Eg of dropper: installation path c\\win\\sys32\\svchosts.exe.. Autostart: hklm\\software\\microsoft\\run\\iexplor.exea wrapper binds a trojan exe with an innocent looking .exe app such as games or office apps.When user runs the wrapped exe, it 1st installed the trojan in the background & then runs the wrapping app in the foreground.
VNC Trojans - Starts a VNC server daemon in the infected system, connects to the victim using an VNC viewer with the password. Since VNC program is considered a utility, this trojan will never be detected by anti virusRemote Access Trojan – Works like a Remote desktop acess. Hacker gains complete GUI access to remote system, it’s a reverse connecting trojan, connects to port 80.Destructive trojan – When executed, destroys the OS, formats the local & network drives, the user won’t be able to boot the OS
Run local version of anti-virus , firewall & intrusion detection on the desktopRestrict permissions within the desktop environment to prevent malicious applications installationAvoid accepting programs transferred by Instant MessagingHarden weak, default config settings
Trojan Attack Presented by: Ajan Kancharla S
What is a Trojan?S It is a program in which the malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and cause damage.S With the help of a Trojan, an attacker can get access to the Trojaned computer and would be able to access the data.S The term is derived from a Trojan Horse story in Greek Mythology.S Eg. Diagram 1
Indications of a Trojan AttackS Browser redirects to unknown pagesS Anti-Virus is either disabled or mal-functionsS Strange pop-ups or chat messages appear on the victim’s systemS The ISP complains that the victim’s computer is IP scanningS The computer shuts down automaticallyS Ctrl + Alt + Del stops workingS Printer prints documents automatically
Infecting systems using a TrojanS Create a new Trojan Packet using a Trojan Construction KitS Create the dropper, which is a part in a trojanized packet that installs the malicious code on the target systemS Create a wrapper using tools to install Trojan on Victim’s computerS Propogate the Trojan & execute the dropperS Execute the damage routineS Workflow Picture 2
Workflow of a TrojanS A wrapper binds a trojan.exe with an innocent looking executable application such as games or office appsS Eg. Of Dropper: Installation path S cwindowssystem3svchosts.exe S Autostart: HKMLSoftwareMicrosoftRuniExplore.exe
Ways of Trojan infiltrationS Fake ProgramsS Un-trusted Sites & Free SoftwareS File Sharing (NetBIOS)S AttachmentsS Browser & Email software bugsS Legitimate ‘wrapped’ software packaged by a disgruntled employee.
Types of TrojansS Command Shell Trojan – This gives remote control of the victim’s command shell by opening a port for the attacker to connect.S Document Trojan – Trojan is embedded in to a document as an attachmentS Email Trojan – Attacker gains control by sending email messages to the victim, Attacker can then retrieve files or folders by sending commands through email.S FTP Trojan - FTP Trojans install an FTP server on the victim’s machine which opens FTP ports
E-Banking TrojanS E-Banking trojans intercept a victim’s account information before it is encrypted and sends it to the attacker’s Trojan command & control centerS Diagram 2
E-Banking Trojan: ZeusS ZeuS is a banking Trojan Horse Program which steals data from infected computers via web browsers & protected storage
Trojan CountermeasuresS Avoid downloading files or applications from untrusted sourcesS Install patches & security updates for the Oss & applicationsS Block all unnecessary ports at the host & firewallS Avoid typing commands blindly & implementing pre- fabricated programs or scriptsS Monitor the internal network for odd ports or encrypted traffic.