Trojan - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

Trojan

Description:

All are available for immediate downloading typically with a 30 day free trial... hand-holding, you can find trojan/virus removal help on IRC itself, such as ... – PowerPoint PPT presentation

Number of Views:309
Avg rating:3.0/5.0
Slides: 30
Provided by: sirvi4
Category:

less

Transcript and Presenter's Notes

Title: Trojan


1
Trojan

2
History
  • Trojan comes from Greek mythology, in which the
    Greeks battled the Trojans (people of Troy).
    After years of being unable to break into the
    fortified city, the Greeks built a wooden horse,
    filled it with soldiers and pretended to sail
    away. After the Trojans brought the horse into
    the city, the Greek soldiers crept out at night,
    opened the gates of Troy to the returning
    soldiers, and Troy was destroyed

3
History
  • The Greek Siege of Troy had lasted for ten years.
    The Greeks devised a new ruse a giant hollow
    wooden horse. It was built by Epeius and filled
    with Greek warriors led by Odeyssious. The rest
    of the Greek army appeared to leave, but actually
    hid behind Tenedos. Meanwhile, a Greek spy,
    Sigon, convinced the Trojans the horse was a gift
    despite the warnings of Laocoon and Cassandra
    Helen and Deiphobus even investigated the horse
    in the end, the Trojans accepted the gift. In
    ancient times it was customary for a defeated
    general to surrender his horse to the victorious
    general in a sign of respect. It should be noted
    here that the horse was the sacred animal of
    Poseidon during the contest with Athena over the
    patronship of Athens, Poseidon gave men the
    horse, and Athena gave the Olive Tree

4
History
  • The Trojans hugely celebrated the end
  • of the siege, so that, when the Greeks
  • emerged from the horse, the city was
  • in a drunken stupor. The Greek warriors
  • opened the city gates to allow the rest
  • of the army to enter, and the city was
  • pillaged ruthlessly, all the men were
  • killed, and all the women and children
  • were taken into slavery.

5
What Is Trojan ?!
  • A destructive Program that masquerades as a
    benign Application. Unlike Viruses, Trojan horses
    do not replicate themselves but they can be just
    as destructive. One of the most insidious types
    of Trojan horse is a program that claims to rid
    your computer of viruses but instead introduces
    viruses onto your computer

6
What Is Trojan ?!
  • A program that appears legitimate, but performs
    some illicit activity when it is run. It may be
    used to locate password information or make the
    system more vulnerable to future entry or simply
    destroy programs or data on the hard disk. A
    Trojan is similar to a virus, except that it does
    not replicate itself. It stays in the computer
    doing its damage or allowing somebody from a
    remote site to take control of the computer.
    Trojans often sneak in attached to a free game or
    other utility

7
What Is Trojan ?!
  • In the context of Computer Software, a Trojan
    horse is a malicious program that is disguised as
    or embedded within legitimate software. The term
    is derived from the classical myth of the Trojan
    Horse. They may look useful or interesting (or at
    the very least harmless) to an unsuspecting user,
    but are actually harmful when executed.

8
Diffrences Between Trojan ,Virus Worm
  • The most common blunder people make when the
    topic of a computer virus arises is to refer to a
    Worm or Trojan Horse as a Virus. While the words
    Trojan, worm and virus are often used
    interchangeably, they are not the same. Viruses,
    worms and Trojan Horses are all malicious
    Programs that can cause damage to your Computer,
    but there are differences among the three, and
    knowing those differences can help you to better
    protect your computer from their often damaging
    effects

9
Diffrences Between Trojan ,Virus Worm
  • A computer virus attaches itself to a program or
    file so it can spread from one computer to
    another, leaving infections as it travels. Much
    like human viruses, computer viruses can range in
    severity Some viruses cause only mildly annoying
    effects while others can damage your Hardware,
    Software or Files. Almost all viruses are
    attached to an Executable Files, which means the
    virus may exist on your computer but it cannot
    infect your computer unless you run or open the
    malicious program. It is important to note that a
    virus cannot be spread without a human action,
    (such as running an infected program) to keep it
    going.  People continue the spread of a computer
    virus, mostly unknowingly, by sharing infecting
    files or sending E-mail with viruses as
    attachments in the e-mail.

10
Diffrences Between Trojan ,Virus Worm
  • A worm is similar to a virus by its design, and
    is considered to be a sub-class of a virus. Worms
    spread from computer to computer, but unlike a
    virus, it has the capability to travel without
    any help from a person. A worm takes advantage of
    file or information transport features on your
    system, which allows it to travel unaided. The
    biggest danger with a worm is its capability to
    replicate itself on your system, so rather than
    your computer sending out a single worm, it could
    send out hundreds or thousands of copies of
    itself, creating a huge devastating effect. One
    example would be for a worm to send a copy of
    itself to everyone listed in your e-mail address
    book. Then, the worm replicates and sends itself
    out to everyone listed in each of the receiver's
    address book, and the manifest continues on down
    the line. Due to the copying nature of a worm and
    its capability to travel across networks the end
    result in most cases is that the worm consumes
    too much System Memory (or Network bandwidth),
    causing Web Servers, network servers and
    individual computers to stop responding. In more
    recent worm attacks such as the much-talked-about
    .Blaster Worm., the worm has been designed to
    tunnel into your system and allow malicious users
    to control your computer remotely.

