How Hackers make a Trojan or Keylogger almost Fully Undetectable


These days, many hackers know that crypting a trojan, keylogger, or infectious file with a public crypter gives pretty crappy results. Here, we will look at taking a different approach. In the programming world, many developers pay an arm and a leg to make sure their competition cannot reverse engineer their programs and copy them. It is also used so their programs cannot be cracked by people with certain tools. They use certain tools that make sure other reverse-engineering programs cannot spy into the inner workings of their applications. Well, here we are going to look at how hackers can use some of the same technology to block Antivirus from looking into their infectious files. This way, the trojan/keylogger/whatever doesn’t throw up a red flag with the victim’s AV.

Warning: I would highly recommend that if you are thinking of messing around with Viri, Trojans, and generally with hack programs, where you are unsure of the origin… You may want to make a sandbox Virtual Machine. Then, when your creations get out of control, you can just trash the VM and load a fresh image. Smart, eh?

This is not fool-proof. It will produce good results most of the time, but not all of the time.

First, you will need a Privacy Protection Software.

For this demonstration, we will propose that the hacker is using: PC guard for win32.

If you wish to test such an initiative, I will only say: “google is your friend.”

How it is Done:

Infectious File Location -> (The hacker tells it what the infectious file is)

FUD-1

Then -> General

FUD-2

Security & Encryption

FUD-3

Protection Method

FUD-4

and we are done !

Results:

(Here are some reputable virus scans of files done this way)

Poison Ivy virus done this way:

FUD-5

Bifrost Trojan done this way:

FUD-6

I hope this helps all readers become more aware of ways your computer and antivirus can be manipulated and blinded.


Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *