojan doesn't necessarily has to be a backdoor, any software that does something else than it claims to do can be considered a trojan .
    I would say that is the correct definition.

    So all Windows Operating Systems are "trojans"?

    You just reminded me of a rather amusing piece "Is Windows a virus".........I must dig it out and post it in Tech Humour

    Cheers

  7. #7
    Senior Member
    Join Date
    Jun 2003
    Posts
    219
    do we need access to the other PC (remote access) if we want to access the PC having trojan?
    Now is the moment, or NEVER!!!

  8. #8
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    ? I'm a bit confused about what you're saying here?

    A Trojan which is a backdoor (like sub7, Netbus,...) has a client part and a server part, you put the server part on the computer you want control of and run the client part yourself.
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  9. #9
    Isn't PC-Anywhere considered a good trojan?
    Hmm, I thought it was considered a 'BAD' remote access program -
    But a 'trojan' seems to almost fit it better.

    It sits and runs on your computer, making you think you have a secure way to remote administer the system when in actuallity it is opening a large door that can easily be used by others for malicous behaviour that it doesn't claim to allow.

    I think you're onto something there Cybr1d...

    RRP

  10. #10
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    Actually, at my last job, we had a few users that we suspected of doing things that they were not supposed to do on their machines. Well, I could have set up a sniffer to watch those machines, but if the data was going in and out of the building on a floppy disk, it wouldn't have shown up on the sniffer. I could have installed VNC, but that would have made it pretty obvious that the computer had changed. What we eneded up doing was using (god I hate to admit this) sub7 to monitor their computer remotely. Only had it installed for 3 days. But it did its job.

    BTW... they were not doing what was expected, but we did find 2 file sharing programs and a crap load of porn...
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •