You would have probably heard that never run a .exe file if you are not  confirmed about the authenticity of the person who send you that  particular file, The reason why you might have heard that because Trojans, Keyloggers, Spywares and Adwares use .exe format by default
So what do you think are you completely safe that you run untrusted MP3,JPEG files?
The answer is no, Its because you never know that virus has came with  which format, It can take any format, It could be in JPEG, It could be  in MP3 and it could be in almost any Format, So in this article I will  tell you how hackers hide Keyloggers,Trojans and other harmful viruses  in other files
 What is a Binder?
 A Binder is a software used to  bind or combine to or more files under one name and extension, The files  to be binded can have any extension or icon, Its all up to you and you  have the choice to select the name, icon and various attributes of  binded file, The Binded files can be even worse when they are crypted,  because Bintext would not be able to find it and at the same time  it could also bypass antivirus detection then you are almost guaranteed  to be infected
Popular Binders
Here are some of the popular binders used by hackers to hide keyloggers and Trojans:
Simple Binder
Simple binder is one of my favorite binders of all time, I give thumbs up to the maker "Nathan", Its so easy to use and even a script kiddie can easily use it to bind keylogger or backdoors with other files
Weekend Binder
Weekend Binder can be used to bind two or more files under one extension and icon, If the binded file contains an application, the application also runs along with the actual binded files .
How to detect Crypted Binded files?
As I told you before that if a trojan or keylogger is binded with a file  and it's crypted in order to bypass antivirus detection then its very  difficult to detect it, However there is a great piece of software called resource hacker which is really effective when it comes to keylogger protection, It detects whether the file is binded or not.




 
No comments:
Post a Comment