Trojan

1
Trojan

2
History

• Trojan comes from Greek mythology, in which the
  Greeks battled the Trojans (people of Troy).
  After years of being unable to break into the
  fortified city, the Greeks built a wooden horse,
  filled it with soldiers and pretended to sail
  away. After the Trojans brought the horse into
  the city, the Greek soldiers crept out at night,
  opened the gates of Troy to the returning
  soldiers, and Troy was destroyed

3
History

• The Greek Siege of Troy had lasted for ten years.
  The Greeks devised a new ruse a giant hollow
  wooden horse. It was built by Epeius and filled
  with Greek warriors led by Odeyssious. The rest
  of the Greek army appeared to leave, but actually
  hid behind Tenedos. Meanwhile, a Greek spy,
  Sigon, convinced the Trojans the horse was a gift
  despite the warnings of Laocoon and Cassandra
  Helen and Deiphobus even investigated the horse
  in the end, the Trojans accepted the gift. In
  ancient times it was customary for a defeated
  general to surrender his horse to the victorious
  general in a sign of respect. It should be noted
  here that the horse was the sacred animal of
  Poseidon during the contest with Athena over the
  patronship of Athens, Poseidon gave men the
  horse, and Athena gave the Olive Tree

4
History

• The Trojans hugely celebrated the end
• of the siege, so that, when the Greeks
• emerged from the horse, the city was
• in a drunken stupor. The Greek warriors
• opened the city gates to allow the rest
• of the army to enter, and the city was
• pillaged ruthlessly, all the men were
• killed, and all the women and children
• were taken into slavery.

5
What Is Trojan ?!

• A destructive Program that masquerades as a
  benign Application. Unlike Viruses, Trojan horses
  do not replicate themselves but they can be just
  as destructive. One of the most insidious types
  of Trojan horse is a program that claims to rid
  your computer of viruses but instead introduces
  viruses onto your computer

6
What Is Trojan ?!

• A program that appears legitimate, but performs
  some illicit activity when it is run. It may be
  used to locate password information or make the
  system more vulnerable to future entry or simply
  destroy programs or data on the hard disk. A
  Trojan is similar to a virus, except that it does
  not replicate itself. It stays in the computer
  doing its damage or allowing somebody from a
  remote site to take control of the computer.
  Trojans often sneak in attached to a free game or
  other utility

7
What Is Trojan ?!

• In the context of Computer Software, a Trojan
  horse is a malicious program that is disguised as
  or embedded within legitimate software. The term
  is derived from the classical myth of the Trojan
  Horse. They may look useful or interesting (or at
  the very least harmless) to an unsuspecting user,
  but are actually harmful when executed.

8
Diffrences Between Trojan ,Virus Worm

• The most common blunder people make when the
  topic of a computer virus arises is to refer to a
  Worm or Trojan Horse as a Virus. While the words
  Trojan, worm and virus are often used
  interchangeably, they are not the same. Viruses,
  worms and Trojan Horses are all malicious
  Programs that can cause damage to your Computer,
  but there are differences among the three, and
  knowing those differences can help you to better
  protect your computer from their often damaging
  effects

9
Diffrences Between Trojan ,Virus Worm

• A computer virus attaches itself to a program or
  file so it can spread from one computer to
  another, leaving infections as it travels. Much
  like human viruses, computer viruses can range in
  severity Some viruses cause only mildly annoying
  effects while others can damage your Hardware,
  Software or Files. Almost all viruses are
  attached to an Executable Files, which means the
  virus may exist on your computer but it cannot
  infect your computer unless you run or open the
  malicious program. It is important to note that a
  virus cannot be spread without a human action,
  (such as running an infected program) to keep it
  going.  People continue the spread of a computer
  virus, mostly unknowingly, by sharing infecting
  files or sending E-mail with viruses as
  attachments in the e-mail.

10
Diffrences Between Trojan ,Virus Worm

• A worm is similar to a virus by its design, and
  is considered to be a sub-class of a virus. Worms
  spread from computer to computer, but unlike a
  virus, it has the capability to travel without
  any help from a person. A worm takes advantage of
  file or information transport features on your
  system, which allows it to travel unaided. The
  biggest danger with a worm is its capability to
  replicate itself on your system, so rather than
  your computer sending out a single worm, it could
  send out hundreds or thousands of copies of
  itself, creating a huge devastating effect. One
  example would be for a worm to send a copy of
  itself to everyone listed in your e-mail address
  book. Then, the worm replicates and sends itself
  out to everyone listed in each of the receiver's
  address book, and the manifest continues on down
  the line. Due to the copying nature of a worm and
  its capability to travel across networks the end
  result in most cases is that the worm consumes
  too much System Memory (or Network bandwidth),
  causing Web Servers, network servers and
  individual computers to stop responding. In more
  recent worm attacks such as the much-talked-about
  .Blaster Worm., the worm has been designed to
  tunnel into your system and allow malicious users
  to control your computer remotely.

11
Differences Between Trojan ,Virus Worm

• A Trojan Horse is full of as much trickery as the
  mythological Trojan Horse it was named after. The
  Trojan Horse, at first glance will appear to be
  useful software but will actually do damage once
  installed or run on your computer.  Those on the
  receiving end of a Trojan Horse are usually
  tricked into opening them because they appear to
  be receiving legitimate software or files from a
  legitimate source.  When a Trojan is activated on
  your computer, the results can vary. Some Trojans
  are designed to be more annoying than malicious
  (like changing your desktop, adding silly active
  desktop icons) or they can cause serious damage
  by deleting files and destroying information on
  your system. Trojans are also known to create a
  Backdoor on your computer that gives malicious
  users access to your system, possibly allowing
  confidential or personal information to be
  compromised. Unlike viruses and worms, Trojans do
  not reproduce by infecting other files nor do
  they self-replicate.

12
Blended threat

• Added into the mix, we also have what is called a
  blended threat. A blended threat is a
  sophisticated attack that bundles some of the
  worst aspects of viruses, worms, Trojan horses
  and malicious code into one threat. Blended
  threats use server and Internet vulnerabilities
  to initiate, transmit and spread an attack. This
  combination of method and techniques means
  blended threats can spread quickly and cause
  widespread damage. Characteristics of blended
  threats include causes harm, propagates by
  multiple methods, attacks from multiple points
  and exploits vulnerabilities.

13
How do I avoid getting infected in the future ?!

• NEVER download blindly from people or sites which
  you aren't 100 sure about. In other words, as
  the old saying goes, don't accept candy from
  strangers. If you do a lot of file downloading,
  it's often just a matter of time before you fall
  victim to a trojan.
• Even if the file comes from a friend, you still
  must be sure what the file is before opening it,
  because many trojans will automatically try to
  spread themselves to friends in an email address
  book or on an IRC channel. There is seldom reason
  for a friend to send you a file that you didn't
  ask for. When in doubt, ask them first, and scan
  the attachment with a fully updated anti-virus
  program.
• Beware of hidden file extensions! Windows by
  default hides the last extension of a file, so
  that innocuous-looking "susie.jpg" might really
  be "susie.jpg.exe" - an executable trojan! To
  reduce the chances of being tricked, unhide those
  pesky extensions.

14
How do I avoid getting infected in the future ?!

• NEVER use features in your programs that
  automatically get or preview files. Those
  features may seem convenient, but they let
  anybody send you anything which is extremely
  reckless. For example, never turn on "auto DCC
  get" in mIRC, instead ALWAYS screen every single
  file you get manually. Likewise, disable the
  preview mode in Outlook and other email programs.
  
• Never blindly type that others tell you to type,
  or go to web addresses mentioned by strangers, or
  run pre-fabricated programs or scripts (not even
  popular ones). If you do so, you are potentially
  trusting a stranger with control over your
  computer, which can lead to trojan infection or
  other serious harm.
• Don't be lulled into a false sense of security
  just because you run anti-virus programs. Those
  do not protect perfectly against many viruses and
  trojans, even when fully up to date. Anti-virus
  programs should not be your front line of
  security, but instead they serve as a backup in
  case something sneaks onto your computer.
• Finally, don't download an executable program
  just to "check it out" - if it's a trojan, the
  first time you run it, you're already infected!
  

15
Types of Trojan horse payloads

• Trojan horse payloads are almost always designed
  to do various harmful things, but could be
  harmless. They are broken down in classification
  based on how they breach systems and the damage
  they cause. The seven main types of Trojan horse
  payloads are

16
Types of Trojan horse payloads

• Remote Access Trojans
• Data Sending Trojans
• Destructive Trojans
• Proxy Trojans
• FTP Trojans
• security software disabler Trojans
• denial-of-service attack (DoS) Trojans

17
Remote Access Trojan

• Abbreviated as RATs, a Remote Access Trojan is
  one of seven major types of Trojan Horse designed
  to provide the attacker with complete control of
  the victim's system. Attackers usually hide these
  Trojan horses in games and other small programs
  that unsuspecting users then execute on their
  PCs.

18
Data Sending Trojan

• A type of a Trojan horses that is designed to
  provide the attacker with sensitive data such as
  passwords, credit card information, log files,
  e-mail address or IM contact lists. These Trojans
  can look for specific pre-defined data (e.g.,
  just credit card information or passwords), or
  they could install a keylogger and send all
  recorded keystrokes back to the attacker.

19
Destructive Trojan

• A type of Trojan horse designed to destroy and
  delete files, and is more like a virus than any
  other Trojan. It can often go undetected by
  antivirus software.

