SlideShare a Scribd company logo
1 of 32
Download to read offline
Trojan Horse program
Back door and remote administration
programs:
Prepared By :
Ibrahim Al qarout
Supervisod By:
Dr. Lo’ai Tawalbeh
New York Institute of Technology
Institute (NYIT)-Jordan
Trojan Horse program
 
Name (Trojan horse)
According to legend , the Greeks won the Trojan war by
hiding in a huge, hollow wooden horse to sneak into the
fortified city of Troy.
It was built and filled with Greek warriors to get in troy
city and open doors for all warriors out side troy city waiting
to enter the city.
However there is another meaning of the term Trojan Horse
in the field of computer architecture. Here it basically
represents any piece of User Code which makes the Kernel
Code access anything it would not have been able to access
itself in the first place!. i.e make the OS do something it
wasnt supposed to be doing.And such security loopholes are
called Trojan Horses
 
In the context of computer software, a Trojan horse is a
program that contains or installs a malicious program
(sometimes called the payload )
Types of Trojan horse (payloads)
Trojan horse payloads are almost always designed to do
various harmful things, but could be harmless. They are
broken down in classification based on how they breach
systems and the damage they cause. The seven main types of
Trojan horse payloads are:
1.Remote Access
2. Email Sending
3. Data Destructive
4. FTP trojan (adding or copying data from the infected
computer)
5. denial-of-service attack (DoS)
Some examples are:
1.erasing or overwriting data on a computer.
2. Encrypting files in a crypto vital extortion attack.
3. Upload and download files.
4. Allowing remote access to the victim's computer. This
is called a RAT. (
Remote administration tool)
5. Installing a backdoor on a computer system.
6. Opening and closing CD-ROM tray.
7. Harvest e-mail addresses and use them for Spam.
8. Restarts the computer whenever the infected
program is started
Trojan horse programs are an easy way for intruders to
trick you (sometimes referred to as "social engineering") into
installing "back door" programs. These can allow intruders
easy access to your computer without your knowledge,
change your system configurations, or infect your computer
with a computer virus.
Trojan horse may appear to be useful or interesting
programs or very harmless to an unsuspecting user.
There are two common types of Trojan horses.
One, is otherwise useful software that has been corrupted by
a cracker (it is software remove protection methods:copy
prevention, trial/demo version, serial number, hardware key,
CD ) .
inserting malicious code that executes while the program
is used.Examples
1.include various implementations of
weather alerting programs.
2.computer clock setting software.
3. peer to peer file sharing utilities.
The other type is a standalone program that masquerades as
something else, like a game or image file, in order to trick the
user into some misdirected complicity that is needed to carry
out the program's objectives.
How you can know if you are under Trojan horse attack?
      For example, you download what appears to be a movie 
or music file, but when you click on it, you unleash a 
dangerous program that erases your disk, sends your credit 
card numbers and passwords to a stranger, or lets that stranger 
hack your computer to commit illegal Denial of service 
attacks .
How do I get rid of Trojans?!?
1.Clean Re-installation:
Back up your entire hard disk, format the disk, re-install the 
operating system and all your applications from original CDs.
 
2. Anti-Virus Software:
anti-virus software is always going to be playing catch up 
with active virus on the system. Make sure your computer has 
an anti virus program on it and update it regularly. If you 
have an auto-update option included in your anti-virus 
program you should turn it on; that way if you forget to 
update your software you can still be protected from threats
3. Anti-Trojan Programs:
These programs are the most effective against Trojan
horse attacks, because they specialize in Trojans
instead of general viruses.
4.. Avoid using peer to peer or P2P sharing networks like 
kazaa,Lime wire Ares, or Guntella because they are generally 
unprotected from viruses and Trojan Horse viruses spread 
through them especially easily.
 Some of these programs do offer some virus protection, but 
this is often not strong enough. If you insist on using P2P, it 
would be safe to not download files that claim to be "rare" 
songs, books, movies, pictures, etc.
Methods of Infection
 1.You can be infected by visiting a rogue website.
2.Email: If you use Microsoft Outlook, you're vulnerable to many of the 
same problems that Internet Explorer has, even if you don't use IE 
directly.
3.Open ports: Computers running their own servers (HTTP, FTP, or 
SMTP, for example), allowing Windows file sharing, or running programs 
that provide filesharing capabilities such as Instant Messengers (AOL's 
AIM, MSN Messenger, etc.) may have vulnerabilities similar to those 
described above. These programs and services may open a network port 
giving attackers a means for interacting with these programs from 
anywhere on the Internet. Vulnerabilities allowing unauthorized remote 
entry are regularly found in such programs, so they should be avoided or 
properly secured.
How do I avoid getting infected with (Trojan horse) in the
future?
 
1.NEVER download blindly from people or sites which you 
aren't 100% sure about
 
2. Even if the file comes from a friend, you still must be sure 
what the file is before opening it
 
3. NEVER use features in your programs that automatically get 
or preview files
 
4. Never blindly type commands that others tell you to type, or 
go to web addresses mentioned by strangers, or run pre-
fabricated programs or scripts
Example of a simple Trojan horse
1.A simple example of a trojan horse would be a program 
named “waterfalls.scr" claiming to be a free waterfall 
screensaver which, when run, instead would allow access to 
the user's computer remotely.
 
2. AIDS (trojan horse)
AIDS, also known as Aids Info Disk or PC Cyborg Trojan, is 
a trojan horse that replaces the AUTOEXEC.BAT file, which 
would then be used by AIDS to count the number times the 
computer has booted. Once this boot count reaches 90, AIDS 
hides directories and encrypts the names of all files on drive 
C: (rendering the system unusable).
Back door and remote 
administration programs:
Back door and remote administration
programs:
On Windows computers, three tools commonly used by
intruders to gain remote access to your computer are
1.BackOrifice:
Back Orifice (often shortened to BO) is a controversial
computer program designed for remote system
administration. It enables a user to control a computer
running the Microsoft Windows operating system from a
remote location. The name is a pun on Microsoft
BackOffice Server software.
2. Netbus
NetBus or Netbus is a software program for remotely controlling a
Microsoft Windows computer system over a network. It was created
in 1998 and has been very controversial for its potential of being
used as a backdoor.
3. Sub Seven(help to hack other pc's).
Sub7, or Sub Seven, is the name of a popular Trojan or backdoor
program. It is mainly used by script kiddies for causing mischief,
such as hiding the computer cursor, changing system settings or
loading up pornographic websites. However, it can also be used for
more serious criminal applications, such as stealing credit card
details with a keystroke logger.
These back door or remote administration programs, once
installed, allow other people to access and control your computer.
A Remote administration programs (tool):
is used to remotely connect and manage a single or multiple
computers with a variety of tools, such as:
1.Screen/camera capture or control
2. File management (download/upload/execute/etc.)
3. Computer control (power off/on/log off)
4. Registry management (query/add/delete/modify)
5. Shell control (usually piped from command prompt)
we have 2 kind of connection:
1.Direct Connection
A direct-connect RAT is a simple set-up where the client
connects to a single or multiple servers directly. Stable
servers are multi-threaded, allowing for multiple clients
to be connected, along with increased reliability.
2. Reverse Connection
new technology that came around about the same time that
routers became popular. A few advantages of a reverse-
connection:
1. No problems with routers blocking incoming data,
because the connection is started outgoing for a server
2. Allows for mass-updating of servers by broadcasting
commands, because many servers can easily connect to a
single client.
RAT (Remote access Trojans )Trojan
Horses:
(RAT)Malware or malicious software is software
designed to infiltrate or damage a computer system
without the owner's known.
Many Trojans and backdoors now have remote
administration capabilities allowing an individual to
control the victim's computer. Many times a file called
the server must be opened on the victim's computer
before the trojan can have access to it. These are
generally sent through email, P2P file sharing software,
and in internet downloads
They are usually disguised as a legitimate program or
file. Many server files will display a fake error message
when opened, to make it seem like it didn't open. Some
will also kill
1.ant virus software.
2.firewall software.
*Fire wall: a logical barrier designed to prevent
unauthorized or unwanted communications between
sections of a computer network
RAT Trojans can generally do the following:
1.Download, upload, delete, and rename files
2. Format drives
3. Open CD-ROM tray
4. Drop viruses and worms
5. Log keystrokes
6. Hack passwords, credit card no.
7. View, kill, and start tasks in task manager
8. Print text, Play sounds
9. Randomly move and click mouse
Some RAT Trojans are pranks that are most likely being
controlled by a friend or enemy on April Fool's day or a
holiday. RATS are generally not harmful, and won't log
keystrokes or hack. They usually do whimsical things
like flip the screen upside-down, open the CD-ROM
tray, and swap mouse buttons.
Example of a Back door and remote administration programs:
Name:
Remote Administration Tool - RAT
Aliases:
Backdoor.RAT, RAT,
Ports:
2989 (UDP), 1095, 1097, 1098, 1099
Files:
Rat10.zip - 823 bytes Rat11.zip - 1.032 bytes Rat20.zip - 6,128 bytes
Rat10.exe - 8,192 bytes Rat10akaremote administration tool.exe - 8,192
bytes Rat11.exe - 8,192 bytes Rat20.exe - 12,288 bytes Rat21.exe -
12,288 bytes Set-up.exe - 295,936 bytes .exe - Msgsvr16.exe - Pitcher.exe
- 21,504 bytes Send.tags - 616 bytes Message.tags - Rat.c - 9,658 bytes
Created:
Nov 1999
Requires:
N/A
Actions:
Remote Access / AOL Trojan
Can register under 40 different HKEYs.
Versions:
1.0, 1.1, 2.0, 2.1, 5.3,
Registers:
HLMSOFTWAREMicrosoftWindowsCurrentVersionRun
HLMSOFTWAREMicrosoftWindowsCurrentVersion RunServices
and some 38 other entries !!!
Notes:
Works on Windows 95, 98, ME and Unix [Linux and FreeBSD]. RAT
server 1.1 has IRC support added. Send.tgz is Unix client. ˆ Source code
is available.
Country:
N/A
Program:
Written in Visual Basic 5.
Check if any unwanted program found in your system
Using the process monitor from remote administration
programs Tools, you will see whether any foreign programs
are running on your computer.
If you find some unwanted program, you can terminate it by
clicking the 'Terminate Process' button on the Toolbar. So
you can find out what programs are started behind your back
END…………….
Extra information….
The Difference Between a
Virus and Trojan Horse
A computer virus attaches itself to a program or file so it can spread
from one computer to another, leaving infections as it travels. Much like
human viruses, computer viruses can range in severity: Some viruses
cause only mildly annoying effects while others can damage your
hardware, software or files. Almost all viruses are attached to an
executable file, which means the virus may exist on your computer but it
cannot infect your computer unless you run or open the malicious
program. It is important to note that a virus cannot be spread without a
human action, (such as running an infected program) to keep it going.
People continue the spread of a computer virus, mostly unknowingly, by
sharing infecting files or sending e-mails with viruses as attachments in
the e-mail.
A Trojan Horse is full of as much trickery as the mythological Trojan
Horse it was named after. The Trojan Horse, at first glance will appear to
be useful software but will actually do damage once installed or run on
your computer. Those on the receiving end of a Trojan Horse are usually
tricked into opening them because they appear to be receiving legitimate
software or files from a legitimate source. When a Trojan is activated on
your computer, the results can vary. Some Trojans are designed to be
more annoying than malicious (like changing your desktop, adding silly
active desktop icons) or they can cause serious damage by deleting files
and destroying information on your system. Trojans are also known to
create a backdoor on your computer that gives malicious users access to
your system, possibly allowing confidential or personal information to be
compromised. Unlike viruses and worms, Trojans do not reproduce by
infecting other files nor do they self-replicate.
Added into the mix, we also have what is called a blended threat. A
blended threat is a sophisticated attack that bundles some of the worst
aspects of viruses, worms, Trojan horses and malicious code into one
threat. Blended threats use server and Internet vulnerabilities to initiate,
transmit and spread an attack. This combination of method and techniques
means blended threats can spread quickly and cause widespread damage.
Characteristics of blended threats include: causes harm, propagates by
multiple methods, attacks from multiple points and exploits
vulnerabilities.
To be considered a blended thread, the attack would normally serve to
transport multiple attacks in one payload. For example it wouldn't just
launch a DoS attack — it would also install a backdoor and damage a
local system in one shot.
Additionally, blended threats are designed to use multiple modes of
transport. For example, a worm may travel through e-mail, but a single
blended threat could use multiple routes such as e-mail, IRC and file-
sharing sharing networks. The actual attack itself is also not limited to a
specific act. For example, rather than a specific attack on predetermined
.exe files, a blended thread could modify exe files, HTML files and
registry keys at the same time — basically it can cause damage within
several areas of your network at one time.
Blended threats are considered to be the worst risk to security since the
inception of viruses, as most blended threats require no human
intervention to propagate.

