Digital Crime Investigation: Evolution and Detection Techniques
VerifiedAdded on 2024/01/16
|24
|3640
|238
AI Summary
This report provides an overview of digital crime, focusing on its evolution and detection techniques. It includes case studies, attack scenarios, and recommendations. The report covers topics such as remote access Trojans, backdoor Trojan phishing attacks, and the use of tools like ProRat. It also discusses the history of digital crime and the growing threat of cybercrime.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Module Code & Module Title
CC6003NI - Digital Crime Investigation
Assessment Weightage & Type
50% Individual Coursework
Digital Crime Evolution and Detection Techniques
Year and Semester
2019-20, Autumn
Student Name: Sagar Bhandari
London Met ID: 17030809
College ID: NP01NT4A170080
Assignment Due Date: 10th January 2020
Assignment Submission Date: 10th January 2020
Word Count: 2151
CC6003NI - Digital Crime Investigation
Assessment Weightage & Type
50% Individual Coursework
Digital Crime Evolution and Detection Techniques
Year and Semester
2019-20, Autumn
Student Name: Sagar Bhandari
London Met ID: 17030809
College ID: NP01NT4A170080
Assignment Due Date: 10th January 2020
Assignment Submission Date: 10th January 2020
Word Count: 2151
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
ABSTRACT
The increasing rate in the use of internet and technology, the security of the system
and data’s have become a crucial topic. Digital crimes in these times are more and more
concerned with the security of networks for it is unsafe for the internet to be attacked. The
motive of this report is to provide an outline of the various information regarding the
cybercrimes and deliver the knowledge that the efficient execution of digital crime and its
detection. Attacks such as Trojan horse are dangerous tools to attack the internet.
Specially, there are numerous Trojan horse for windows system and some new are
formed every day. As this approach is performed under the Ubuntu and Windows OS.
Demonstration have been executed and results show the conclusive of the method.
The increasing rate in the use of internet and technology, the security of the system
and data’s have become a crucial topic. Digital crimes in these times are more and more
concerned with the security of networks for it is unsafe for the internet to be attacked. The
motive of this report is to provide an outline of the various information regarding the
cybercrimes and deliver the knowledge that the efficient execution of digital crime and its
detection. Attacks such as Trojan horse are dangerous tools to attack the internet.
Specially, there are numerous Trojan horse for windows system and some new are
formed every day. As this approach is performed under the Ubuntu and Windows OS.
Demonstration have been executed and results show the conclusive of the method.
Table of Contents
1: Introduction ................................................................................................................. 1
1.1: Subject Matter ....................................................................................................... 1
1.2: Aim and Objectives ............................................................................................... 2
1.2.1: Aim ................................................................................................................. 2
1.2.2: Objectives ...................................................................................................... 2
1.3: Report Structure ................................................................................................... 2
2: Background ................................................................................................................. 3
2.1: Brief History .......................................................................................................... 3
2.2: Literature Review .................................................................................................. 3
2.2.1: Case Study ..................................................................................................... 3
2.2.1.1: Case 1 ......................................................................................................... 3
2.2.1.2: Case 2 ......................................................................................................... 4
2.2.1.3: Analyzation .................................................................................................. 4
2.3: Attack Scenario ..................................................................................................... 5
2.3.1: Backdoor Trojan Phishing Attack Using ProRat Tool ......................................... 5
2.3.2: Running ProRat Tool ...................................................................................... 7
2.4.: Detection Techniques .......................................................................................... 8
2.4.1: Detection through the Process Explorer Tool .................................................... 8
2.4.2: Windows Firewall Detection ........................................................................... 9
2.4.3: Detection through Running Applications on Background ............................. 10
3: Recommendations .................................................................................................... 11
4: Conclusion ................................................................................................................ 12
5: References ................................................................................................................ 13
6: Appendix ................................................................................................................... 14
6.1: Appendix – A ...................................................................................................... 14
6.2: Appendix- B ........................................................................................................ 19
1: Introduction ................................................................................................................. 1
1.1: Subject Matter ....................................................................................................... 1
1.2: Aim and Objectives ............................................................................................... 2
1.2.1: Aim ................................................................................................................. 2
1.2.2: Objectives ...................................................................................................... 2
1.3: Report Structure ................................................................................................... 2
2: Background ................................................................................................................. 3
2.1: Brief History .......................................................................................................... 3
2.2: Literature Review .................................................................................................. 3
2.2.1: Case Study ..................................................................................................... 3
2.2.1.1: Case 1 ......................................................................................................... 3
2.2.1.2: Case 2 ......................................................................................................... 4
2.2.1.3: Analyzation .................................................................................................. 4
2.3: Attack Scenario ..................................................................................................... 5
