How can you find a trojan that hasn't been discovered by

Thread replies: 11
Thread images: 1

Anonymous
2015-11-28 02:45:52 Post No. 51566377
[Report] Image search: [Google]

File: Trojan_her_pleasure.jpg (164 KB, 623x623) Image search: [Google]

164 KB, 623x623

Anonymous 2015-11-28 02:45:52 Post No. 51566377 [Report]

How can you find a trojan that hasn't been discovered by anti-virus software?

>>

Anonymous 2015-11-28 02:46:42 Post No.51566388
[Report]

Anonymous 2015-11-28 02:46:42 Post No.51566388 [Report]

Heuristic behavior analysis.

>>

Anonymous 2015-11-28 02:57:33 Post No.51566520
[Report]

Anonymous 2015-11-28 02:57:33 Post No.51566520 [Report]

A Trojan is a program which attaches itself and runs concurrently with another, legitimate program. So look at some of the things you have recently installed

>>

Anonymous 2015-11-28 03:02:43 Post No.51566589
[Report]

Anonymous 2015-11-28 03:02:43 Post No.51566589 [Report]

>>51566520
I believe someone locally installed it.

Is it normal for path of windows processes to start with \??\c:

>>

Anonymous 2015-11-28 03:47:50 Post No.51567202
[Report]

Anonymous 2015-11-28 03:47:50 Post No.51567202 [Report]

Anti-viruses are worthless

A keylogger I wrote in fucking gamemaker nearly a decade ago as a teen doesn't get caught by anti-viruses:
https://www.virustotal.com/en/file/3cac65f0eefac2b4147ad23cd58d2c08cab94d3fa1c63938cad59be7d93a992c/analysis/1448681754/

The program copies itself to C:\Windows\System32, adds itself to startup, logs every keystroke, connects to a remote server. anti-virus software can't detect that, how can I expect it to detect a real trojan by a real virus programmer?

>>

Anonymous 2015-11-28 03:55:48 Post No.51567319
[Report]

Anonymous 2015-11-28 03:55:48 Post No.51567319 [Report]

>>51567202
But VirusTotal doesn't RUN the malicious code. Just has all those AVs examine the file to see if it matches any of their known fingerprints. Since your bug was never out in the wild, it won't be in any.

AVs that use heuristics (aka "I don't know what this is but it's watching keystrokes and sending data out, so I don't like it") would catch it.

>>

Anonymous 2015-11-28 04:11:06 Post No.51567555
[Report]

Anonymous 2015-11-28 04:11:06 Post No.51567555 [Report]

>>51567319
That heuristic would claim virus to any online video game.

>>

Anonymous 2015-11-28 04:14:12 Post No.51567596
[Report]

Anonymous 2015-11-28 04:14:12 Post No.51567596 [Report]

>>51567555
so you whitelist games,
excellent security is cumbersome which is why few people have good security

>>

Anonymous 2015-11-28 04:21:17 Post No.51567726
[Report]

Anonymous 2015-11-28 04:21:17 Post No.51567726 [Report]

>>51567596
>>51567555
Good Heuristics is a little smarter than that. It watches for stuff running from weird directories, stuff that is trying to not show it's presence etc and usually creating a score.

eset.com/int/support/sysinspector/

to see what I mean, try running this, or at least looking at the pictures. Threats are scored based on a few criteria, and scoring is different for files, running processes and TCP connections.

>>

Anonymous 2015-11-28 04:26:52 Post No.51567810
[Report]

Anonymous 2015-11-28 04:26:52 Post No.51567810 [Report]

>>51567596
This. If you care about security, run something like TinyWall and only allow explicitly whitelisted applications to access the internet.

>>

Anonymous 2015-11-28 04:38:34 Post No.51567990
[Report]

Anonymous 2015-11-28 04:38:34 Post No.51567990 [Report]

>>51566377
Network behavior and analysis by a third party firewall.
The most complex kind of virus are the ones that target specific people from goverments.
They install in an uknown way (they leave no traces) and work on a private encrypted space with root privileges, like a rootkit that resides only on ram, doesn't have files on them.