Magnus:Hackers are getting trojans to be undetectabl by Trojan Hunter

Discussion in 'other anti-trojan software' started by Nightstaar, Jan 30, 2003.

Thread Status:
Not open for further replies.
  1. Nightstaar

    Nightstaar Guest

    To Magnus you probably already know about this but in case you didnt i thought you know! its on a German cracking site that somebody mentioned on IRC Last night


    Link removed by Admin. Please don't post links to crack sites, it is against the TOS of this board. ~ Unicron

    it says it works with any trojan, is this ok. hackers add something to the end of a trojan file and then TH cant detect it :( I didnt try because im afraid to download trojan to test because i already have virus on this computer and its my friends computer!! My question: Im using Trojan Hunter 3.0 but the letter says 3.01. am I infected or is it only 3.01 that they talking about. I Also still have Trojan Hunter 2. can I keep that for twice protection or do i need to uninstall 2, but i think it has expired!

    Also please help what firewall do you advice using with Trojan Hunter? I have been told to get Tiny. I use Zone Alarm but im having problem with it. :( I will use the firewall you advice is the best for Trojan Hunter.

    THANK YOU a lot for your help and Trojan Hunter. Sorry for bad English it is only my third language! You from Sweden so you know how it feels! I will get my friend to write my better English if this is too bad but I hope you can read it OK. Thank you.
    Lee (Nightstaar on efnet IRC)
     
  2. xor

    xor Guest

    I think this will not more a problem in the new version :D

    Сожалея о плохом Английском языке но это - не мой родной язык :D

    oh it does not support russian... :eek:
    [-xor-]
     
  3. jamming

    jamming Guest

    The explaination given to you does not make sense since that is not even one way Trojan Hunter detects trojans. Some Trojans will make it pass a scanner but it doesn't mean when they activate that, they are safe to run. Anyone can claim anything on a board, doesn't mean its true. I would take anything said on a cracking board as not worth much, until you can know for sure. :cool:

    TH 3.01 is the present version of the TH 3.0 Series.
     
  4. Nightstaar

    Nightstaar Guest

    THANK you guys

    Hi jamming thank you! but it seemed there was a lot of proof in the letter including source code and mathematicals. it would be nice to somebody with trojans could test it as it would be nice to have several opinions :) Thank you. I will download 3.10 now

    what about my Firewall question where should i download a good one fromo_Oo_O? that is free

    Thank you
    Lee (Nightstaar on efnet IRC)
     
  5. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Re:THANK you guys

    Hi Nightstaar, let's leave the testing to Magnus, I'm sure he is aware of the site. After all no one is more qualified than he is with TH. No need to expediate the rate at which such information spreads.

    As far as Firewalls go there are many fine free firewalls available, some of which are rules based, some are application based. For the most part, personal preference had varied among even the most expericenced users.

    My best advice is to keep trying different ones to you find something you like, and learn what you can in the firewall forums to help decide on the merits of each.
     
  6. jamming

    jamming Guest

    What Unicron, said is good about Firewalls, I prefer a stateful inspection like Zone Alarm, the True Vector Security Engine is designed to fail into the off position. But that is my preference and there are many good rules based firewalls, many are represented here. I also use a NAT Router in addition to my firewall which I find the combination of the two plus other security measures I take, have enough of a deterrent, so that crackers go looking elsewhere for easier targets.

    As to these boards, I find no more than half of what they say to be useful factual information. Usually because they are operating on false assumptions, there is a lot of hype. No one is going to claim a particular product stopped them dead and they have no idea on how to get around it. :D
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Nightstaar - You might want to try posting your question on the TrojanHunter forum itself (Magnus has his own board):

    http://www.misec.net/forum/

    HTH Pete
     
  8. khan

    khan Guest

     
  9. wiseguy

    wiseguy Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    15
    WOW!!! I just read the article.
    It looks real to me. :eek:

    So, is it all true Magnuso_Oo_O?? o_O o_O o_O

    If so, this is a BIG Blow to TH3!! :'(
     
  10. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Not to worry. On another board, Magnus indicate everything was covered. He was not taken by surprise and it isn't nearly as dramitic as it seemed at first.
    Don't ask what other board. If I told you, I would have to cut off you left pinkie. :D
     
  11. jamming

    jamming Guest

    Darn it Root, the "left pinkie missing board" is never to be mentioned in a public forum, time to promote you to the "right pinkie missing board." Don't worry about me though as I have had enough fingers removed to have the value plan for bonus fingers. ;)
     
  12. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
  13. jamming

    jamming Guest

    Pack it any way you want, but the "process starting" detects it and shuts it down.
     
  14. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Now..because I respect this Forum at Wilders and the desire to keep it professional..I could understand why they would not like to see a link to a thread which contained any type of real exploit...but there is none. So if the link I posted disappears...I will at least post some of my thought in this thread which was resurrected from 31 Jan. :D

    .I doubt you will see Magnus responding to it all over again at Wilders.

    ____________________


    These are my thoughts on the subject when it comes to any developer being exercised by groups or individual
    that I posted in that thread when Magnus was being taunted by a guest.




    Is this an exercise in " I can write ..code, pack, modify a trojan in a way your application can not find it?"

    You can do that with any security product out there. Name me one that you can't. The question is..are you going to do it and then put it out there in the wild? Let's get all the developers into this forum one by one and tell them "I got something your can't find or control with your product.'

    I always consider this forum to be fair and impartial. In that goal, we have always asked any member who posts information on security and privacy to provide the source. That is not only the honorable thing to do it is also the professional thing to do.

    I think that applies here. If someone makes a claim they should submit proof..in this case directly to the developer.

    That has been asked for twice in this thread.

    Professional people do that all the time. Why is that not being done here? Why is that so different than what you all read in bugtrap and so many other places?

    I am not doubting the guest. I just want to know if he is going to submit it? Then I would like to see MagnusM's response. That is how it is done. And I am sure he will respond.

    I have seen alot of duds out there lately. They walk and talk like a trojan ,bot or process killer..but most are not practical, many do not really work.

    When I start seeing a rash of disabled Security Application from one specific vendor I will start taking notice.
     
  15. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    John,

    Agreed. A question though - looking forward to your opinion on this:

    Trojan Hunter is the only scanner program of its kind that
    uses signatures obtained automatically (all other vendors have human analysts who determine where good signatures should be taken from) and Trojan Hunter even allows you to view the signatures. Thus: trojan authors
    know exactly how their trojans are being detected...

    ..merely to keep an interesting discussion going ;).

    regards.

    paul
     
  16. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    My opinion :D interesting move by the developer..but I did not design it. Reminds me all of the Open BDS issue.

    I am not opposed to Human intervention ;)




    If a theif knows how he is going to be detected..that is one way he will not try it next time.

    But he will still try.. :D

    The real issue out there for all of the developers is to start finding a way to get from behind the power curve which has now shifted in favor of the BlackHats and the kiddies.

    Who reverse engineers "whose tool" first has always been the real battle.
     
  17. jamming

    jamming Guest

    There is the assumption that also that if the whole signature displayed is what is checked for 100% match instead of a portion thereof. Alter it too much and you have another Trojan version or you have something that doesn't work. Additionally, less than half the total rules are File Rules.
     
  18. wiseguy

    wiseguy Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    15
    I agree! ;)

    The Darkside is AHead. For the time being. :-*
     
  19. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743

    Yup... but you do not design programs in a FOrum...and what I see there lately is mostly RHetoric.. and lots of kissing ...LOL :D
     
  20. wiseguy

    wiseguy Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    15
    OK, so what is the conclusion? o_O o_O

    Is it True or Not? o_O o_O
     
  21. jamming

    jamming Guest

    The Paper this is based on is full of errors as it is written at last look so, it would not be true as written.
     
Thread Status:
Not open for further replies.