20
Proxy Trojan

• A type of Trojan horse designed to use the
  victim's computer as a proxy server. This gives
  the attacker the opportunity to do everything
  from your computer, including the possibility of
  conducting credit card fraud and other illegal
  activities, or even to use your system to launch
  malicious
• attacks against other networks .

21
FTP Trojan

• A type of Trojan horse designed to open port 21
  (the port for FTP transfer) and lets the attacker
  connect to your computer using File Transfer
  Protocol (FTP).

22
Security software disabler Trojan

• A type of Trojan horse designed stop or kill
  security programs such as an antivirus program or
  firewall without the user knowing. This Trojan
  type is normally combined with another type of
  Trojan as a payload.

23
D o S attack

• Short for denial-of-service attack, a type of
  attack on a network that is designed to bring the
  network to its knees by flooding it with useless
  traffic. Many DoS attacks, such as the Ping of
  Death and Teardrop attacks, exploit limitations
  in the TCP/IP protocols. For all known DoS
  attacks, there are software fixes that system
  administrators can install to limit the damage
  caused by the attacks. But, like viruses, new DoS
  attacks are constantly being dreamed up by
  hackers.

24
How do I get rid of trojans?!

• Clean Re-installation Although arduous, this
  will always be the only sure way to eradicate a
  trojan or virus. Back up your entire hard disk,
  reformat the disk, re-install the operating
  system and all your applications from original
  CDs, and finally, if you're certain they are not
  infected, restore your user files from the
  backup. If you are not up to the task, you can
  pay for a professional repair service to do it.
• Anti-Virus Software Some of these can handle
  most of the well known trojans, but none are
  perfect, no matter what their advertising claims.
  You absolutely MUST make sure you have the very
  latest update files for your programs, or else
  they will miss the latest trojans. Compared to
  traditional viruses, today's trojans evolve much
  quicker and come in many seemingly innocuous
  forms, so anti-virus software is always going to
  be playing catch up. Also, if they fail to find
  every trojan, anti-virus software can give you a
  false sense of security, such that you go about
  your business not realizing that you are still
  dangerously compromised. There are many products
  to choose from, but the following are generally
  effective AVP, PC-cillin, and McAfee VirusScan.
  All are available for immediate downloading
  typically with a 30 day free trial

25
How do I get rid of trojans?!

• Anti-Trojan Programs These programs are the most
  effective against trojan horse attacks, because
  they specialize in trojans instead of general
  viruses. A popular choice is The Cleaner, 30
  commercial software with a 30 day free trial.
  When you are done, make sure you've updated
  Windows with all security patches ext. link,
  then change all your passwords because they may
  have been seen by every "hacker" in the world.
• IRC Help Channels If you're the type that needs
  some hand-holding, you can find trojan/virus
  removal help on IRC itself, such as EFnet
  dmsetup or DALnet NoHack. These experts will
  try to figure out which trojan(s) you have and
  offer you advice on how to fix it.

26
Back Orifice

• A program that installs itself on a Windows
  machine as a server, allowing a cracker
  
• with the client counterpart to
• manipulate the machine more
• completely than the user at the
• keyboard. It can come in the
• form of a Trojan or ActiveX control
• . Back Orifice 2000 (BO2K) provides
• access to Windows NT/2000 machines.
• Back Orifice was created by
• "The Cult of the Dead Cow" (cDc),
• a hacker organization (www.cultdeadcow.com).
• There are various "BO removers," which are
• programs that detect and remove it

27
Sub7

• Sub7, or SubSeven, is the name of a popular
  trojan or backdoor program. It is mainly used by
  script kiddies for causing mischief, such as
  hiding the computer cursor, changing system
  settings or loading up pornographic websites.
  However, it can also be used for more serious
  criminal applications, such as stealing credit
  card details with a keystroke logger.
• Sub7 is usually stopped by antivirus
• software and a firewall, and with
• popular operating systems providing
• these features built in, it may become
• less of a computer security problem.
• However if an EXE packer is in use, it
• may pass through antivirus software

28
Sub7

• It was originally designed by mobman, whose
  whereabouts are currently unknown. He is rumored
  to either have deceased or have become
  uninterested in continuing the project. Some
  claim to have spoken with him and maintain that
  he is not dead. At any rate, no development has
  occurred in several years. The website was not
  updated in several years (last time in April
  2004), until there suddenly appeared a news
  message on April 6, 2006. The news was not by
  mobman himself, but by someone who goes under the
  name LaT.
• Like other backdoor programs, Sub7 is distributed
  with a server and a client. The server is the
  program that victims must be enticed to run in
  order to infect their machines, and the client is
  the program with a GUI that the hacker runs on
  his own machine to control the server. Sub7
  allows crackers to set a password on the server,
  theoretically so that once a machine is owned, no
  other crackers can take control of it.

29
Thank You