Welcome, Guest | RSS
Friday, 10.20.2017, 4:29 AM
Main » Files » Hacking tutorials

Hiding places for Trojans
11.25.2009, 6:52 PM
Exotic operating systems:

These operating systems or more accurately file systems are great places to hide, since they cannot be read at all by the native operating system, they will appear as unpartitioned areas of the hard disk or (In some cases) not at all (See hard disk under size reporting) Popular favorites for the Trojans are OS2 (IBM?s file system) Hidden NTFS, A variant of Microsoft?s NT File system. And Linux-Unix variants, many others (About 30 in all) are available to the Trojan.



The Windows Registry:

The Windows registry is a hodge-podge collection of software settings and data that is crucial to the functioning of the windows computer. It acts as a database for the Operating system, the hardware, and the application programs, it is also a storage place for security settings and user information. Casual computer users are rarely aware of this data storage and are strongly cautioned (Quite rightly) from ever browsing its contents, or changing anything in them. Nevertheless, ordinary users can access this data, albeit via a round-about way. (Its not dangerous to look at this stuff just don?t change anything unless you know what you are doing)



Start--- Run--- C:\WINDOWS\system32\reged t32***** --- OK

For Windows 2000 & 2000 Pro

Start--- Run--- C:\WINNT\system32\regedt3 2***** --- OK

For Windows XP Home and XP Pro



This database is accessible by the Trojan too. It has many powerful uses for Mal-Ware especially during a so-called ?escalation of privileges? operation. A tweak to one ?Key? in the registry for example can add a program name to be executed at the next boot-up. There are a zillion other things the Trojans can do in here but we are digressing from the subject which is storage and hiding places. Since few dare to tread these Registry paths, The Trojan Masters have deemed it an excellent place to store data. We have seen quite large binary files stored here. In some cases, the Trojan operators being confident that no one would be browsing the depths of this complex structure even post ?plain text? notes to their colleagues.



Print Spooler:

Part of the Windows operating system, Print Spooler accepts data from any application destined for the printer. It stores the data then feeds it to the printer at the printer?s own pace. Meanwhile your application moves on to other things. This Storage area which is a locked file or an area of RAM can be usurped for the storage of Trojan material. A modified version of the Print Spooler can, under certain circumstances, be used to temporarily store Trojan data in the printer itself then read it back later. (Excellent for re-Inserting a Trojan after a Re-Installation ?Nuke?)



USB Devices:

There are hundreds of USB devices: cameras, storage ?Dongles? printers, scanners, hubs, and so on. Many of these devices offer RAM or EEPROM storage opportunities for the Trojan Masters. The EEPROM chips described in detail elsewhere are particularly valuable for the storage of Mal-Ware since they are non-volatile and can survive ?Power Down? periods. They are also almost impossible to view or remove without special software tools from the manufacturer of the device.



System Volume Information:

On every hard disk volume or Logical drive on your system there exists a portion of hard disk space reserved for the file system. This area known as the ?System Volume Information? area is about 8 megabytes in size. Quite a large area by Trojan Master standards. It does, of course, have a legitimate purpose for the file system, acting as an index for files and directories. Nevertheless, as can be expected, the Trojan Masters have made good use of this very hard to access area.



Let us not forget the traditional places like the hard disk boot sector and some of the newer places like the Over-Burn area on all of our CDs.
Category: Hacking tutorials | Added by: h4ckz0r
Views: 1703 | Downloads: 0 | Comments: 96 | Rating: 0.0/0
Total comments: 0
Name *:
Email *:
Code *:
Copyright MyCorp © 2017 | Free website builderuCoz