11
Differences Between Trojan ,Virus Worm
  • A Trojan Horse is full of as much trickery as the
    mythological Trojan Horse it was named after. The
    Trojan Horse, at first glance will appear to be
    useful software but will actually do damage once
    installed or run on your computer.  Those on the
    receiving end of a Trojan Horse are usually
    tricked into opening them because they appear to
    be receiving legitimate software or files from a
    legitimate source.  When a Trojan is activated on
    your computer, the results can vary. Some Trojans
    are designed to be more annoying than malicious
    (like changing your desktop, adding silly active
    desktop icons) or they can cause serious damage
    by deleting files and destroying information on
    your system. Trojans are also known to create a
    Backdoor on your computer that gives malicious
    users access to your system, possibly allowing
    confidential or personal information to be
    compromised. Unlike viruses and worms, Trojans do
    not reproduce by infecting other files nor do
    they self-replicate.

12
Blended threat
  • Added into the mix, we also have what is called a
    blended threat. A blended threat is a
    sophisticated attack that bundles some of the
    worst aspects of viruses, worms, Trojan horses
    and malicious code into one threat. Blended
    threats use server and Internet vulnerabilities
    to initiate, transmit and spread an attack. This
    combination of method and techniques means
    blended threats can spread quickly and cause
    widespread damage. Characteristics of blended
    threats include causes harm, propagates by
    multiple methods, attacks from multiple points
    and exploits vulnerabilities.

13
How do I avoid getting infected in the future ?!
  • NEVER download blindly from people or sites which
    you aren't 100 sure about. In other words, as
    the old saying goes, don't accept candy from
    strangers. If you do a lot of file downloading,
    it's often just a matter of time before you fall
    victim to a trojan.
  • Even if the file comes from a friend, you still
    must be sure what the file is before opening it,
    because many trojans will automatically try to
    spread themselves to friends in an email address
    book or on an IRC channel. There is seldom reason
    for a friend to send you a file that you didn't
    ask for. When in doubt, ask them first, and scan
    the attachment with a fully updated anti-virus
    program.
  • Beware of hidden file extensions! Windows by
    default hides the last extension of a file, so
    that innocuous-looking "susie.jpg" might really
    be "susie.jpg.exe" - an executable trojan! To
    reduce the chances of being tricked, unhide those
    pesky extensions.

14
How do I avoid getting infected in the future ?!
  • NEVER use features in your programs that
    automatically get or preview files. Those
    features may seem convenient, but they let
    anybody send you anything which is extremely
    reckless. For example, never turn on "auto DCC
    get" in mIRC, instead ALWAYS screen every single
    file you get manually. Likewise, disable the
    preview mode in Outlook and other email programs.
  • Never blindly type that others tell you to type,
    or go to web addresses mentioned by strangers, or
    run pre-fabricated programs or scripts (not even
    popular ones). If you do so, you are potentially
    trusting a stranger with control over your
    computer, which can lead to trojan infection or
    other serious harm.
  • Don't be lulled into a false sense of security
    just because you run anti-virus programs. Those
    do not protect perfectly against many viruses and
    trojans, even when fully up to date. Anti-virus
    programs should not be your front line of
    security, but instead they serve as a backup in
    case something sneaks onto your computer.
  • Finally, don't download an executable program
    just to "check it out" - if it's a trojan, the
    first time you run it, you're already infected!

15
Types of Trojan horse payloads
  • Trojan horse payloads are almost always designed
    to do various harmful things, but could be
    harmless. They are broken down in classification
    based on how they breach systems and the damage
    they cause. The seven main types of Trojan horse
    payloads are

16
Types of Trojan horse payloads
  • Remote Access Trojans
  • Data Sending Trojans
  • Destructive Trojans
  • Proxy Trojans
  • FTP Trojans
  • security software disabler Trojans
  • denial-of-service attack (DoS) Trojans

17
Remote Access Trojan
  • Abbreviated as RATs, a Remote Access Trojan is
    one of seven major types of Trojan Horse designed
    to provide the attacker with complete control of
    the victim's system. Attackers usually hide these
    Trojan horses in games and other small programs
    that unsuspecting users then execute on their
    PCs.

18
Data Sending Trojan
  • A type of a Trojan horses that is designed to
    provide the attacker with sensitive data such as
    passwords, credit card information, log files,
    e-mail address or IM contact lists. These Trojans
    can look for specific pre-defined data (e.g.,
    just credit card information or passwords), or
    they could install a keylogger and send all
    recorded keystrokes back to the attacker.

19
Destructive Trojan
  • A type of Trojan horse designed to destroy and
    delete files, and is more like a virus than any
    other Trojan. It can often go undetected by
    antivirus software.

