Description
The Fun/Troll functions in malware serve as a form of digital mischief, allowing attackers to toy with their victims by triggering a variety of benign but disruptive actions. These can range from opening and closing the CD-ROM drive, hiding the desktop icons, to disabling the start button or menu. More aggressive actions might include freezing the mouse cursor or turning the screen black. While these functions may seem playful or harmless at first glance, they often serve a dual purpose. First, they can distract the user or IT department, causing them to waste time on resolving seemingly trivial issues while the malware carries out its primary malicious activities undetected. Second, these actions can act as a smoke screen, generating a flurry of confusing system logs that make it more challenging to trace the malware's true activities. In this way, what appears to be 'trolling' can actually be a tactical maneuver within a broader attack strategy.
| Categories | Alteration, Disruption |
| Dangerousness | Low |
Existing Techniques
| Name | Associated Feature(s) | Has Snippet | Matching Sample |
|---|---|---|---|
 Clipboard Disabling
|
Clipboard Manager, Fun / Troll Functions | 0 | |
 Control CD/DVD Tray
|
Fun / Troll Functions | 10 |
NetBus 1.70
SubSeven 1.0
SubSeven 1.1
SubSeven 1.2
Coma 1.0.9
SubSeven 1.3
SubSeven 1.4
SubSeven 1.5
SubSeven 1.6
SubSeven 1.7
SubSeven 1.8
SubSeven 1.9
Back Orifice 2000 (BO2K) 1.0
Vampire 1.2
SubSeven 1.9 Apocalypse
SubSeven 2.0
SchoolBus 2.0
SubSeven 2.1
Hack a Tack 2000
SubSeven 2.1.1 GOLD edition
SubSeven 2.1.2 M.U.I.E
Y3K rat 1.0
SubSeven 2.1.3 BONUS
SubSeven 2.1.4 DEFCON 8
Y3K rat 1.5
SubSeven 2.2
Y3K rat 1.6 MS
Optix Pro 1.0
Net-Devil 1.5
Ghost 2.4
Beast 1.7
Beast 1.8
MoSucker 3.0b
Beast 1.90
Turkojan 1.0
Beast 1.91
Beast 1.92
SubSeven 2.1.5 Legends
CIA 1.0
CIA 1.1
Beast 2.00
Beast 2.01
LanFiltrator 1.1 Fix 1
Optix Pro 1.32
CIA 1.2
Beast 2.05
Beast 2.02
ProRat 1.1
Hue 1.0
ProRat 1.2