2.3.1: Backdoor Trojan Phishing Attack Using ProRat Tool ......................................... 5
2.3.2: Running ProRat Tool ...................................................................................... 7
2.4.: Detection Techniques .......................................................................................... 8
2.4.1: Detection through the Process Explorer Tool .................................................... 8
2.4.2: Windows Firewall Detection ........................................................................... 9
2.4.3: Detection through Running Applications on Background ............................. 10
3: Recommendations .................................................................................................... 11
4: Conclusion ................................................................................................................ 12
5: References ................................................................................................................ 13
6: Appendix ................................................................................................................... 14
6.1: Appendix – A ...................................................................................................... 14
6.2: Appendix- B ........................................................................................................ 19
Table of Figures
Figure 1: Wine version to run prorat tool ......................................................................... 5
Figure 2: Starting the apache2 server ............................................................................. 6
Figure 3: Getting access to victim's through remote access control ................................ 6
Figure 4: Opening interface of the prorat tool .................................................................. 7
Figure 5: Capturing the victim's PC information .............................................................. 7
Figure 6: Trojan detection through process explorer tool ................................................ 8
Figure 7: Trojan detection by virus total .......................................................................... 9
Figure 8: Windows firewall detecting Trojan .................................................................. 10
Figure 9: Detection through task manager from the running background application ... 11
Figure 10: Attackers PC IP ............................................................................................ 14
Figure 11: Victim's IP .................................................................................................... 14
Figure 12: Running prorat tool using wine ..................................................................... 15
Figure 13: Opening interface of prorat........................................................................... 15
Figure 14: Inserting the Attacker IP and email ID .......................................................... 16
Figure 15: Selecting the server icon .............................................................................. 16
Figure 16: Server created .............................................................................................. 17
Figure 17: Accessing the victim’s: C drive ..................................................................... 17
Figure 18: Chatting with the victim ................................................................................ 17
Figure 19: Sending message in the dialog box ............................................................. 18
Figure 20: Accessing the victims ID to remotely access the victims PC ........................ 18
Figure 21: HTML sever code ......................................................................................... 19
Figure 22: HTML webpage displaying in the victim's system ........................................ 19
Figure 23: Victim downloaded the Trojan file as Avast Antivirus ................................... 20
Figure 24: Victim running the program .......................................................................... 20
Figure 1: Wine version to run prorat tool ......................................................................... 5
Figure 2: Starting the apache2 server ............................................................................. 6
Figure 3: Getting access to victim's through remote access control ................................ 6
Figure 4: Opening interface of the prorat tool .................................................................. 7
Figure 5: Capturing the victim's PC information .............................................................. 7
Figure 6: Trojan detection through process explorer tool ................................................ 8
Figure 7: Trojan detection by virus total .......................................................................... 9
Figure 8: Windows firewall detecting Trojan .................................................................. 10
Figure 9: Detection through task manager from the running background application ... 11
Figure 10: Attackers PC IP ............................................................................................ 14
Figure 11: Victim's IP .................................................................................................... 14
Figure 12: Running prorat tool using wine ..................................................................... 15
Figure 13: Opening interface of prorat........................................................................... 15
Figure 14: Inserting the Attacker IP and email ID .......................................................... 16
Figure 15: Selecting the server icon .............................................................................. 16
Figure 16: Server created .............................................................................................. 17
Figure 17: Accessing the victim’s: C drive ..................................................................... 17
Figure 18: Chatting with the victim ................................................................................ 17
Figure 19: Sending message in the dialog box ............................................................. 18
Figure 20: Accessing the victims ID to remotely access the victims PC ........................ 18
Figure 21: HTML sever code ......................................................................................... 19
Figure 22: HTML webpage displaying in the victim's system ........................................ 19
Figure 23: Victim downloaded the Trojan file as Avast Antivirus ................................... 20
Figure 24: Victim running the program .......................................................................... 20
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
CC6003NI Digital Crime Investigation
1
Sagar Bhandari || 17030809
1: Introduction
1.1: Subject Matter
Have you ever heard about the digital or cybercrime? Obviously, needs to be yes.
Cybercrime or computer-based crime is a crime that involves a computer and a network.
The computer may have been used for the implementation of crime or it may be the victim
as target (pp pankaj, 2018). The world is globally developed in terms of technology and
people are connected within it under a same terrace and utilizing the use of internet. As
digital technology come up with this connectivity and gives its user many required
satisfaction. But at the same time, it’s vulnerable to the users and creates a golden
environment for criminal activity to stole the confidential identity and hack the others
system (barrleby.com, 2016). The growing rate of the network-based computer system in
the security plays an important role, as the rapidly increasing computer attacks such as
virus and disturbance target to the system.
