In association with heise online

20 July 2007, 12:36

Trojan creation for dummies

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An entry in the blog of antivirus vendor Panda Software describes how this toolkit makes creating Trojan horses with arbitrary characteristics using just a few mouse clicks. Although virus construction kits are nothing new, the functionality and simple interface of this toolkit elevates it beyond the herd of common tools.

According to Panda, Pinch Builder offers a choice of various programs whose passwords the Trojan can steal from infected systems, including ICQ, Trillian, Mozilla, Opera, various FTP programs. Incorporated tools can also obtain credentials from protected Windows environments such as users’ Internet Explorer and Outlook passwords. It is also possible to specify additional spyware functionality, for example to read keyboard entries, create screenshots or to log files sent via Internet Explorer. How and where the gathered data is to be sent can also be specified: either via HTTP or SMTP. There is only one obstacle. In the configuration dialog, a user must enter his own values instead of the default values for target systems.

It seems it is also possible to turn a Trojan generated with Pinch Builder into a proxy, for example to launch attacks on other systems without being detected or to send spam mails. The virus constructor can also supply the Trojan with a backdoor function and an IRC bot module with just one click. Current conditions on Windows PCs are also taken into consideration. Pinch Builder provides some self-protection for the Trojan via the ability to switch off selected processes or antivirus programs – even stealth functionality can be integrated.

Once all ingredients have been selected, one click on the compile button is enough to create the Trojan and to unleash the exe file into the world. The toolkit bundle also includes a parser to facilitate the analysis of data gathered by the Trojan and sent to a web server. While Panda does not provide any information on the detection rate of the malware generated by version 2.60 of the toolkit, a dummy Trojan created in a heise Security test with version 1.0 (9 KB, with password theft for numerous applications) was detected by all major virus programs.

Panda does not give a price for the toolkit, but bearing in mind that the Web attack toolkit MPack is available for less than 1000 dollars, it might turn out to be quite affordable.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit