Chapter 1 - 03 - Define Malware and its Types - 09_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Creating a Trojan ° Trojan Horse construction kits help attackers to construct Trojan horses of their choice @ The tools in these kits can be dangerous and can backfire if not properly executed Trojan Horse :. Theef RAT Trojan Construction Kits Theef is a Remote Access Trojan written in Delphi. It allows remote DarkHorse Trojan Virus Maker Trojan Horse Construction Kit Senna Spy Trojan Generator attackers access to the system via port Batch Trojan Generator 9871 Umbra Loader - Botnet Trojan Maker yright © by All Rights Reserved. Reproduction is Strictly Prohibited Creating a Trojan Attackers can create Trojans using various Trojan horse construction Trojan Virus Maker, and Senna Spy Trojan Generator. kits such as DarkHorse Trojan Horse Construction Kit Trojan horse construction kits help according to their needs. These tools New Trojans created by attackers scanning tools, as they do not match to succeed in launching attacks. = attackers construct Trojan horses and customize them are dangerous and can backfire if not properly executed. remain undetected when scanned by virus- or Trojanany known signatures. This added benefit allows attackers Theef RAT Trojan Theef is a Remote Access Trojan written in Delphi. It allows remote attackers access to the system via port 9871. Theef is a Windows-based application for both client and server. The Theef server is a virus that you install on a target computer, and the Theef client is what you then use to control the virus. Module 01 Page 45 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Figure 1.3: Screenshot of Theef RAT Trojan Some additional Trojan horse construction kits are as follows: DarkHorse Trojan Virus Maker Trojan Horse Construction Kit Senna Spy Trojan Generator Batch Trojan Generator Umbra Loader - Botnet Trojan Maker Module 01 Page 46 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Trojan Example: Emotet O Emotet is a banking Trojan which can function both as a Trojan by itself or as the downloader and dropper of other banking Trojans QO Itisa polymorphic malware as it can change its own identifiable features to evade signature-based detection Prom: CUAtomer Gewaylerva €1 (8 [Maito (ATomer Gemayieryaes (a) Monday Aped 16 [ Subject: Mecopt Confimaton 84119160V [UNSCANNED) ransaction Status: N L Shipped! Hi _ RTINS - 2018 11 0% AM 16 Aprfl I - Sent: » Yo b [Corvgtn, Vet Hnriack et m e - m W R T £l v.A- = - E-E =B Beem F BE ] NS e [T -9 s S— AaBb iyl AaBSG. Ae Smesre 11109120 ARSY A rre DT | Your transaction processed successfully It's an official confirmation for your order. Please check the invoice to update your stuff shipping day. Password to access Invoice:722 Thanks for using our service! ® L !(Pl wemt 2 7D Soaam wm hrps:/fwww fortinet.com Copyright © by E L. All Rights Reserved. Reproduction s Strictly Prohibited Trojan Example: Emotet Source: https://www.fortinet.com Emotet is a revolutionary malware that is designed with a modular architecture, where the main programs are installed first before the delivery of other payloads. It is also considered as a dropper, a downloader, and a Trojan by security analysts. It is a polymorphic malware, as it can change its own identifiable features when downloaded so that it can elude signature-based detection and other antivirus programs. Emotet is usually a banking Trojan that can function both as a Trojan by itself or as the downloader and dropper of other banking Trojans. It has been employed as a dropper/downloader for well-known banking Trojans such as Zeus Panda banker, Trickbot, and Iced ID to infect victims globally. Although it is a Trojan, Emotet has advanced persistence techniques and worm-like self-propagation abilities, which make it uniquely resilient as a destructive malware that could jeopardize individuals, companies, and government entities globally. Module 01 Page 47 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 From: customerGewayservicesca [maito customer@emayservices ca) Semt: Morday. 16. 2018 11 0% AN To: Subject: Recept Confirmation #417916MV [UNSCANNED) ransaction Status: Shipped! 16 April 11109121 ARSY It's an official confirmation for your order. Please check the invoice to update your stuff shipping day. eWayServices.ca! Password to access Invoice:722 Thanks for using our service! Figure 1.4: Spam email with malicious content distributing Emotet ‘@A 0l DV 57 ome B 7 Paste Clipboard PAYOSTISTA6167553 doc [Compatibility Mode] - Microsoft Word Mome | Intert 7% U Pagelayout o - ae AW x' x, Font References 3 M 4AF Mailings Review ECIER AW € -! 0 RE E Paragraph View O - Developer m o Format T e acsscr AaBbC AaBDG BookTitle Emphasis Headingl Heading2 0 Styles ® SR g;‘;::_‘ O m | @ Setect * Eciting been. | _ ] To open the document, follow these steps: This document is only available for desktop or laptop versions of Microsoft Office Word. Click Enable editing button from the yellow bar above - Once you have enabled editing, please click Enable content button from the yellow bar above Page:1ofd | Words0 | 5 | I [EEEEX Figure 1.5: Malicious Word document used for installing Emotet Module 01 Page 48 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.