In this general topic of digital crime, a remote access Trojan (RAT) which is a
malware program that attacks the victim through the back door for administrative control
over the target computer. This Trojan can be send through an email attachment or
portable devices into the computer system which are normally invisible or is sent by
binded to any files. The attacker may use it once the host system is compromised to
distribute RATs to other vulnerable computer and set up a botnet. Monitoring user
behavior through key loggers or other spyware, Taking screenshots, Downloading files
are some of the features attacker can control through RAT (Rouse, 2018). In the present
context, Attacks like Trojan Horses have been mainly affecting the computer network
system. Especially Windows OS are targeted as the victim of the attack as there are
massive number of Trojan Horses plans created to enable the attack upon running
platforms.
1
Sagar Bhandari || 17030809
1: Introduction
1.1: Subject Matter
Have you ever heard about the digital or cybercrime? Obviously, needs to be yes.
Cybercrime or computer-based crime is a crime that involves a computer and a network.
The computer may have been used for the implementation of crime or it may be the victim
as target (pp pankaj, 2018). The world is globally developed in terms of technology and
people are connected within it under a same terrace and utilizing the use of internet. As
digital technology come up with this connectivity and gives its user many required
satisfaction. But at the same time, it’s vulnerable to the users and creates a golden
environment for criminal activity to stole the confidential identity and hack the others
system (barrleby.com, 2016). The growing rate of the network-based computer system in
the security plays an important role, as the rapidly increasing computer attacks such as
virus and disturbance target to the system.
In this general topic of digital crime, a remote access Trojan (RAT) which is a
malware program that attacks the victim through the back door for administrative control
over the target computer. This Trojan can be send through an email attachment or
portable devices into the computer system which are normally invisible or is sent by
binded to any files. The attacker may use it once the host system is compromised to
distribute RATs to other vulnerable computer and set up a botnet. Monitoring user
behavior through key loggers or other spyware, Taking screenshots, Downloading files
are some of the features attacker can control through RAT (Rouse, 2018). In the present
context, Attacks like Trojan Horses have been mainly affecting the computer network
system. Especially Windows OS are targeted as the victim of the attack as there are
massive number of Trojan Horses plans created to enable the attack upon running
platforms.
CC6003NI Digital Crime Investigation
2
Sagar Bhandari || 17030809
1.2: Aim and Objectives
1.2.1: Aim
The main aim behind the completion of this report is to share the information and
provides the guidelines to the evolution of digital crime as well as various types of digital
or cybercrimes and its detection technique.
1.2.2: Objectives
The Objectives of the above mentioned aim and this report are mentioned below:
To obtain the knowledge about the evolution of digital crime.
To analysis the digital crimes and its different types.
To practice on research through websites, journals, books regarding the topic.
To be able to use tools in Ubuntu and demonstrate the attack.
1.3: Report Structure
The report is structured in three different body which elaborates the study of digital
crime and its detection technique.
The first section covers the introduction about the general topics.
The second section covers the background study where history, review and Trojan
horse attack and detection technique is included.
The third or the final section of the report covers the conclusion part, references and
appendix.
2
Sagar Bhandari || 17030809
1.2: Aim and Objectives
1.2.1: Aim
The main aim behind the completion of this report is to share the information and
provides the guidelines to the evolution of digital crime as well as various types of digital
or cybercrimes and its detection technique.
1.2.2: Objectives
The Objectives of the above mentioned aim and this report are mentioned below:
To obtain the knowledge about the evolution of digital crime.
To analysis the digital crimes and its different types.
To practice on research through websites, journals, books regarding the topic.
To be able to use tools in Ubuntu and demonstrate the attack.
1.3: Report Structure
The report is structured in three different body which elaborates the study of digital
crime and its detection technique.
The first section covers the introduction about the general topics.
The second section covers the background study where history, review and Trojan
horse attack and detection technique is included.
The third or the final section of the report covers the conclusion part, references and
appendix.
CC6003NI Digital Crime Investigation
3
Sagar Bhandari || 17030809
2: Background
2.1: Brief History
The technology has been around for decades in the field of information technology,
Remote Access Tools (RATs) were not always used harmfully. Up to day, still at all, RATs
have been used maliciously to develop back-door system where an attacker can remotely
harm to a damage system or systems at a later time. One of the most popular RATs in
the criminal underground is DarkComet and Blackshades (MalwarebytesLabs, 2016).
DarkComet, an independent programmer and computer security specialist from France,
was reportedly created by the DarkCoder. In the first instance it was developed as a
platform for network management. The increasing the rate of cybercrime is rapidly
growing and RATs have been the one of the major cybercrime (Dahms, 2014). In 90’s the
web browsers came into the timeline and viruses were the most vulnerable through the
internet connection. The rise of the cybercrime and RATs began from the early 2000’s
when social media took over the world and cybercrime immediately increased to steal the
personal information of the people and accessing bank accounts, setting up credit cards
or other financial fraud. Some of the popular RATs are: DarkComet, Blackshades, ProRat,
Beast, BO2K, Sub7.
