This tutorial will include the understanding concept of
Trojan, Dangers created by Trojans, how they can come to your computer, how do
they destroy you and your data. How many types of Trojans are there, how
Trojans are attached behind other applications and finally the most important,
Detection of Trojan on your computer and their prevention to safeguard your
system and your data.
Knowing
the Trojan
A Trojan is a malicious program misguided as some very
important application. Trojans comes on the backs of other programs and are
installed on a system without the User’s knowledge. Trojans are malicious
pieces of code used to install
hacking software on a target system and aid the Hacker in
gaining and retaining access to that system. Trojans and their counterparts are
important pieces of the Hacker’s tool-kit.
Trojans is a program that appears to perform a desirable
and necessary function but that, because of hidden and unauthorized code,
performs functions unknown and unwanted by the user. These downloads are fake
programs which seems to be a original application, it may be a software like
monitoring program, system virus scanners, registry cleaners, computer system
optimizers, or they may be applications like songs, pictures, screen savers,
videos, etc..
· You just need to execute that software or
application, you will find the application running or you might get an error,
but once executed the Trojan will install itself in the system automatically.
· Once installed on a system, the program
then has system-level access on the target system, where it can be destructive
and insidious. They can cause data theft and loss, and system crashes or
slowdowns; they can also be used as launching points for other attacks against
your system.
· Many Trojans are used to manipulate files
on the victim computer, manage processes, remotely run commands, intercept
keystrokes, watch screen images, and restart or shut down infected hosts.
w
w . h a c k i n g t e c h . c o . t v
Page
43
· You just need to execute that
software or application, you will find the application running or you might get
an error, but once executed the Trojan will install itself in the system
automatically.
· Once installed on a system,
the program then has system-level access on the target system, where it can be
destructive and insidious. They can cause data theft and loss, and system
crashes or slowdowns; they can also be used as launching points for other
attacks against your system.
· Many Trojans are used to
manipulate files on the victim computer, manage processes, remotely run
commands, intercept keystrokes, watch screen images, and restart or shut down
infected hosts.
Different
Types of Trojans
1.
Remote
Administration Trojans: There are Remote Access Trojans which are used to
control the Victim’s computer remotely.
2.
Data
Stealing Trojans: Then there are Data Sending Trojans which compromised the
data in the Victim’s computer, then find the data on the computer and send it
to the attacker automatically.
3.
Security
Disabler Trojan: There are Security software disablers Trojans which are used to stop antivirus software
running in the Victim’s computer. In most of the cases the Trojan comes as a
Remote Administration Tools which turns the Victim’s computer into a server which
can controlled remotely. Once the Remote Access Trojan is installed in the
system, the attacker can connect to that computer and can control it.
Page
43Mode of Transmission for Trojan
Reverse
Connection in Trojans
Reverse-connecting Trojans let an attacker access a
machine on the internal network from the outside. The Hacker can install a
simple Trojan program on a system on the internal network. On a regular basis
(usually every 60 seconds), the
internal server tries to access the external master system
to pick up commands. If the attacker has typed something into the master
system, this command is retrieved and executed on the internal system. Reverse
WWW shell uses standard
HTTP. It’s dangerous because it’s difficult to detect - it
looks like a client is browsing the Web from the internal network
Now the final part ….
Detection
and Removal of Trojans
The unusual behavior of system is usually an indication of
a Trojan attack. Actions/symptoms such as,
• Programs starting and running without the User’s
initiation.
• CD-ROM drawers Opening or Closing.
• Wallpaper, background, or screen saver settings
changing by themselves.
• Screen display flipping upside down.
• Browser program opening strange or unexpected websites
All above are indications of a Trojan attack. Any action
that is suspicious or not initiated by the user can be an indication of a
Trojan attack.
One thing which you can do is to check the applications
which are making network connections with other computers.
One of those applications will be a process started by the
Server Trojan.
You also can use the software named process explorer which monitors
the processes executed on the computer with its original name and the file
name. As there are some Trojans who themselves change their name as per the
system process which runs on the computer and you cannot differentiate between
the Trojan and the original system process in the task manager processes tab,
so you need PROCESS EXPLORER.
Countermeasures for Trojan attacks
Most commercial antivirus programs have Anti-Trojan capabilities as
well as spy ware detection and removal functionality. These tools can
automatically scan hard drives on startup to detect backdoor and Trojan
programs before they can cause damage. Once a system is infected, it’s more
difficult to clean, but you can do so with commercially available tools. It’s
important to use commercial applications to clean a system instead of freeware
tools, because many freeware removal tools can further infect the system. In
addition, port monitoring tools can identify ports that have been opened or
files that have changed.
The key to preventing Trojans and backdoors from being installed on a
system is to not to install applications downloaded from the Internet or open
Email attachments from parties you don’t know. Many systems administrators
don’t give users the system permissions necessary to install programs on system
for the very same reason.
