Passing the CompTIA Security+ certification exam with confidence
Understand computer security, its functions, and its components
Performing basic security configurations
Become an effective security technician in a business environment
-: In this short demonstration I want to show you how easy it can be to create a virus. So I have two machines set up here. I have one on the left, which will be my attacker and one on the right, which will be my victim. On the attacker's machine I'm running a program called Virus Maker 3.0 or JPS. Here is basically a point and click options of all the things that I can do to that machine on the right. For our example I'm going to do one that's easy to see, it's called crazy mouse. So I'll then click that and then I'm going to select what do I want it to be called after installation. We'll go ahead and call it the service host, and what do we want the server name to be called, the file name. I'm going to go ahead and call it Explorer.exe. You could really choose whatever you want it just depends on how sneaky you're trying to be. Now the next thing I'm going to do is I'm going to create that virus. At this point that has been created and saved to my downloads folder. Now at this point I need my victim to be able to download this virus. There's lots of ways to do that based on your social engineering, tying this virus into another program, using a spearfishing campaign, putting it as a rouge download, all sorts of things. For this particular example, though, I'm just going to show you the affect if the person was able to download it and if they ran it. So at this point the user has been tricked, they've downloaded the file and now they run it, because they think it's a game or whatever else it is. In this case they think it is a picture. If we go ahead and run that. Let's see what happens. There you can see the mouse just starts going, jumping all over the screen, so that if I wanted to try and open something like the trash can, I can't, because every time I click on it it jumps away some place else. That's the idea of this very simple virus. It's just a nuisance, it's trying to cause a problem for them. Now let me show you an example of what a Remote Access Trojan or RAT looks like. Now on the left is my attacking machine and on the right is my victim machine. So I'm using a program called ProRat. So the first thing I want to do is create a ProRat server. I'm going to click on general settings, and from here you can see the port it's going to operate on 5110, which I can change to anything I want. The server password, in this case 12345, again, not very secure, but for our lab purposes it's just fine. Then the victims name if we have it. From here we can give them error messages, we can melt the server on install, which means once the ProRat has been installed on the victim computer it will delete itself while still maintaining a connection, we can kill the antivirus and firewall on start, we can disable security center and all sorts of other things like that. I'm going to go ahead and give a fake error message here, saying you have been hacked. Now normally you wouldn't want to send a message to your user showing that they've been hacked, but I just want to show it to you for demonstration purposes, maybe you're doing this as a ransomware and you've encrypted their files. This is a way to send them a message saying you need to pay me if you want access to it and from there we'll just go down and we can go ahead and hit create server. From there the server is going to be created for us. Go ahead and hit okay. So if we want to be a little trickier we're going to go ahead and bind it with a file. So we're going to select a picture, in this case the desert, go ahead and hit open on that. Then we're going to give it another server extension here. We want to call it EXE, SCR, COM, PIF, or BAT. EXE will be just fine. For the icon what do we want this to look like? Well we want it to look like a photo. So we're going to go ahead and make it a JPEG. Then we can go ahead and hit create the server, and this is going to be in our current directory, so if I look back in my current directory I now have the binded server with a JPEG icon. From here we can go ahead and rename it and let's call it desert. So now they think they're getting a photo of the desert. At this point, again, we would use some form of trickery or social engineering to get it to them and once we do it'll be on their desktop. So at this point I've tricked the user and they now have the file. They're going to go ahead and open that file and when they run that file you're going to see the error message that we told it to have. There is the picture and you've been hacked. Uh-oh, now what's going on? Let's go ahead onto our target machine and connect to that server that's now been installed. Again, we're going to use our password 12345. At this point we now have access to that machine. We can find out information about it. In this case if we go ahead and get the system information I know now the computer name is Bob Sails. I know what kind of machine it is, it's using English for its language, system 32 is its path, I find out what kind of users it has, I find out the date and time of the machine, all of that information, and if I close this on the right, that'll move out of the way, we can get all that information here from our attacking machine about our victim machine. We can also look at the last 25 websites they visited and maybe that would be something that would be helpful for us to be able to attack. We can take screenshots and we can actually open it and see what we're going to see, so if I do a screenshot I see what's on their screen. So if they're on a website like Google here, which is not going to connect because I'm in a live environment here that's disconnected from the machine, I'll go ahead and hit snapshot and now I can see that. If they had a webcam I could view their webcam. Again, I have lots of access to do whatever it is we want to do on this machine. I can send them messages if I want. So I can do a message and say test and I'll say I don't work for you anymore. So we're going to go ahead and send that over there and there it is, I'm sorry I don't work for you anymore. So you can see the power of a remote access tool. So this allows me to do all sorts of different stuff. Again, I can take their files, I can mess with their registry, I can go through and look at all their files, I can FTP over and grab their files, I can chat over to them. I can do some funny stuff, maybe it's my friend and I'm just trying to show them that I have access to their machine. For instance I can hide their desktop icons. Now you should be able to see that that is gone and then I can show their icons and then they're back. I can make the mouse go crazy and then I can fix it. I can flip their screen upside down and then I can fix it. So you can do all sorts of different things on this machine and take control and do whatever it is that we want, because we have that remote access to them.