2. Remote Access Trojan / Remote Administration
Tool.
It is a malware program that provide a back
door for administrative control over victim’s
computer.
3. Client/Server model.
Server Program, Client Program
Type of Port listening
o Active Listening
o Passive Listening. – Most frequently used.
4. File Binders. (txt,mp3,mp4,jpeg,mpeg,docx)
JAVA Exploit.
Autorun.ini
Email Attachment.
Games or s/w setup program.
5. Trojan program uses set of API’s. For eg. in
vb System.Net , System.Net.Sockets.
AV keeps the database of this API calls.
Our AV program’s sends source code of
suspicious file to their database.
From HoneyPort sites such as virustotal.com
over more than 43 multi AV scanner.
6. Crypting techniques :
o Fake API calls.
o Changing Entry points.
o Changing variable names.
o Including Payloads.
Private RAT versions.
Crypters and Stub programs.
o VB crypters and Java crypters.
o Private versions and Public versions.
Manual Hexing.
Changing ICO file.