20
Proxy Trojan
  • A type of Trojan horse designed to use the
    victim's computer as a proxy server. This gives
    the attacker the opportunity to do everything
    from your computer, including the possibility of
    conducting credit card fraud and other illegal
    activities, or even to use your system to launch
    malicious
  • attacks against other networks .

21
FTP Trojan
  • A type of Trojan horse designed to open port 21
    (the port for FTP transfer) and lets the attacker
    connect to your computer using File Transfer
    Protocol (FTP).

22
Security software disabler Trojan
  • A type of Trojan horse designed stop or kill
    security programs such as an antivirus program or
    firewall without the user knowing. This Trojan
    type is normally combined with another type of
    Trojan as a payload.

23
D o S attack
  • Short for denial-of-service attack, a type of
    attack on a network that is designed to bring the
    network to its knees by flooding it with useless
    traffic. Many DoS attacks, such as the Ping of
    Death and Teardrop attacks, exploit limitations
    in the TCP/IP protocols. For all known DoS
    attacks, there are software fixes that system
    administrators can install to limit the damage
    caused by the attacks. But, like viruses, new DoS
    attacks are constantly being dreamed up by
    hackers.

24
How do I get rid of trojans?!
  • Clean Re-installation Although arduous, this
    will always be the only sure way to eradicate a
    trojan or virus. Back up your entire hard disk,
    reformat the disk, re-install the operating
    system and all your applications from original
    CDs, and finally, if you're certain they are not
    infected, restore your user files from the
    backup. If you are not up to the task, you can
    pay for a professional repair service to do it.
  • Anti-Virus Software Some of these can handle
    most of the well known trojans, but none are
    perfect, no matter what their advertising claims.
    You absolutely MUST make sure you have the very
    latest update files for your programs, or else
    they will miss the latest trojans. Compared to
    traditional viruses, today's trojans evolve much
    quicker and come in many seemingly innocuous
    forms, so anti-virus software is always going to
    be playing catch up. Also, if they fail to find
    every trojan, anti-virus software can give you a
    false sense of security, such that you go about
    your business not realizing that you are still
    dangerously compromised. There are many products
    to choose from, but the following are generally
    effective AVP, PC-cillin, and McAfee VirusScan.
    All are available for immediate downloading
    typically with a 30 day free trial

25
How do I get rid of trojans?!
  • Anti-Trojan Programs These programs are the most
    effective against trojan horse attacks, because
    they specialize in trojans instead of general
    viruses. A popular choice is The Cleaner, 30
    commercial software with a 30 day free trial.
    When you are done, make sure you've updated
    Windows with all security patches ext. link,
    then change all your passwords because they may
    have been seen by every "hacker" in the world.
  • IRC Help Channels If you're the type that needs
    some hand-holding, you can find trojan/virus
    removal help on IRC itself, such as EFnet
    dmsetup or DALnet NoHack. These experts will
    try to figure out which trojan(s) you have and
    offer you advice on how to fix it.

26
Back Orifice
  • A program that installs itself on a Windows
    machine as a server, allowing a cracker
  • with the client counterpart to
  • manipulate the machine more
  • completely than the user at the
  • keyboard. It can come in the
  • form of a Trojan or ActiveX control
  • . Back Orifice 2000 (BO2K) provides
  • access to Windows NT/2000 machines.
  • Back Orifice was created by
  • "The Cult of the Dead Cow" (cDc),
  • a hacker organization (www.cultdeadcow.com).
  • There are various "BO removers," which are
  • programs that detect and remove it

27
Sub7
  • Sub7, or SubSeven, is the name of a popular
    trojan or backdoor program. It is mainly used by
    script kiddies for causing mischief, such as
    hiding the computer cursor, changing system
    settings or loading up pornographic websites.
    However, it can also be used for more serious
    criminal applications, such as stealing credit
    card details with a keystroke logger.
  • Sub7 is usually stopped by antivirus
  • software and a firewall, and with
  • popular operating systems providing
  • these features built in, it may become
  • less of a computer security problem.
  • However if an EXE packer is in use, it
  • may pass through antivirus software

28
Sub7
  • It was originally designed by mobman, whose
    whereabouts are currently unknown. He is rumored
    to either have deceased or have become
    uninterested in continuing the project. Some
    claim to have spoken with him and maintain that
    he is not dead. At any rate, no development has
    occurred in several years. The website was not
    updated in several years (last time in April
    2004), until there suddenly appeared a news
    message on April 6, 2006. The news was not by
    mobman himself, but by someone who goes under the
    name LaT.
  • Like other backdoor programs, Sub7 is distributed
    with a server and a client. The server is the
    program that victims must be enticed to run in
    order to infect their machines, and the client is
    the program with a GUI that the hacker runs on
    his own machine to control the server. Sub7
    allows crackers to set a password on the server,
    theoretically so that once a machine is owned, no
    other crackers can take control of it.

29
Thank You
Write a Comment
User Comments (0)
About PowerShow.com