• Breaking News

    Best blog to find latest news about technology, business, entertainment, politics, and many more

    Free File Hosting Service»

    Tuesday 30 December 2008

    Trojan horse, Friend or Enemy

    In the context of computing and software, a Trojan horse, also known as a trojan, is malware that appears to perform a desirable function but in fact performs undisclosed malicious functions. Therefore, a computer worm or virus may be a Trojan horse.

    Trojan horse payloads are almost always designed to cause harm, but can also be harmless. They are classified based on how they breach and damage systems. The six main types of Trojan horse payloads are:
    1. Remote Access
    2. Data Destruction
    3. Downloader
    4. Server Trojan(Proxy, FTP , IRC, Email, HTTP/HTTPS, etc.)
    5. Security software disabler
    6. Denial-of-service attack (DoS)
    Some examples of damage are:
    1. Erasing or overwriting data on a computer
    2. Re-installing itself after being disabled
    3. Encrypting files in a cryptoviral extortion attack
    4. Corrupting files in a subtle way
    5. Upload and download of files
    6. Copying fake links, which lead to false websites, chats, or other account based websites, showing any local account name on the computer falsely engaging in untrue context
    7. Falsifying records of downloading software, movies, or games from websites never visited by the victim.
    8. Allowing remote access to the victim's computer. This is called a RAT (remote access Trojan)
    9. Spreading other malware, such as viruses (this type of trojan horse is called a 'dropper' or 'vector')
    10. Setting up networks of zombie computers in order to launch DDoS attacks or send spam.
    11. Spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware)
    12. Making screenshots
    13. Logging keystrokes to steal information such as passwords and credit card numbers
    14. Phishing for bank or other account details, which can be used for criminal activities
    15. Installing a backdoor on a computer system
    16. Opening and closing CD-ROM tray
    17. Playing sounds, videos or displaying images
    18. Calling using the modem to expensive numbers, thus causing massive phone bills
    19. Harvesting e-mail addresses and using them for spam
    20. Restarting the computer whenever the infected program is started
    21. Deactivating or interfering with anti-virus and firewall programs
    22. Deactivating or interfering with other competing forms of malware.
    23. Randomly shutting off the computer
    24. Installing a virus
    25. slowing down your computer
    26. displaying pornographic sites
    Since Trojan horses have a variety of forms, there is no single method to delete them. The simplest responses involve clearing the temporary internet files file and deleting it manually. Normally, anti-virus software is able to detect and remove the trojan automatically. If the antivirus cannot find it, booting the computer from alternate media(cd) may allow an antivirus program to find a trojan and delete it. Updated anti-spyware programs are also efficient against this threat.

    Trojans usually consist of two parts, a Client and a Server. The server is run on the victim's machine and listens for connections from a Client used by the attacker.When the server is run on a machine it will listen on a specific port or multiple ports for connections from a Client. In order for an attacker to connect to the server they must have the IP Address of the computer where the server is being run. Some trojans have the IP Address of the computer they are running on sent to the attacker via email or another form of communication. Once a connection is made to the server, the client can then send commands to the server; the server will then execute these commands on the victim's machine.

    Today, with NAT infrastructure being common, most computers cannot be reached by their external IP address. Therefore many trojans now connect to the computer of the attacker, which has been set up to take the connections, instead of the attacker connecting to the victim. This is called a 'reverse-connect' trojan. Many trojans nowadays also bypass many personal firewall installed on the victims computer.

    No comments:

    Post a Comment

    Fashion

    Beauty

    Travel