TROJAN HORSE

Created By:-Mayur Parmar

Overview:

What is Trojan Horse? Purpose and uses. Types of Trojan Horses? Popular Trojan horses. How can you be infected?
Implementation with an example

How to Prevent? Referances

Definition:

A Trojan horse, or Trojan, is a type of malware that masquerades as a legitimate file or helpful program with the ultimate purpose of granting a hacker unauthorized access to a computer.

Purpose and uses:

A Trojan gives a hacker remote access to a targeted computer system. Operations that could be performed by a hacker on a targeted computer system may include: Downloading or uploading of files on the user's computer Modification or deletion of files Crashing the computer Data theft (e.g. retrieving passwords or credit card information)

Types of Trojan Horses?

Remote Access Trojans Data Sending Trojans Destructive Trojans Proxy Trojans FTP Trojans security software disabler Trojans Denial-of-service attack (DoS) Trojans

Popular Trojan horses:

Netbus (by Carl-Fredrik Neikter) Subseven or Sub7(by Mobman) Back Orifice (Sir Dystic) Beast Zeus Flashback Trojan (Trojan.BackDoor.Flashback)

How can you be infected:

Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of Trojans and other pests. Even using a secure web browser, such as Mozilla's Firefox, if Java is enabled, your computer has the potential of receiving a Trojan horse.
E-mail: Attachments on e-mail messages may contain Trojans. Trojan horses via SMTP.

Implementation of a Trojan Horse Program

1) Trojan.Gletta.A executable locates the System folder copies itself to the system folder and the Windows installation folder.

Trojan.Gletta.A is a Trojan horse program that steals Internet banking passwords. It logs keystrokes of a victim computer when the user visits certain Web pages and then emails the log to the attacker.

%System%\Wmiprvse.exe %System%\Ntsvc.exe %Windir%\Userlogon.exe

2) Creates %System%\Rsasec.dll, which is a key logger and %System%\rsacb.dll, which is actually a text file key logger file. 3) Adds a registry key value "wmiprvse.exe"="%system%\wmiprvse.exe" , to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, so that the Trojan runs when you start Windows.

Implementation of a Trojan Horse Program

4) On Windows NT/2000/XP, it adds the value: "Run" = "%Windir%\userlogon.exe" to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Windows, so that the Trojan runs when you start the operating systems.
The program watches for Internet Explorer windows that have any of the following titles: National Internet Banking Welcome to Citibank Bank of China HSBC in Hong Kong 5) It also captures all the keystrokes entered into any windows that match those listed above, and writes them into a log file.

6) Later it uses its own SMTP engine to send the log file to an external mail account of the intruder. The mail has the following characteristics: Both the FROM and TO addresses have the domain "mail.ru" The subject starts with "Business News from"

How to Prevent?

Install latest security patches for the operating system.

Install Anti-Trojan software. Trojan Hunter A- Squared

Install anti-virus software and update it regularly

Install a secure firewall Do not give strangers access (remote as well as physical) to your computer. Do not run any unknown or suspicious executable program just to "check it out". Scan all email attachments with an antivirus program before opening it.

References:

Trojan horse:http://www.webopedia.com/TERM/R/Remote_ Access_Trojan.html http://en.wikipedia.org/wiki/Trojan_horse_(co mputing) www.cs.bham.ac.uk/ www.cs.purdue.edu

Contact Details:

Email Id:-parmarmayur39@gmail.com
Facebook:http://www.facebook.com/ALL.ABOUT.TECH Blog:http://mayurtech.blogspot.in/