More Related Content

What's hot

Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking IT Department Akre
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)siti zulaikha
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Futurekaranwayne
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virusCassidy Lajangang
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)NamanKikani
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Impact of ict on society virus
Impact of ict on society virus Impact of ict on society virus
Impact of ict on society virus Ranjeta Muniandy
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & KeyloggersJithin James
 
Viruses and its History
Viruses and its HistoryViruses and its History
Viruses and its HistorySunil Kafle
 

What's hot (20)

Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. Allwood
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virus
 
Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virus
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Web backdoors attacks, evasion, detection
Web backdoors   attacks, evasion, detectionWeb backdoors   attacks, evasion, detection
Web backdoors attacks, evasion, detection
 
Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
 
Presentation
PresentationPresentation
Presentation
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virus
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkit
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Impact of ict on society virus
Impact of ict on society virus Impact of ict on society virus
Impact of ict on society virus
 
Cyber Security Seminar Day 2
Cyber Security Seminar Day 2Cyber Security Seminar Day 2
Cyber Security Seminar Day 2
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmesh
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & Keyloggers
 
Viruses and its History
Viruses and its HistoryViruses and its History
Viruses and its History
 
Trojan ppt pianca
Trojan ppt piancaTrojan ppt pianca
Trojan ppt pianca
 

Similar to Trojan backdoors

Trojan Backdoors
Trojan                         BackdoorsTrojan                         Backdoors
Trojan BackdoorsJauwadSyed
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalOWASP Delhi
 
Software security
Software securitySoftware security
Software securityjes_d
 
virus salami attack and trojan horse
virus salami attack and trojan horsevirus salami attack and trojan horse
virus salami attack and trojan horsesiti zulaikha
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types  !Type of Malware and its different analysis and its types  !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Ethical Hacking4
Ethical Hacking4Ethical Hacking4
Ethical Hacking4dodontn
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
trojon horse Seminar report
 trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar reportNamanKikani
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 

Similar to Trojan backdoors (20)

Trojan Backdoors
Trojan                         BackdoorsTrojan                         Backdoors
Trojan Backdoors
 
It act seminar
It act seminarIt act seminar
It act seminar
 
Information security
Information securityInformation security
Information security
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan Bansal
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Software security
Software securitySoftware security
Software security
 
Dickmaster
DickmasterDickmaster
Dickmaster
 
virus salami attack and trojan horse
virus salami attack and trojan horsevirus salami attack and trojan horse
virus salami attack and trojan horse
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types  !Type of Malware and its different analysis and its types  !
Type of Malware and its different analysis and its types !
 
Malwares
MalwaresMalwares
Malwares
 
Ethical Hacking4
Ethical Hacking4Ethical Hacking4
Ethical Hacking4
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
trojon horse Seminar report
 trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar report
 
MALWARE
MALWAREMALWARE
MALWARE
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 
virus
  virus  virus
virus
 

