1.Making use of a Trojan Horse Construction Kit, a new Trojan packet is created.
2. A Dropper is created; this is part of the malicious code in the trojanized packet which is to be installed on the target.
3.Making use of wrapper tools to create a wrapper and have it installed on the victim’s computer. Tools that be used are: Graffitti.exe, Elite Wrap etc.
4.Transfer this Trojan to victim’s computer. It can be done via using normal means like pen drive, floppy etc and copy it to victim’s computer or they can be spread using emails, chats, network sharing etc.
5.Execute or run the dropper, using this dropper the malware is disguised making the victim feel that the application or link is genuine. After the victim’s computer is infected with one malware, it then helps other malware and unwanted programs to be installed on it.
6.Finally execute the damage routine, which means that do the action that the Trojan actually wanted to, like copy some files and send to attacker, delete important files or even format the hard disk of the victim.
execute The above picture demonstrates the steps taken by an attacker. The Attacker, making user of a Dropper, take a Trojan and combines it with a Funny Video Clip and shares it you as a Gift. Once the victim open that video for viewing, the dropper will drop the Trojan on the system and then it may be executed to cause damage.
are tools that help a Trojan to be bound with a genuine looking application. When this wrapped exe or image is clicked, the main Trojan is installed on the victim’s computer in background while in foreground the wrapper application is being installed. Wrappers are also known as guleware, as it sticks other application or exe’s with itself. Some wrapper programs are: Kriptomatik, SCB Lab’s Professional Malware Tool.
Hackers use some techniques to avoid being caught by the anti-virus programs:
– Do not uses downloaded Trojans from web
– They write own Trojans
– Rename Trojan files to different application names like :
Exe to vbscript
Exe to .xls file
Exe to ppt
Exe to mp4
– The checksum value is changed so signature does not match and IDS cannot detect it – Send multiple parts than once on the target system are combined to make one Trojan file.