2.2: Literature Review
2.2.1: Case Study
2.2.1.1: Case 1
The Case 1 of the RATs Trojan includes the evolution of the Sub7 and Back Orifice
RATs. Sub7 uses the standard TCP/IP protocol also the, Back Orifice uses the TCP/UPD
protocol to execute. Both of the Trojans consists of the many features like: Screen
Capturing, Keyboard Logger, File Manager and others related features to capture the
victims system. According to the report received from Symantec Security Responses in
July 2003 that an individual sent email, claiming to be sent by Symantec, in order to get
the recipient to download and execute this Trojan. The email is in Spanish and has the
following attributes as it was sent from the SymatecMexico with the Subject as Urgente:
Actualization Antivirus (Koris, 2007). As the evolution has been for both of the Trojans
3
Sagar Bhandari || 17030809
2: Background
2.1: Brief History
The technology has been around for decades in the field of information technology,
Remote Access Tools (RATs) were not always used harmfully. Up to day, still at all, RATs
have been used maliciously to develop back-door system where an attacker can remotely
harm to a damage system or systems at a later time. One of the most popular RATs in
the criminal underground is DarkComet and Blackshades (MalwarebytesLabs, 2016).
DarkComet, an independent programmer and computer security specialist from France,
was reportedly created by the DarkCoder. In the first instance it was developed as a
platform for network management. The increasing the rate of cybercrime is rapidly
growing and RATs have been the one of the major cybercrime (Dahms, 2014). In 90’s the
web browsers came into the timeline and viruses were the most vulnerable through the
internet connection. The rise of the cybercrime and RATs began from the early 2000’s
when social media took over the world and cybercrime immediately increased to steal the
personal information of the people and accessing bank accounts, setting up credit cards
or other financial fraud. Some of the popular RATs are: DarkComet, Blackshades, ProRat,
Beast, BO2K, Sub7.
2.2: Literature Review
2.2.1: Case Study
2.2.1.1: Case 1
The Case 1 of the RATs Trojan includes the evolution of the Sub7 and Back Orifice
RATs. Sub7 uses the standard TCP/IP protocol also the, Back Orifice uses the TCP/UPD
protocol to execute. Both of the Trojans consists of the many features like: Screen
Capturing, Keyboard Logger, File Manager and others related features to capture the
victims system. According to the report received from Symantec Security Responses in
July 2003 that an individual sent email, claiming to be sent by Symantec, in order to get
the recipient to download and execute this Trojan. The email is in Spanish and has the
following attributes as it was sent from the SymatecMexico with the Subject as Urgente:
Actualization Antivirus (Koris, 2007). As the evolution has been for both of the Trojans
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CC6003NI Digital Crime Investigation
4
Sagar Bhandari || 17030809
upgraded to its next version as sub7 v2 and Back Orifice 2000 also known as BO2k. As
sub7 is an source code an is manually operated by the author and do not insists any
authorized use of it but in Back Orifice where it is an open source and is based on BO2k's
ability to do remote administration which explain its fact . As an outcome, BO2k creator
team has bigger and the success show (Ferrill, 2003).
2.2.1.2: Case 2
Similarly, this section includes the one of the popular and latest RATs that is
Blackshades RAT which comes in two well-defined versions: Blackshades NET and
Blackshades Stealth. The RATs has taken over more evolve and this RAT consists of two
components; a client and a server. The Blackshades Trojan includes the payload
creation, clone file, any peripherals monitoring, remote access abilities, anti-analysis
techniques. Blackshades is a ready-made hacking tool that generates RAT by sending
links to the harmful users, webpages or other social media contacts. Without any
permission this Trojan can apparently be used remotely to access harmful system and
use a victim’s computer as a proxy server. Nearly over 61% malware activity increased
up from December 2017 to 2019 remote access Trojans like DarkComet RAT, CyberGate
RAT, Dameware RAT are the top new trojan in the present context to infect the victims
system (IP Specialist, 2019) .
2.2.1.3: Analyzation
In the above case 1 and 2, the common factor in both of the Remote Access
Trojans (RATs) have the features to control the victims system and send a payload to
exploit the vulnerable attacks through the respective attacking tools. As above discussed
in the cases, Sub7 and Back Orifice Trojans are the previous version of the Remote
access Trojan which has the limited functions and is not much superior in the comparison
to the others latest Trojan RATs like Blackshades, DarkComet where these two has the
similar features but are different in tool. In comparison to these RATs, Blackshades RAT
payloads can be difficult to detect as the payload in Blackshades are made and
complicate by using the cyphers tool (Coty, 2014). In addition, a normal infection includes
4
Sagar Bhandari || 17030809
upgraded to its next version as sub7 v2 and Back Orifice 2000 also known as BO2k. As
sub7 is an source code an is manually operated by the author and do not insists any
authorized use of it but in Back Orifice where it is an open source and is based on BO2k's
ability to do remote administration which explain its fact . As an outcome, BO2k creator
team has bigger and the success show (Ferrill, 2003).
