Fun / Troll Functions Feature

Description

The Fun/Troll functions in malware serve as a form of digital mischief, allowing attackers to toy with their victims by triggering a variety of benign but disruptive actions. These can range from opening and closing the CD-ROM drive, hiding the desktop icons, to disabling the start button or menu. More aggressive actions might include freezing the mouse cursor or turning the screen black. While these functions may seem playful or harmless at first glance, they often serve a dual purpose. First, they can distract the user or IT department, causing them to waste time on resolving seemingly trivial issues while the malware carries out its primary malicious activities undetected. Second, these actions can act as a smoke screen, generating a flurry of confusing system logs that make it more challenging to trace the malware's true activities. In this way, what appears to be 'trolling' can actually be a tactical maneuver within a broader attack strategy.

Categories	Disruption, Alteration
Dangerousness	Low

Existing Techniques

Name	Associated Feature(s)	Has Snippet	Matching Sample
Clipboard Disabling	Clipboard Manager, Fun / Troll Functions		0
Control CD/DVD Tray	Fun / Troll Functions		10

Associated with Releases

Version	Origins	Authors	Languages	Release Date
ProRat 1.3	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Feb, 2004
Nuclear RAT 1.0 Beta 5	Brazil 🇧🇷	caesar2k	Delphi	Feb, 2004
Beast 2.06	Romania 🇷🇴	Tataye	Delphi	Feb, 2004
ProRat 1.4	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Feb, 2004
LanFiltrator 1.5 Beta III	Australia 🇦🇺	Read101	Delphi	Feb, 2004
ProRat 1.6	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Mar, 2004
ProRat 1.8	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Mar, 2004
Infector NG 2004 2.1.0	Belgium 🇧🇪, United Kingdom 🇬🇧	fc , Infiltration	Delphi	May, 2004
Optix Pro 1.33	Unknown 🏴‍☠️	s13az3	Delphi	Aug, 2004
Beast 2.07	Romania 🇷🇴	Tataye	Delphi	Aug, 2004
CIA 1.3	England 🏴󠁧󠁢󠁥󠁮󠁧󠁿	Alchemist	Visual Basic 6 (VB6)	Dec, 2004
ProRat 1.9	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Mar, 2005
Y3K rat 2k5 RC 1.0	Austria 🇦🇹	SHA	Delphi	Jun, 2005
DARKMOON 4.11 / 4.11 Private Edition	Spain 🇪🇸	shukisnike	Delphi	Jun, 2005
Turkojan 3.0	Turkey 🇹🇷	Fungus	Delphi	Sep, 2006
Hav-Rat 1.2	Sweden 🇸🇪	Havalito	Delphi	Feb, 2007
Bandook 1.35	Lebanon 🇱🇧	PrinceAli	Delphi, C++	Apr, 2007
Nuclear RAT 2.1.0	Brazil 🇧🇷	caesar2k	Delphi	Sep, 2007
Turkojan 4	Turkey 🇹🇷	FµNGµ§	Delphi	Feb, 2008
Turkojan 4.0	Turkey 🇹🇷	Fungus	Delphi	Mar, 2008
SynRAT 2.1	France 🇫🇷	DarkCoderSc	Delphi	Oct, 2008
Lost Door 3.0 Stable	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Mar, 2009
SynRAT 4.0.1	France 🇫🇷	DarkCoderSc	Delphi	May, 2009
PrjRAPTOR 1.8	United States 🇺🇸	Ryan.M	Visual Basic 6 (VB6)	Jul, 2009
Cerberus 1.0 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Aug, 2009
Cerberus 1.01 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Aug, 2009
Cerberus 1.02 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Aug, 2009
Cerberus 1.03.4	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Sep, 2009
Spy-Net 2.6	Brazil 🇧🇷	Raphael	Delphi	Oct, 2009
DarkComet RAT 1.3	France 🇫🇷	DarkCoderSc		Nov, 2009
Cerberus 1.03.5 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Dec, 2009
DarkComet RAT 2.0 RC4	France 🇫🇷	DarkCoderSc	Delphi	Mar, 2010
CyberGate 1.04.8	United States 🇺🇸	johnyk	Delphi	Apr, 2010
Lost Door 4.3.1	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Apr, 2010
DarkComet RAT 2.0 RC7	France 🇫🇷	DarkCoderSc	Assembly, Delphi	Jun, 2010
Lost Door 5.1	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Oct, 2010
Coolvibes 1 Update 8	Spain 🇪🇸	Thor	Delphi	May, 2011
Xtreme RAT 2.9	Brazil 🇧🇷	Raphael	Delphi	Jul, 2011
DarkComet RAT 5.3	France 🇫🇷	DarkCoderSc	Assembly, Delphi	Jun, 2012
DarkComet RAT 5.3.1	France 🇫🇷	DarkCoderSc	Assembly, Delphi	Jun, 2012
Lost Door 9.2 Aws	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Jan, 2022