Trojan backdoors

  • 1. Trojan Horse program Back door and remote administration programs: Prepared By : Ibrahim Al qarout Supervisod By: Dr. Lo’ai Tawalbeh New York Institute of Technology Institute (NYIT)-Jordan
  • 2. Trojan Horse program   Name (Trojan horse) According to legend , the Greeks won the Trojan war by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. It was built and filled with Greek warriors to get in troy city and open doors for all warriors out side troy city waiting to enter the city.
  • 3. However there is another meaning of the term Trojan Horse in the field of computer architecture. Here it basically represents any piece of User Code which makes the Kernel Code access anything it would not have been able to access itself in the first place!. i.e make the OS do something it wasnt supposed to be doing.And such security loopholes are called Trojan Horses   In the context of computer software, a Trojan horse is a program that contains or installs a malicious program (sometimes called the payload )
  • 4. Types of Trojan horse (payloads) Trojan horse payloads are almost always designed to do various harmful things, but could be harmless. They are broken down in classification based on how they breach systems and the damage they cause. The seven main types of Trojan horse payloads are: 1.Remote Access 2. Email Sending 3. Data Destructive 4. FTP trojan (adding or copying data from the infected computer) 5. denial-of-service attack (DoS)
  • 5. Some examples are: 1.erasing or overwriting data on a computer. 2. Encrypting files in a crypto vital extortion attack. 3. Upload and download files. 4. Allowing remote access to the victim's computer. This is called a RAT. ( Remote administration tool) 5. Installing a backdoor on a computer system. 6. Opening and closing CD-ROM tray. 7. Harvest e-mail addresses and use them for Spam. 8. Restarts the computer whenever the infected program is started
  • 6. Trojan horse programs are an easy way for intruders to trick you (sometimes referred to as "social engineering") into installing "back door" programs. These can allow intruders easy access to your computer without your knowledge, change your system configurations, or infect your computer with a computer virus. Trojan horse may appear to be useful or interesting programs or very harmless to an unsuspecting user.
  • 7. There are two common types of Trojan horses. One, is otherwise useful software that has been corrupted by a cracker (it is software remove protection methods:copy prevention, trial/demo version, serial number, hardware key, CD ) . inserting malicious code that executes while the program is used.Examples 1.include various implementations of weather alerting programs. 2.computer clock setting software. 3. peer to peer file sharing utilities.
  • 8. The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.
  • 9. How you can know if you are under Trojan horse attack?       For example, you download what appears to be a movie  or music file, but when you click on it, you unleash a  dangerous program that erases your disk, sends your credit  card numbers and passwords to a stranger, or lets that stranger  hack your computer to commit illegal Denial of service  attacks . How do I get rid of Trojans?!? 1.Clean Re-installation: Back up your entire hard disk, format the disk, re-install the  operating system and all your applications from original CDs.  
  • 11. 4.. Avoid using peer to peer or P2P sharing networks like  kazaa,Lime wire Ares, or Guntella because they are generally  unprotected from viruses and Trojan Horse viruses spread  through them especially easily.  Some of these programs do offer some virus protection, but  this is often not strong enough. If you insist on using P2P, it  would be safe to not download files that claim to be "rare"  songs, books, movies, pictures, etc.
  • 12. Methods of Infection  1.You can be infected by visiting a rogue website. 2.Email: If you use Microsoft Outlook, you're vulnerable to many of the  same problems that Internet Explorer has, even if you don't use IE  directly. 3.Open ports: Computers running their own servers (HTTP, FTP, or  SMTP, for example), allowing Windows file sharing, or running programs  that provide filesharing capabilities such as Instant Messengers (AOL's  AIM, MSN Messenger, etc.) may have vulnerabilities similar to those  described above. These programs and services may open a network port  giving attackers a means for interacting with these programs from  anywhere on the Internet. Vulnerabilities allowing unauthorized remote  entry are regularly found in such programs, so they should be avoided or  properly secured.
  • 13. How do I avoid getting infected with (Trojan horse) in the future?   1.NEVER download blindly from people or sites which you  aren't 100% sure about   2. Even if the file comes from a friend, you still must be sure  what the file is before opening it   3. NEVER use features in your programs that automatically get  or preview files   4. Never blindly type commands that others tell you to type, or  go to web addresses mentioned by strangers, or run pre- fabricated programs or scripts
  • 14. Example of a simple Trojan horse 1.A simple example of a trojan horse would be a program  named “waterfalls.scr" claiming to be a free waterfall  screensaver which, when run, instead would allow access to  the user's computer remotely.   2. AIDS (trojan horse) AIDS, also known as Aids Info Disk or PC Cyborg Trojan, is  a trojan horse that replaces the AUTOEXEC.BAT file, which  would then be used by AIDS to count the number times the  computer has booted. Once this boot count reaches 90, AIDS  hides directories and encrypts the names of all files on drive  C: (rendering the system unusable).