2.2.1.2: Case 2
Similarly, this section includes the one of the popular and latest RATs that is
Blackshades RAT which comes in two well-defined versions: Blackshades NET and
Blackshades Stealth. The RATs has taken over more evolve and this RAT consists of two
components; a client and a server. The Blackshades Trojan includes the payload
creation, clone file, any peripherals monitoring, remote access abilities, anti-analysis
techniques. Blackshades is a ready-made hacking tool that generates RAT by sending
links to the harmful users, webpages or other social media contacts. Without any
permission this Trojan can apparently be used remotely to access harmful system and
use a victim’s computer as a proxy server. Nearly over 61% malware activity increased
up from December 2017 to 2019 remote access Trojans like DarkComet RAT, CyberGate
RAT, Dameware RAT are the top new trojan in the present context to infect the victims
system (IP Specialist, 2019) .
2.2.1.3: Analyzation
In the above case 1 and 2, the common factor in both of the Remote Access
Trojans (RATs) have the features to control the victims system and send a payload to
exploit the vulnerable attacks through the respective attacking tools. As above discussed
in the cases, Sub7 and Back Orifice Trojans are the previous version of the Remote
access Trojan which has the limited functions and is not much superior in the comparison
to the others latest Trojan RATs like Blackshades, DarkComet where these two has the
similar features but are different in tool. In comparison to these RATs, Blackshades RAT
payloads can be difficult to detect as the payload in Blackshades are made and
complicate by using the cyphers tool (Coty, 2014). In addition, a normal infection includes
CC6003NI Digital Crime Investigation
5
Sagar Bhandari || 17030809
its several stage attack, where victim is entrapped into downloading the file and run the
actual Blackshades payload while in the Sub7 and Back Orifice case payloads are send
through the binded file or server like Web Server or FTP Server in the form of .exe file or
any other extension and configure the attack. And it is easily detectable by the antivirus
as it’s an open source code.
2.3: Attack Scenario
2.3.1: Backdoor Trojan Phishing Attack Using ProRat Tool
Prorat is a one of the popular backdoor Trojan attacking tool discovered in the year
2003 that affect the windows OS and gives the attacker full control over your computer
system and opens the port on the system. The attack is performed under the Virtual
Machine on the two different Operating Systems. Creating an Ubuntu OS as an attacker
computer system and Windows 10 as a victim’s system. As we know, that the Ubuntu
system doesn’t support the windows .exe extension file so, installing a wine tool to operate
the program and attack. The version of wine tool is mentioned below:
Figure 1: Wine version to run prorat tool
Creating a local host server in the Ubuntu with the apache2 tool that creates the
local server between the two connected OS on the same network which furthermore
enable to perform the attack. The below figure shows the starting of the apache2 server.
5
Sagar Bhandari || 17030809
its several stage attack, where victim is entrapped into downloading the file and run the
actual Blackshades payload while in the Sub7 and Back Orifice case payloads are send
through the binded file or server like Web Server or FTP Server in the form of .exe file or
any other extension and configure the attack. And it is easily detectable by the antivirus
as it’s an open source code.
2.3: Attack Scenario
2.3.1: Backdoor Trojan Phishing Attack Using ProRat Tool
Prorat is a one of the popular backdoor Trojan attacking tool discovered in the year
2003 that affect the windows OS and gives the attacker full control over your computer
system and opens the port on the system. The attack is performed under the Virtual
Machine on the two different Operating Systems. Creating an Ubuntu OS as an attacker
computer system and Windows 10 as a victim’s system. As we know, that the Ubuntu
system doesn’t support the windows .exe extension file so, installing a wine tool to operate
the program and attack. The version of wine tool is mentioned below:
Figure 1: Wine version to run prorat tool
Creating a local host server in the Ubuntu with the apache2 tool that creates the
local server between the two connected OS on the same network which furthermore
enable to perform the attack. The below figure shows the starting of the apache2 server.
CC6003NI Digital Crime Investigation
6
Sagar Bhandari || 17030809
Figure 2: Starting the apache2 server
Creating an HTML server file to send the Trojan on the victim’s system and perform
the phishing attack as the antivirus download webpage is created to click bait setup file
where the victim is fooled to download the antivirus on the system and Trojan get
downloaded when clicking on the download button. As the victims tries to install the setup
file which is Trojan, it exploits into the victims system and performs the unusual things as
commanded by the attacker through the prorat tool. The code screenshot for the HTML
Webpage of the antivirus download file is mentioned below in the appendix – B. And
Running the background application on the victim’s pc, installing the remote access app
like Aeroadmin where the attacker can access the victims ID and Password and execute
the attack by installing unusual applications on it.
