Magnus:Hackers are getting trojans to be undetectabl by Trojan Hunter

To Magnus you probably already know about this but in case you didnt i thought you know! its on a German cracking site that somebody mentioned on IRC Last night


Link removed by Admin. Please don't post links to crack sites, it is against the TOS of this board. ~ Unicron

it says it works with any trojan, is this ok. hackers add something to the end of a trojan file and then TH cant detect it I didnt try because im afraid to download trojan to test because i already have virus on this computer and its my friends computer!! My question: Im using Trojan Hunter 3.0 but the letter says 3.01. am I infected or is it only 3.01 that they talking about. I Also still have Trojan Hunter 2. can I keep that for twice protection or do i need to uninstall 2, but i think it has expired!

Also please help what firewall do you advice using with Trojan Hunter? I have been told to get Tiny. I use Zone Alarm but im having problem with it. I will use the firewall you advice is the best for Trojan Hunter.

THANK YOU a lot for your help and Trojan Hunter. Sorry for bad English it is only my third language! You from Sweden so you know how it feels! I will get my friend to write my better English if this is too bad but I hope you can read it OK. Thank you.
Lee (Nightstaar on efnet IRC)

 

I think this will not more a problem in the new version

Сожалея о плохом Английском языке но это - не мой родной язык

oh it does not support russian...
[-xor-]

 

The explaination given to you does not make sense since that is not even one way Trojan Hunter detects trojans. Some Trojans will make it pass a scanner but it doesn't mean when they activate that, they are safe to run. Anyone can claim anything on a board, doesn't mean its true. I would take anything said on a cracking board as not worth much, until you can know for sure.

TH 3.01 is the present version of the TH 3.0 Series.

 

THANK you guys

Hi jamming thank you! but it seemed there was a lot of proof in the letter including source code and mathematicals. it would be nice to somebody with trojans could test it as it would be nice to have several opinions Thank you. I will download 3.10 now

what about my Firewall question where should i download a good one from? that is free

Thank you
Lee (Nightstaar on efnet IRC)

 

Re:THANK you guys

Hi Nightstaar, let's leave the testing to Magnus, I'm sure he is aware of the site. After all no one is more qualified than he is with TH. No need to expediate the rate at which such information spreads.

As far as Firewalls go there are many fine free firewalls available, some of which are rules based, some are application based. For the most part, personal preference had varied among even the most expericenced users.

My best advice is to keep trying different ones to you find something you like, and learn what you can in the firewall forums to help decide on the merits of each.

 

What Unicron, said is good about Firewalls, I prefer a stateful inspection like Zone Alarm, the True Vector Security Engine is designed to fail into the off position. But that is my preference and there are many good rules based firewalls, many are represented here. I also use a NAT Router in addition to my firewall which I find the combination of the two plus other security measures I take, have enough of a deterrent, so that crackers go looking elsewhere for easier targets.

As to these boards, I find no more than half of what they say to be useful factual information. Usually because they are operating on false assumptions, there is a lot of hype. No one is going to claim a particular product stopped them dead and they have no idea on how to get around it.

 

Nightstaar - You might want to try posting your question on the TrojanHunter forum itself (Magnus has his own board):

http://www.misec.net/forum/

HTH Pete

 

WOW!!! I just read the article.
It looks real to me.

So, is it all true Magnus??

If so, this is a BIG Blow to TH3!!

 

Not to worry. On another board, Magnus indicate everything was covered. He was not taken by surprise and it isn't nearly as dramitic as it seemed at first.
Don't ask what other board. If I told you, I would have to cut off you left pinkie.

 

Darn it Root, the "left pinkie missing board" is never to be mentioned in a public forum, time to promote you to the "right pinkie missing board." Don't worry about me though as I have had enough fingers removed to have the value plan for bonus fingers.

 

I do not have any problems cutting off pinkys..or rumors..or wasted time.. not matter who posts the info or starts the thread.

Anyone else want to talk more about this one ?

I have some idea.


Trojan Hunters ability to scan compromised!?!?

http://www.dslreports.com/forum/remark,5921894~root=security,1~mode=flat

 

Pack it any way you want, but the "process starting" detects it and shuts it down.

 

Now..because I respect this Forum at Wilders and the desire to keep it professional..I could understand why they would not like to see a link to a thread which contained any type of real exploit...but there is none. So if the link I posted disappears...I will at least post some of my thought in this thread which was resurrected from 31 Jan.

.I doubt you will see Magnus responding to it all over again at Wilders.

____________________


These are my thoughts on the subject when it comes to any developer being exercised by groups or individual
that I posted in that thread when Magnus was being taunted by a guest.




Is this an exercise in " I can write ..code, pack, modify a trojan in a way your application can not find it?"

You can do that with any security product out there. Name me one that you can't. The question is..are you going to do it and then put it out there in the wild? Let's get all the developers into this forum one by one and tell them "I got something your can't find or control with your product.'

I always consider this forum to be fair and impartial. In that goal, we have always asked any member who posts information on security and privacy to provide the source. That is not only the honorable thing to do it is also the professional thing to do.

I think that applies here. If someone makes a claim they should submit proof..in this case directly to the developer.

That has been asked for twice in this thread.

Professional people do that all the time. Why is that not being done here? Why is that so different than what you all read in bugtrap and so many other places?

I am not doubting the guest. I just want to know if he is going to submit it? Then I would like to see MagnusM's response. That is how it is done. And I am sure he will respond.

I have seen alot of duds out there lately. They walk and talk like a trojan ,bot or process killer..but most are not practical, many do not really work.

When I start seeing a rash of disabled Security Application from one specific vendor I will start taking notice.

 

My opinion interesting move by the developer..but I did not design it. Reminds me all of the Open BDS issue.

I am not opposed to Human intervention




If a theif knows how he is going to be detected..that is one way he will not try it next time.

But he will still try..

The real issue out there for all of the developers is to start finding a way to get from behind the power curve which has now shifted in favor of the BlackHats and the kiddies.

Who reverse engineers "whose tool" first has always been the real battle.

 

There is the assumption that also that if the whole signature displayed is what is checked for 100% match instead of a portion thereof. Alter it too much and you have another Trojan version or you have something that doesn't work. Additionally, less than half the total rules are File Rules.

 

I agree!

The Darkside is AHead. For the time being.

 

Yup... but you do not design programs in a FOrum...and what I see there lately is mostly RHetoric.. and lots of kissing ...LOL

 

OK, so what is the conclusion?

Is it True or Not?

 

The Paper this is based on is full of errors as it is written at last look so, it would not be true as written.