Information Protection and Security

Home

Trojans
A trojan is a hidden program transmitted by means of spam or e-mail, a downloaded file, thumb drive/flash drive, a CD, or even a legitimate program with hidden malicious computer code lurking inside. The computer code (a program) enters your computer undetected. A Trojan Horse (Trojan) is computer code used to enter your computer undetected. The malware can be a hidden program transmitted by means of spam or e-mail, a downloaded file, a disk from a trusted source, or a legitimate program which is undetected. If a hacker has already broken into your computer, it may already be compromised. Trojans lie undetected and collect information for the Trojan writer (hacker) and can sometimes provide a back door to your computer allowing the hacker the ability to logon to your computer from other locations. The most sought after data includes: credit card information accounting data (passwords, user names, dial-up passwords, etc.) confidential documents financial data (bank account numbers, Social Security numbers, insurance information, etc.) e-mail addresses

calendar information concerning your whereabouts Different types of Trojans There are seven major types of Trojan: 1. The remote access Trojan takes full control of your system and passes it to the hacker. This Trojan acts as a server and usually listens on a port that is not readily available to other attackers (there are over 130,000 ports available). While a firewall will block external hacker access to the Trojan (only if the "unused" ports have been blocked by your up-to-date firewall configuration), an internal hacker (one who resides on the agency side of the firewall) can connect to this type of Trojan without any trouble. 2. The data-sending Trojan sends data back to the hacker. These Trojans can communicate with the originating hacker by means of e-mail to a Web-based e-mail account or Web site. Key-loggers (programs that log and transmit each keystroke you make) are common data-sending Trojan payloads. 3. The destructive Trojan has only one purpose: to destroy and delete files. The Trojan can be activated by the hacker, or written to execute at a specific time/date. These Trojans are different from your garden-variety Trojans since they are written purposefully to attack YOU, and therefore unlikely to be detected by anti-virus software. 4. The denial-of-service (DOS) attack Trojans combine your computing power with that of the other computers/systems it infects to launch an attack on another computer system. By using the power of 300 or more infected computers, the hacker can flood a computer system with so much traffic that it crashes. 5. The proxy Trojans allow a hacker to turn YOUR computer into HIS server to make purchases with stolen credit cards, sell and trade child pornography, and run other organized criminal enterprises in YOUR name. 6. The FTP Trojan opens port 21 (the port for FTP transfer) and lets the attacker connect to your computer using File Transfer Protocol (FTP). 7. The security software disabler Trojan is designed to stop or kill security programs such as anti-virus software, firewalls, etc., without you knowing it. This Trojan type is normally combined with another type as a payload. How can I become infected? Trojans infect by means of: Infected attachments traveling with messages from "trusted sources" (spoofed addresses).

Internet forms requesting information (i.e.: patriotic petitions, pleas for charitable donations, etc.). Neat software from a friend of a friend of a friend. Legitimate "shrink-wrapped" software packaged by a disgruntled employee. Downloading files, games, and screen-savers from an Internet site.

Anti-virus software does not recognize and disable Trojans. While most virus scanners detect a number of publicly known Trojans, they are unable to scan unknown Trojans. Virus scanners rely mainly on virus signatures. While Trojan do have signatures, most Trojan writers take readily available, pre-written Trojan computer code from a master hacker site, make small changes to the signature, and launch a Trojan unknown to the virus scanners. Some computer users give away all the secrets by including a statement such as "this transmission scanned by Norton Anti virus and is certified as virus-free" at the end of each e-mail sent. A Trojan horse writer looks for these statements, then modifies the Trojan to totally bypass your virus scanner. Trojans are not well understood by many users, and pose just as dangerous a threat as their better known relatives, the viruses. Consider software for identifying and removing Ad-ware / Malware / Spyware. Rutgers Anti-virus/Anti-spyware Delivery Service (RADS)

email

hidden program

spam

Trojan horse

R USe cure is m aintaine d by the R utge rs Unive rsity Division of Inform ation Prote ction and Se curity, a division of the O ffice of Inform ation Te chnology.