Title: Trojan
1 Trojan
2History
- Trojan comes from Greek mythology, in which the
Greeks battled the Trojans (people of Troy).
After years of being unable to break into the
fortified city, the Greeks built a wooden horse,
filled it with soldiers and pretended to sail
away. After the Trojans brought the horse into
the city, the Greek soldiers crept out at night,
opened the gates of Troy to the returning
soldiers, and Troy was destroyed
3History
- The Greek Siege of Troy had lasted for ten years.
The Greeks devised a new ruse a giant hollow
wooden horse. It was built by Epeius and filled
with Greek warriors led by Odeyssious. The rest
of the Greek army appeared to leave, but actually
hid behind Tenedos. Meanwhile, a Greek spy,
Sigon, convinced the Trojans the horse was a gift
despite the warnings of Laocoon and Cassandra
Helen and Deiphobus even investigated the horse
in the end, the Trojans accepted the gift. In
ancient times it was customary for a defeated
general to surrender his horse to the victorious
general in a sign of respect. It should be noted
here that the horse was the sacred animal of
Poseidon during the contest with Athena over the
patronship of Athens, Poseidon gave men the
horse, and Athena gave the Olive Tree
4History
- The Trojans hugely celebrated the end
- of the siege, so that, when the Greeks
- emerged from the horse, the city was
- in a drunken stupor. The Greek warriors
- opened the city gates to allow the rest
- of the army to enter, and the city was
- pillaged ruthlessly, all the men were
- killed, and all the women and children
- were taken into slavery.
5What Is Trojan ?!
- A destructive Program that masquerades as a
benign Application. Unlike Viruses, Trojan horses
do not replicate themselves but they can be just
as destructive. One of the most insidious types
of Trojan horse is a program that claims to rid
your computer of viruses but instead introduces
viruses onto your computer
6What Is Trojan ?!
- A program that appears legitimate, but performs
some illicit activity when it is run. It may be
used to locate password information or make the
system more vulnerable to future entry or simply
destroy programs or data on the hard disk. A
Trojan is similar to a virus, except that it does
not replicate itself. It stays in the computer
doing its damage or allowing somebody from a
remote site to take control of the computer.
Trojans often sneak in attached to a free game or
other utility
7What Is Trojan ?!
- In the context of Computer Software, a Trojan
horse is a malicious program that is disguised as
or embedded within legitimate software. The term
is derived from the classical myth of the Trojan
Horse. They may look useful or interesting (or at
the very least harmless) to an unsuspecting user,
but are actually harmful when executed.
8Diffrences Between Trojan ,Virus Worm
- The most common blunder people make when the
topic of a computer virus arises is to refer to a
Worm or Trojan Horse as a Virus. While the words
Trojan, worm and virus are often used
interchangeably, they are not the same. Viruses,
worms and Trojan Horses are all malicious
Programs that can cause damage to your Computer,
but there are differences among the three, and
knowing those differences can help you to better
protect your computer from their often damaging
effects
9Diffrences Between Trojan ,Virus Worm
- A computer virus attaches itself to a program or
file so it can spread from one computer to
another, leaving infections as it travels. Much
like human viruses, computer viruses can range in
severity Some viruses cause only mildly annoying
effects while others can damage your Hardware,
Software or Files. Almost all viruses are
attached to an Executable Files, which means the
virus may exist on your computer but it cannot
infect your computer unless you run or open the
malicious program. It is important to note that a
virus cannot be spread without a human action,
(such as running an infected program) to keep it
going. People continue the spread of a computer
virus, mostly unknowingly, by sharing infecting
files or sending E-mail with viruses as
attachments in the e-mail.
10Diffrences Between Trojan ,Virus Worm
- A worm is similar to a virus by its design, and
is considered to be a sub-class of a virus. Worms
spread from computer to computer, but unlike a
virus, it has the capability to travel without
any help from a person. A worm takes advantage of
file or information transport features on your
system, which allows it to travel unaided. The
biggest danger with a worm is its capability to
replicate itself on your system, so rather than
your computer sending out a single worm, it could
send out hundreds or thousands of copies of
itself, creating a huge devastating effect. One
example would be for a worm to send a copy of
itself to everyone listed in your e-mail address
book. Then, the worm replicates and sends itself
out to everyone listed in each of the receiver's
address book, and the manifest continues on down
the line. Due to the copying nature of a worm and
its capability to travel across networks the end
result in most cases is that the worm consumes
too much System Memory (or Network bandwidth),
causing Web Servers, network servers and
individual computers to stop responding. In more
recent worm attacks such as the much-talked-about
.Blaster Worm., the worm has been designed to
tunnel into your system and allow malicious users
to control your computer remotely.
11Differences Between Trojan ,Virus Worm
- A Trojan Horse is full of as much trickery as the
mythological Trojan Horse it was named after. The
Trojan Horse, at first glance will appear to be
useful software but will actually do damage once
installed or run on your computer. Those on the
receiving end of a Trojan Horse are usually
tricked into opening them because they appear to
be receiving legitimate software or files from a
legitimate source. When a Trojan is activated on
your computer, the results can vary. Some Trojans
are designed to be more annoying than malicious
(like changing your desktop, adding silly active
desktop icons) or they can cause serious damage
by deleting files and destroying information on
your system. Trojans are also known to create a
Backdoor on your computer that gives malicious
users access to your system, possibly allowing
confidential or personal information to be
compromised. Unlike viruses and worms, Trojans do
not reproduce by infecting other files nor do
they self-replicate.
12Blended threat
- Added into the mix, we also have what is called a
blended threat. A blended threat is a
sophisticated attack that bundles some of the
worst aspects of viruses, worms, Trojan horses
and malicious code into one threat. Blended
threats use server and Internet vulnerabilities
to initiate, transmit and spread an attack. This
combination of method and techniques means
blended threats can spread quickly and cause
widespread damage. Characteristics of blended
threats include causes harm, propagates by
multiple methods, attacks from multiple points
and exploits vulnerabilities.
13How do I avoid getting infected in the future ?!
- NEVER download blindly from people or sites which
you aren't 100 sure about. In other words, as
the old saying goes, don't accept candy from
strangers. If you do a lot of file downloading,
it's often just a matter of time before you fall
victim to a trojan. - Even if the file comes from a friend, you still
must be sure what the file is before opening it,
because many trojans will automatically try to
spread themselves to friends in an email address
book or on an IRC channel. There is seldom reason
for a friend to send you a file that you didn't
ask for. When in doubt, ask them first, and scan
the attachment with a fully updated anti-virus
program. - Beware of hidden file extensions! Windows by
default hides the last extension of a file, so
that innocuous-looking "susie.jpg" might really
be "susie.jpg.exe" - an executable trojan! To
reduce the chances of being tricked, unhide those
pesky extensions.
14How do I avoid getting infected in the future ?!
- NEVER use features in your programs that
automatically get or preview files. Those
features may seem convenient, but they let
anybody send you anything which is extremely
reckless. For example, never turn on "auto DCC
get" in mIRC, instead ALWAYS screen every single
file you get manually. Likewise, disable the
preview mode in Outlook and other email programs.
- Never blindly type that others tell you to type,
or go to web addresses mentioned by strangers, or
run pre-fabricated programs or scripts (not even
popular ones). If you do so, you are potentially
trusting a stranger with control over your
computer, which can lead to trojan infection or
other serious harm. - Don't be lulled into a false sense of security
just because you run anti-virus programs. Those
do not protect perfectly against many viruses and
trojans, even when fully up to date. Anti-virus
programs should not be your front line of
security, but instead they serve as a backup in
case something sneaks onto your computer. - Finally, don't download an executable program
just to "check it out" - if it's a trojan, the
first time you run it, you're already infected!
15Types of Trojan horse payloads
- Trojan horse payloads are almost always designed
to do various harmful things, but could be
harmless. They are broken down in classification
based on how they breach systems and the damage
they cause. The seven main types of Trojan horse
payloads are
16Types of Trojan horse payloads
- Remote Access Trojans
- Data Sending Trojans
- Destructive Trojans
- Proxy Trojans
- FTP Trojans
- security software disabler Trojans
- denial-of-service attack (DoS) Trojans
17Remote Access Trojan
- Abbreviated as RATs, a Remote Access Trojan is
one of seven major types of Trojan Horse designed
to provide the attacker with complete control of
the victim's system. Attackers usually hide these
Trojan horses in games and other small programs
that unsuspecting users then execute on their
PCs.
18Data Sending Trojan
- A type of a Trojan horses that is designed to
provide the attacker with sensitive data such as
passwords, credit card information, log files,
e-mail address or IM contact lists. These Trojans
can look for specific pre-defined data (e.g.,
just credit card information or passwords), or
they could install a keylogger and send all
recorded keystrokes back to the attacker.
19Destructive Trojan
- A type of Trojan horse designed to destroy and
delete files, and is more like a virus than any
other Trojan. It can often go undetected by
antivirus software.
20Proxy Trojan
- A type of Trojan horse designed to use the
victim's computer as a proxy server. This gives
the attacker the opportunity to do everything
from your computer, including the possibility of
conducting credit card fraud and other illegal
activities, or even to use your system to launch
malicious - attacks against other networks .
21FTP Trojan
- A type of Trojan horse designed to open port 21
(the port for FTP transfer) and lets the attacker
connect to your computer using File Transfer
Protocol (FTP).
22Security software disabler Trojan
- A type of Trojan horse designed stop or kill
security programs such as an antivirus program or
firewall without the user knowing. This Trojan
type is normally combined with another type of
Trojan as a payload.
23D o S attack
- Short for denial-of-service attack, a type of
attack on a network that is designed to bring the
network to its knees by flooding it with useless
traffic. Many DoS attacks, such as the Ping of
Death and Teardrop attacks, exploit limitations
in the TCP/IP protocols. For all known DoS
attacks, there are software fixes that system
administrators can install to limit the damage
caused by the attacks. But, like viruses, new DoS
attacks are constantly being dreamed up by
hackers.
24How do I get rid of trojans?!
- Clean Re-installation Although arduous, this
will always be the only sure way to eradicate a
trojan or virus. Back up your entire hard disk,
reformat the disk, re-install the operating
system and all your applications from original
CDs, and finally, if you're certain they are not
infected, restore your user files from the
backup. If you are not up to the task, you can
pay for a professional repair service to do it. - Anti-Virus Software Some of these can handle
most of the well known trojans, but none are
perfect, no matter what their advertising claims.
You absolutely MUST make sure you have the very
latest update files for your programs, or else
they will miss the latest trojans. Compared to
traditional viruses, today's trojans evolve much
quicker and come in many seemingly innocuous
forms, so anti-virus software is always going to
be playing catch up. Also, if they fail to find
every trojan, anti-virus software can give you a
false sense of security, such that you go about
your business not realizing that you are still
dangerously compromised. There are many products
to choose from, but the following are generally
effective AVP, PC-cillin, and McAfee VirusScan.
All are available for immediate downloading
typically with a 30 day free trial
25How do I get rid of trojans?!
- Anti-Trojan Programs These programs are the most
effective against trojan horse attacks, because
they specialize in trojans instead of general
viruses. A popular choice is The Cleaner, 30
commercial software with a 30 day free trial.
When you are done, make sure you've updated
Windows with all security patches ext. link,
then change all your passwords because they may
have been seen by every "hacker" in the world. - IRC Help Channels If you're the type that needs
some hand-holding, you can find trojan/virus
removal help on IRC itself, such as EFnet
dmsetup or DALnet NoHack. These experts will
try to figure out which trojan(s) you have and
offer you advice on how to fix it.
26Back Orifice
- A program that installs itself on a Windows
machine as a server, allowing a cracker
- with the client counterpart to
- manipulate the machine more
- completely than the user at the
- keyboard. It can come in the
- form of a Trojan or ActiveX control
- . Back Orifice 2000 (BO2K) provides
- access to Windows NT/2000 machines.
- Back Orifice was created by
- "The Cult of the Dead Cow" (cDc),
- a hacker organization (www.cultdeadcow.com).
- There are various "BO removers," which are
- programs that detect and remove it
27 Sub7
- Sub7, or SubSeven, is the name of a popular
trojan or backdoor program. It is mainly used by
script kiddies for causing mischief, such as
hiding the computer cursor, changing system
settings or loading up pornographic websites.
However, it can also be used for more serious
criminal applications, such as stealing credit
card details with a keystroke logger. - Sub7 is usually stopped by antivirus
- software and a firewall, and with
- popular operating systems providing
- these features built in, it may become
- less of a computer security problem.
- However if an EXE packer is in use, it
- may pass through antivirus software
28 Sub7
- It was originally designed by mobman, whose
whereabouts are currently unknown. He is rumored
to either have deceased or have become
uninterested in continuing the project. Some
claim to have spoken with him and maintain that
he is not dead. At any rate, no development has
occurred in several years. The website was not
updated in several years (last time in April
2004), until there suddenly appeared a news
message on April 6, 2006. The news was not by
mobman himself, but by someone who goes under the
name LaT. - Like other backdoor programs, Sub7 is distributed
with a server and a client. The server is the
program that victims must be enticed to run in
order to infect their machines, and the client is
the program with a GUI that the hacker runs on
his own machine to control the server. Sub7
allows crackers to set a password on the server,
theoretically so that once a machine is owned, no
other crackers can take control of it.
29 Thank You