  • 16. Back door and remote administration programs: On Windows computers, three tools commonly used by intruders to gain remote access to your computer are 1.BackOrifice: Back Orifice (often shortened to BO) is a controversial computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a pun on Microsoft BackOffice Server software.
  • 17. 2. Netbus NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor. 3. Sub Seven(help to hack other pc's). Sub7, or Sub Seven, is the name of a popular Trojan or backdoor program. It is mainly used by script kiddies for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing credit card details with a keystroke logger. These back door or remote administration programs, once installed, allow other people to access and control your computer.
  • 18. A Remote administration programs (tool): is used to remotely connect and manage a single or multiple computers with a variety of tools, such as: 1.Screen/camera capture or control 2. File management (download/upload/execute/etc.) 3. Computer control (power off/on/log off) 4. Registry management (query/add/delete/modify) 5. Shell control (usually piped from command prompt)
  • 19. we have 2 kind of connection: 1.Direct Connection A direct-connect RAT is a simple set-up where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability.
  • 20. 2. Reverse Connection new technology that came around about the same time that routers became popular. A few advantages of a reverse- connection: 1. No problems with routers blocking incoming data, because the connection is started outgoing for a server 2. Allows for mass-updating of servers by broadcasting commands, because many servers can easily connect to a single client.
  • 21. RAT (Remote access Trojans )Trojan Horses: (RAT)Malware or malicious software is software designed to infiltrate or damage a computer system without the owner's known. Many Trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads
  • 22. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also kill 1.ant virus software. 2.firewall software. *Fire wall: a logical barrier designed to prevent unauthorized or unwanted communications between sections of a computer network RAT Trojans can generally do the following: 1.Download, upload, delete, and rename files 2. Format drives 3. Open CD-ROM tray 4. Drop viruses and worms
  • 23. 5. Log keystrokes 6. Hack passwords, credit card no. 7. View, kill, and start tasks in task manager 8. Print text, Play sounds 9. Randomly move and click mouse Some RAT Trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's day or a holiday. RATS are generally not harmful, and won't log keystrokes or hack. They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons.
  • 24. Example of a Back door and remote administration programs: Name: Remote Administration Tool - RAT Aliases: Backdoor.RAT, RAT, Ports: 2989 (UDP), 1095, 1097, 1098, 1099 Files: Rat10.zip - 823 bytes Rat11.zip - 1.032 bytes Rat20.zip - 6,128 bytes Rat10.exe - 8,192 bytes Rat10akaremote administration tool.exe - 8,192 bytes Rat11.exe - 8,192 bytes Rat20.exe - 12,288 bytes Rat21.exe - 12,288 bytes Set-up.exe - 295,936 bytes .exe - Msgsvr16.exe - Pitcher.exe - 21,504 bytes Send.tags - 616 bytes Message.tags - Rat.c - 9,658 bytes Created: Nov 1999 Requires: N/A
  • 25. Actions: Remote Access / AOL Trojan Can register under 40 different HKEYs. Versions: 1.0, 1.1, 2.0, 2.1, 5.3, Registers: HLMSOFTWAREMicrosoftWindowsCurrentVersionRun HLMSOFTWAREMicrosoftWindowsCurrentVersion RunServices and some 38 other entries !!! Notes: Works on Windows 95, 98, ME and Unix [Linux and FreeBSD]. RAT server 1.1 has IRC support added. Send.tgz is Unix client. ˆ Source code is available. Country: N/A Program: Written in Visual Basic 5.
  • 26. Check if any unwanted program found in your system Using the process monitor from remote administration programs Tools, you will see whether any foreign programs are running on your computer. If you find some unwanted program, you can terminate it by clicking the 'Terminate Process' button on the Toolbar. So you can find out what programs are started behind your back
  • 29. The Difference Between a Virus and Trojan Horse A computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels. Much like human viruses, computer viruses can range in severity: Some viruses cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail.
  • 30. A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.
  • 31. Added into the mix, we also have what is called a blended threat. A blended threat is a sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one threat. Blended threats use server and Internet vulnerabilities to initiate, transmit and spread an attack. This combination of method and techniques means blended threats can spread quickly and cause widespread damage. Characteristics of blended threats include: causes harm, propagates by multiple methods, attacks from multiple points and exploits vulnerabilities. To be considered a blended thread, the attack would normally serve to transport multiple attacks in one payload. For example it wouldn't just launch a DoS attack — it would also install a backdoor and damage a local system in one shot.
  • 32. Additionally, blended threats are designed to use multiple modes of transport. For example, a worm may travel through e-mail, but a single blended threat could use multiple routes such as e-mail, IRC and file- sharing sharing networks. The actual attack itself is also not limited to a specific act. For example, rather than a specific attack on predetermined .exe files, a blended thread could modify exe files, HTML files and registry keys at the same time — basically it can cause damage within several areas of your network at one time. Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats require no human intervention to propagate.