Figure 3: Getting access to victim's through remote access control
6
Sagar Bhandari || 17030809
Figure 2: Starting the apache2 server
Creating an HTML server file to send the Trojan on the victim’s system and perform
the phishing attack as the antivirus download webpage is created to click bait setup file
where the victim is fooled to download the antivirus on the system and Trojan get
downloaded when clicking on the download button. As the victims tries to install the setup
file which is Trojan, it exploits into the victims system and performs the unusual things as
commanded by the attacker through the prorat tool. The code screenshot for the HTML
Webpage of the antivirus download file is mentioned below in the appendix – B. And
Running the background application on the victim’s pc, installing the remote access app
like Aeroadmin where the attacker can access the victims ID and Password and execute
the attack by installing unusual applications on it.
Figure 3: Getting access to victim's through remote access control
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
CC6003NI Digital Crime Investigation
7
Sagar Bhandari || 17030809
2.3.2: Running ProRat Tool
Executing the Prorat tool in the Ubuntu OS through the wine windows loader
application. And creating the Trojan in .exe extension file as a setup file and connecting
to the victim’s system. The below figure shows the demonstration of the prorat tool:
Figure 4: Opening interface of the prorat tool
As shown in the above figure, the first figures shows the opening or starting GUI
of the prorat tool while the second figure below shows the attack section of capturing
victim’s system information.
Figure 5: Capturing the victim's PC information
7
Sagar Bhandari || 17030809
2.3.2: Running ProRat Tool
Executing the Prorat tool in the Ubuntu OS through the wine windows loader
application. And creating the Trojan in .exe extension file as a setup file and connecting
to the victim’s system. The below figure shows the demonstration of the prorat tool:
Figure 4: Opening interface of the prorat tool
As shown in the above figure, the first figures shows the opening or starting GUI
of the prorat tool while the second figure below shows the attack section of capturing
victim’s system information.
Figure 5: Capturing the victim's PC information
CC6003NI Digital Crime Investigation
8
Sagar Bhandari || 17030809
Furthermore, the other attacking steps are shown in the appendix – A.
2.4.: Detection Techniques
2.4.1: Detection through the Process Explorer Tool
There are several methods in the program to detect the Trojan, Process Explore
Tool is one of them. This tools detects the Trojan running in the PC. While the victim PC
is exploited by the Trojan this tools helps in finding the virus and kill it from the system or
can detect through the online virus total website.
Figure 6: Trojan detection through process explorer tool
As shown in the above figure, every details and description is shown in this process
explorer tool where in the virus total section the number in the red color indicate the virus
detected in the One Drive.exe file.
8
Sagar Bhandari || 17030809
Furthermore, the other attacking steps are shown in the appendix – A.
2.4.: Detection Techniques
2.4.1: Detection through the Process Explorer Tool
There are several methods in the program to detect the Trojan, Process Explore
Tool is one of them. This tools detects the Trojan running in the PC. While the victim PC
is exploited by the Trojan this tools helps in finding the virus and kill it from the system or
can detect through the online virus total website.
Figure 6: Trojan detection through process explorer tool
As shown in the above figure, every details and description is shown in this process
explorer tool where in the virus total section the number in the red color indicate the virus
detected in the One Drive.exe file.
CC6003NI Digital Crime Investigation
9
Sagar Bhandari || 17030809
Figure 7: Trojan detection by virus total
2.4.2: Windows Firewall Detection
Turning on the windows firewall and windows antivirus detects the Trojan and
doesn’t allow the user to run the program. In this attack the Trojan can only bypass if the
firewall is disabled. When the victim restart the PC the real time protection automatically
turns on and detect the virus in the system and notify the victim about it.
9
Sagar Bhandari || 17030809
Figure 7: Trojan detection by virus total
2.4.2: Windows Firewall Detection
Turning on the windows firewall and windows antivirus detects the Trojan and
doesn’t allow the user to run the program. In this attack the Trojan can only bypass if the
firewall is disabled. When the victim restart the PC the real time protection automatically
turns on and detect the virus in the system and notify the victim about it.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CC6003NI Digital Crime Investigation
10
Sagar Bhandari || 17030809
Figure 8: Windows firewall detecting Trojan
2.4.3: Detection through Running Applications on Background
As the victim sees the unusual application installed in the pc and checks the task
manger where the victim can see the Aeroadmin running on the background where from
the attacker is getting access to use the victims PC and control it. By ending the
application from the task manager. Victim can detect the Trojan running on the system.
