Trojans/Viruses Part I
Note: I wrote this tutorial for people who can't afford things like PC-Anywhere,
so that they can controll there OWN Pc from anywhere around the World. If you want to use
this tutorial to harm other People or similar, be advised, that this is illegal.
Welcome to this tutorial on Viruses. This tutorial is intended to show you how a basic
Virus/Trojan works, and what it can do. In this part I want to give you a small introduction
to trojan, and even teach you how a very simple Trojan would look like, and to make things as simple
as possible i will use Visual Basic to create this Program. (That doesn't mean that you need to know
Visual Basic, since the code is quite straight forward, and it should be possible to understand it
without any knowledge of VB)
Before i start on Trojans, i want to explain some words, which are quite important:
Ports:
Think of your computer as a city. Now, there are many highways leading to this city. Highway 1, 2, 3...
etc. Now, each entrance to 1 of the highways would be a "Port". There are 1000's of Ports, some of them
are reserved for applications, for example, Port 80 is reserved for your Web-browser.
Protocols:
Let's say you want information from a Webserver for example (in our example, another city) it has to arrive
in some form, which is the Protocol (Or a little delivery truck). They arrive on different Ports on your Computer,
like all Protocols for your Browser arrive at Port 80. There are many types of Protocols, but for this tutorial,
you only need to know 2 of them, the IP (Internet Protocol) and the UDP (User defined Protocol). As you might have
guessed, one is for Internet and one you can define yourself.
IP-Address:
Now, in our example, we are a city, and lets say another city wants to send us a Protocol (or a Porsche 911)
then we must let him know what City we are. Well in real life we would have a name like Frankfurt or New York,
but Computers have Numbers in this form: 192.68.0.1 for example. Each of the single numbers can range from
0-255, or: 0.0.0.0 - 255.255.255.255 This is just to identify every Computer/Server connected to the Internet.
Web-Sites also use IP-Addresses to identify themselves, but we never see them, we only see things like:
www.gmx.net and things like that. But these get translated into IP-Addresses by a DNS-Server.
Winsock:
This is a small Program from Microsoft, that can open up Ports on you Computer for Listening (Basically
telling them to wait for a Protocol) and send Protocols to other PC's, via IP-Address.
On to the actual Tutorial. A trojan is nothing more than a program on your Home Computer, that opens
a Port for listening and awaits instruction From your Computer at work, or whereever, and executes them.
Basically I could stop here, but i won't ^_^... You might have guessed that there are always 2 Programs
to a Trojan. The Trojan itself, and the "Remote". What the Trojan is able to do, is Totally up to you.
I would start with a trojan, that does nothing more than Show a Msg-Box, and the Remote sends nothing more than
the Content of the Message. (Like a small one-way Chat program). There might be a problem tough. A Remote needs
the IP-Address of the PC where the Trojan is on. The problem comes, when you reconnect to the internet. The IP-Address
changes (except you have a static IP-Address, which means, it never changes). So it might be wise to have a small
Input Box on you Remote so that the user can input the new Address. Well, a Trojan would be kinda useless if
it weren't able to send information back, would it? ^_^;; To send the information back, all you need to do is
open a Port on the Remote-PC (Doesn't need to be the same) for listening, and let the Trojan send Information
there.
Programs like PC-Anywhere have where complex Trojans, that are able to do all sorts of things (Downloading Stuff, Run
programs, etc.).
Hmmm, you might be asking yourself where the Code is? Well, while writing this tutorial I noticed I don't
need the code to explain it, but i will upload a sample code (written in VB) soon.