Trojan Software Vector
Trojan software vectors or simply Trojan vectors are files that are created for spreading Trojans. Some people also call them as Trojan backdoor and virus vectors. No matter how many names you give them the real motive of Trojan vector is spreading Trojans by means of files. Here we will have a theoretical view on some of the methods and then study them one by one in upcoming posts I.e how to create and counter them. Following are some methods by which a Trojan vector is created.
As the name suggests the original extension of Trojan file is hidden, the file remains a Trojan file only extension appears different. Extension hiding is done in two ways,
False Linking or Fake shortcut
In extra spacing file’s extension is kept as it is but file’s name is appended by 100-150 spaces, for example
above file will appear as virus.TXT to victim because your system shows only first few characters in file. If victim is not aware of this trick he/she will surely click it and execute Trojan virus.
Now look at image the courier no.TXT is not really a text file. Its icon is changed using resource hacker, its an executable file with hidden extension. Next thing when hacker uses this trick he never forgets to bind a real text file with it so that when the victim runs it Trojan runs in background and text file appears in fore ground. Precaution to this, is right click on folder and select group by type. By doing so even if hacker hides executable extension, file will appear in group of executable files thus you’ll know that file is suspicious.
False Linking Or Fake Shortcut:
In this method hacker changes extension of Trojan file and then creates shortcut to file, in which he specifies shortcut to run file as executable file. We will discus this method in brief later with practical demonstration.
In this method an executable file is bound with any other file. Other file may be executable file, image file video file absolutely any file. The output file name might be the extension of bound file and not the Trojan file. Different methods of binding are,
Exe only binding
Batch Extension Hacking
Iexpress is inbuilt tool in windows operating system. Main motive of this tool is loss-less compression and packing of different files in same self extraction archive. This tool can be used to bind Trojan and virus file along with legitimate file. We will cover it later with practical demonstration.
Executable Only Binding:
In this method two files are bound but both files are executable. This is one of the most used method for Trojan circulation. Most Trojan creating clients offer this feature by default.
Batch Extension Hacking:
In this method a batch file is created to hide Trojan file and a legitimate file is kept with it. When batch file is run it executes both Trojan and legitimate file.
SFX volumes is abbreviation of Self Extraction Volumes. They work same as Iexpress binding but don’t get caught while scanning because they can be password protected and can even be encrypted.
Other methods of vectoring Trojan includes creating an autorun file and Trojan worming.
Autoruns are files with name autorun.inf and are usually found in CD/DVD-ROM with software and videos. Sometimes they are automatically created by operating system when you double click on pen drive if autorun option is enabled. Autorun making tools are available but believe me autorun file making is so easy you’ll hardly need any tool, type following commands in notepad and save it with autorun.inf name and your autorun file will be ready,
Your virus file will execute as soon as someone opens pen drive or CD/DVD-ROM with double click. A countermeasure is never open pen drives or CD/DVD-ROM by double clicking, right click on them and explore or better use folders option to navigate also disable autorun option from control panel.
Trojan worming is a method by which a Trojan is modified to act as worm. It can be done using a batch script or using some ready made software.
In future posts I ‘ll try to cover each and every method practically. I hope you enjoyed reading. Thanks for reading and keep visiting.