10
Sagar Bhandari || 17030809
Figure 8: Windows firewall detecting Trojan
2.4.3: Detection through Running Applications on Background
As the victim sees the unusual application installed in the pc and checks the task
manger where the victim can see the Aeroadmin running on the background where from
the attacker is getting access to use the victims PC and control it. By ending the
application from the task manager. Victim can detect the Trojan running on the system.
CC6003NI Digital Crime Investigation
11
Sagar Bhandari || 17030809
Figure 9: Detection through task manager from the running background application
3: Recommendations
The recommendations for preventing this kind of Trojan attacks are:
Use a firewall to block all incoming Internet connections to services that are not to be
available to the public.
Setting up the email server to block or remove email which contains file attachments
that spread virus in the form of .exe, .src, .bat files.
Use of proper detection techniques.
Not clicking on the Ads which often comes while using the internet.
Avoid suspicious and unsafe websites.
Time to time often check and scan for the virus and the whole computer system.
11
Sagar Bhandari || 17030809
Figure 9: Detection through task manager from the running background application
3: Recommendations
The recommendations for preventing this kind of Trojan attacks are:
Use a firewall to block all incoming Internet connections to services that are not to be
available to the public.
Setting up the email server to block or remove email which contains file attachments
that spread virus in the form of .exe, .src, .bat files.
Use of proper detection techniques.
Not clicking on the Ads which often comes while using the internet.
Avoid suspicious and unsafe websites.
Time to time often check and scan for the virus and the whole computer system.
CC6003NI Digital Crime Investigation
12
Sagar Bhandari || 17030809
4: Conclusion
This report is the step forward for the analyzing the evolution of the Trojan attacks
and its detection techniques. The backdoor trojan attacks have been increasing rapidly in
the many of the IT professional companies and in others sectors as well with the phishing
stealing the confidential data and information of the users. It is been serious issue to deal
with it. As this attack is performed for understanding and gaining knowledge practically
about the trojan attack and its detections. By the use of the tool the attack and detection
was successful.
Ultimately, we have summarized about the brief introduction to digital crime and
trojan, background with its case study, attack demonstration and its detection, last but not
the least recommendations for preventing the attack.
12
Sagar Bhandari || 17030809
4: Conclusion
This report is the step forward for the analyzing the evolution of the Trojan attacks
and its detection techniques. The backdoor trojan attacks have been increasing rapidly in
the many of the IT professional companies and in others sectors as well with the phishing
stealing the confidential data and information of the users. It is been serious issue to deal
with it. As this attack is performed for understanding and gaining knowledge practically
about the trojan attack and its detections. By the use of the tool the attack and detection
was successful.
Ultimately, we have summarized about the brief introduction to digital crime and
trojan, background with its case study, attack demonstration and its detection, last but not
the least recommendations for preventing the attack.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
CC6003NI Digital Crime Investigation
13
Sagar Bhandari || 17030809
5: References
barrleby.com, 2016. Essay on Introduction to Computer Crime. [Online]
Available at: https://www.bartleby.com/essay/Introduction-to-Computer-Crime-
P3YGVGAVJ
[Accessed 28 December 2019].
Coty, S., 2014. BlackShades Remote Access Trojan. [Online]
Available at: https://blog.alertlogic.com/blog/blackshades-remote-access-trojan/
[Accessed 26 December 2019].
Dahms, T., 2014. Molerats Here for Spring. [Online]
Available at: https://www.akamai.com/de/de/multimedia/documents/state-of-the-
internet/blackshades-rat-threat-advisory.pdf
[Accessed 26 December 2019].
Ferrill, R., 2003. Global Information Assurance Certification Paper. [Online]
Available at: https://www.giac.org/paper/gcih/441/orifice-2000-bo2k-insider-
threat/104868
[Accessed 26 December 2019].
IP Specialist, 2019. Evolution of Trojan’s Activities in 2019. [Online]
Available at: https://medium.com/@ipspecialist/evolution-of-trojans-activities-in-2019-
7332cb0c6bc8
[Accessed 26 December 2019].
Koris, G., 2007. Backdoor.SubSeven. [Online]
Available at: https://www.symantec.com/security-center/writeup/2001-020114-5445-99
[Accessed 26 December 2019].
MalwarebytesLabs, 2016. Remote Access Trojan (RAT). [Online]
Available at: https://blog.malwarebytes.com/threats/remote-access-trojan-rat/
[Accessed 24 December 2019].
pp pankaj, 2018. GeeksforGeeks. [Online]
Available at: https://www.geeksforgeeks.org/cyber-crime/
[Accessed 28 December 2019].
Rouse, M., 2018. RAT (remote access Trojan). [Online]
Available at: https://searchsecurity.techtarget.com/definition/RAT-remote-access-Trojan
[Accessed 26 December 2019].
