How to Make a Trojan Horse ?
The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the Windows\System32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.
- wiki
The Algorithm of The Trojan:
1. Search for the root drive.
2. Navigate to WindowsSystem32 on the root drive.
3. Create the file named “spceshot.dll”.
4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full.
5. Once the drive is full, stop the process.
You can download the Trojan source code here. Please note that I have not included the executabe for security reasons. You need to compile it to obtain the executable.
How to compile, test and remove the damage?
Compilation:
How to install Borland C++ compiler?
1. Download Borland C++ compiler 5.5 (for Windows platform) from the following link.
http://www.codegear.com/downloads/free/cppbuilder
2. After you download, run freecommandlinetools.exe. The default installation path would be
C:\Borland\BCC55
How to configure Borland C++ compiler
1. After you install Borland C++ compier, create two new Text Documents
2. Open the first New Text Document.txt file and add the following two lines into it
-I”c:\Borland\Bcc55\include”
-L”c:\Borland\Bcc55\lib”
Save changes and close the file. Now rename the file from New Text Document.txt to bcc32.cfg.
3. Open the second New Text Document (2).txt file and add the following line into it
-L”c:\Borland\Bcc55\lib”
Save changes and close the file. Now rename the file from New Text Document (2).txt to ilink32.cfg.
4. Now copy the two files bcc32.cfg and ilink32.cfg, navigate to C:\Borland\BCC55\Bin and paste them.
How to compile the C source code (.C files)
1. You need to place the .C (example.c) file to be compiled in the following location
C:\Borland\BCC55\Bin
2. Now goto command prompt (Start->Run->type cmd->Enter)
3. Make the following path as the present working directory (use CD command)
C:\Borland\BCC55\Bin
4. To compile the file (example.c) use the following command
Command to Compile C Program
bcc32 example.c
5. Now if there exists no error in the source code you’ll get an executable file (example.exe) in the same location (C:\Borland\BCC55\Bin).
6. Now you have successfully compiled the source code into an executable file(.exe file).
Testing:
To test the Trojan, just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.
NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.
How to remove the Damage and free up the space?
To remove the damage and free up the space, just type the following in the “run” dialog box.
%systemroot%\system32
Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.
NOTE: You can also change the ICON of the virus to make it look like a legitimate program.
This method is described in the post: How to Change the ICON of an EXE file ?
1. Goto www.shelllabs.com and download the trial version of Icon Changer and install it (Works on both XP and Vista).
2. Right-click on the exe file whose ICON is to be changed.
3. Now you will see the option Change Icon. Click on that option.
4. Now the Icon Changer program will open up.
5. Icon changer will search for all the ICONS on your system so that you can select any one of those.
6. Now select the ICON of your choice and click on SET.
7. Now a popup window will appear and ask you to select from either of these two options.
* Change embeded icon.
* Adjust Windows to display custom icon.
Select the first option (Change embeded icon).
8. You are done. The ICON get’s changed.
Please Post Your Comments.
Sat Nov 15, 2014 8:19 pm by chaoske
