Malware spreading over LAN?

[Karpz]

How would I be able to spread trojans for example over LAN?


If for example I'm on a network with a lot of users, and I spread using LAN, could I infect all of those people? Like the sasser worm.

[kenjoe41]

That is simple. Only complication is that you will have to be careful that it doesn't escape your network and spread to the outer world. Trust me, there have been alot of case where people have lost jobs or gone to prison by accidentally letting malware in the wild yet they intended to run it local or on the LAN.

If you are  developer then putting a check for a local LAN address would be easy and simple. If you are looking for an already made thing, i pity you and i wouldn't advie you to do it but still you can try out from alot of resources online.
Goodluck running something you don't know how it works.

[Karpz]

That is simple. Only complication is that you will have to be careful that it doesn't escape your network and spread to the outer world. Trust me, there have been alot of case where people have lost jobs or gone to prison by accidentally letting malware in the wild yet they intended to run it local or on the LAN.

If you are  developer then putting a check for a local LAN address would be easy and simple. If you are looking for an already made thing, i pity you and i wouldn't advie you to do it but still you can try out from alot of resources online.
Goodluck running something you don't know how it works.

Wouldn't bypassing the firewalls hard?

[TETYYS]

Sasser was using an exploit. If you call malware spreading over LAN putting its EXE in shared LAN folder then I have bad news for you. If you're talking about speading malware to completely raw linux/windows computers, it is nearly impossible. If not, exploitiing other software which is listening on some port is not very much of LAN malware spread.

[Karpz]

Sasser was using an exploit. If you call malware spreading over LAN putting its EXE in shared LAN folder then I have bad news for you. If you're talking about speading malware to completely raw linux/windows computers, it is nearly impossible. If not, exploitiing other software which is listening on some port is not very much of LAN malware spread.

How about using the DHCP bug, that let's you auto execute on computers on the network?

[th31nitiate]

How about using the DHCP bug, that let's you auto execute on computers on the network?

dude what DHCP bug are you talking about sounds interesting...


Personally I would use some form of network layer exploitation in order to carry this out, because the requirements for all PCs on the LAN to have the same vulnerability such as a exploitable service running on them is very slim and also the software environment that each PC may prevent your exploit executing the shell code/malware


So there is this cool tool called evil grade(look it up), its a bad boy tool , if you manage to this up using some form of ARP cache poising before morning time(by this I mean time when people come in and start using the system), When people put on the systems and software goes to look for update you can catch them there and get evil grade to serve them your malware


If that's not possible then some social engineering will do the trick, like arp cache viticms and put some java script or php that detects the browser and tells them to download the security update for that specific browser in order to continue to the internet


HOpe it helps bro




(I know i smile alot and i cant spell )

[TETYYS]

How about using the DHCP bug, that let's you auto execute on computers on the network?

Well, exploit - is a bug that can be used somehow.

[cyberdrifter]

How would I be able to spread trojans for example over LAN?


If for example I'm on a network with a lot of users, and I spread using LAN, could I infect all of those people? Like the sasser worm.

You're confusing Trojans with Worms... They are both malware. But only one of them has the primary purpose of reproducing themselves without user interaction (over networks)

[Karpz]

You're confusing Trojans with Worms... They are both malware. But only one of them has the primary purpose of reproducing themselves without user interaction (over networks)

I mean to have a Trojan execute with the worm

[cyberdrifter]

I mean to have a Trojan execute with the worm

You're still confused

A Trojan is simply a malicious program masked as a non-malicious program. Named after the "trojan horse" of greek mythology (something that looks like a gift, which actually has malicious intent) Their purpose is to carry a dangerous payload while looking innocent.

A worm is (generally) a network aware malware. It's purpose is to propagate over and over (including over networks) without user interaction.

Read here:
http://www.acunetix.com/blog/articles/remote-access-trojans-rats/


by-the-way a Remote Access Trojan (RAT) is a type of trojan with a payload that installs a remote access program AKA a backdoor.

[Cobia]

If you're lucky enough to find a 0-day for a popular OS you can just set it to scan your LAN for vulnerable systems and then replicate.

Being inside the LAN gives you a lot of options. Bruteforcing local computers, having a list of specific exploits to hit open ports with, and phishing attacks.

Think everything in Metasploit, BeEF and the Wifi Pineapple.
(Not everything LOL, but u get the idea)

Please do share this DHCP bug though! Sounds cool