13
Sagar Bhandari || 17030809
5: References
barrleby.com, 2016. Essay on Introduction to Computer Crime. [Online]
Available at: https://www.bartleby.com/essay/Introduction-to-Computer-Crime-
P3YGVGAVJ
[Accessed 28 December 2019].
Coty, S., 2014. BlackShades Remote Access Trojan. [Online]
Available at: https://blog.alertlogic.com/blog/blackshades-remote-access-trojan/
[Accessed 26 December 2019].
Dahms, T., 2014. Molerats Here for Spring. [Online]
Available at: https://www.akamai.com/de/de/multimedia/documents/state-of-the-
internet/blackshades-rat-threat-advisory.pdf
[Accessed 26 December 2019].
Ferrill, R., 2003. Global Information Assurance Certification Paper. [Online]
Available at: https://www.giac.org/paper/gcih/441/orifice-2000-bo2k-insider-
threat/104868
[Accessed 26 December 2019].
IP Specialist, 2019. Evolution of Trojan’s Activities in 2019. [Online]
Available at: https://medium.com/@ipspecialist/evolution-of-trojans-activities-in-2019-
7332cb0c6bc8
[Accessed 26 December 2019].
Koris, G., 2007. Backdoor.SubSeven. [Online]
Available at: https://www.symantec.com/security-center/writeup/2001-020114-5445-99
[Accessed 26 December 2019].
MalwarebytesLabs, 2016. Remote Access Trojan (RAT). [Online]
Available at: https://blog.malwarebytes.com/threats/remote-access-trojan-rat/
[Accessed 24 December 2019].
pp pankaj, 2018. GeeksforGeeks. [Online]
Available at: https://www.geeksforgeeks.org/cyber-crime/
[Accessed 28 December 2019].
Rouse, M., 2018. RAT (remote access Trojan). [Online]
Available at: https://searchsecurity.techtarget.com/definition/RAT-remote-access-Trojan
[Accessed 26 December 2019].
CC6003NI Digital Crime Investigation
14
Sagar Bhandari || 17030809
6: Appendix
6.1: Appendix – A
This appendix section includes the every attacking screenshots details and
creation of Trojan virus.
Figure 10: Attackers PC IP
Figure 11: Victim's IP
14
Sagar Bhandari || 17030809
6: Appendix
6.1: Appendix – A
This appendix section includes the every attacking screenshots details and
creation of Trojan virus.
Figure 10: Attackers PC IP
Figure 11: Victim's IP
CC6003NI Digital Crime Investigation
15
Sagar Bhandari || 17030809
Figure 12: Running prorat tool using wine
Figure 13: Opening interface of prorat
15
Sagar Bhandari || 17030809
Figure 12: Running prorat tool using wine
Figure 13: Opening interface of prorat
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CC6003NI Digital Crime Investigation
16
Sagar Bhandari || 17030809
Figure 14: Inserting the Attacker IP and email ID
Figure 15: Selecting the server icon
16
Sagar Bhandari || 17030809
Figure 14: Inserting the Attacker IP and email ID
Figure 15: Selecting the server icon
CC6003NI Digital Crime Investigation
17
Sagar Bhandari || 17030809
Figure 16: Server created
Figure 17: Accessing the victim’s: C drive
Figure 18: Chatting with the victim
17
Sagar Bhandari || 17030809
Figure 16: Server created
Figure 17: Accessing the victim’s: C drive
Figure 18: Chatting with the victim
CC6003NI Digital Crime Investigation
18
Sagar Bhandari || 17030809
Figure 19: Sending message in the dialog box
Figure 20: Accessing the victims ID to remotely access the victims PC
18
Sagar Bhandari || 17030809
Figure 19: Sending message in the dialog box
Figure 20: Accessing the victims ID to remotely access the victims PC
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
CC6003NI Digital Crime Investigation
19
Sagar Bhandari || 17030809
6.2: Appendix- B
This section includes the screenshot of the HTML code, HTML file where the
payload is sent to the victim and running the payload file in the victims system.
Figure 21: HTML sever code
Figure 22: HTML webpage displaying in the victim's system
19
Sagar Bhandari || 17030809
6.2: Appendix- B
This section includes the screenshot of the HTML code, HTML file where the
payload is sent to the victim and running the payload file in the victims system.
Figure 21: HTML sever code
Figure 22: HTML webpage displaying in the victim's system
CC6003NI Digital Crime Investigation
20
Sagar Bhandari || 17030809
Figure 23: Victim downloaded the Trojan file as Avast Antivirus
Figure 24: Victim running the program
20
Sagar Bhandari || 17030809
Figure 23: Victim downloaded the Trojan file as Avast Antivirus
Figure 24: Victim running the program
1 out of 24
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.