SlideShare a Scribd company logo

Introduction to trojans and backdoors

Download as DOCX, PDF
J
jibinmanjooran

df

Technology
1 of 6
Introduction to Trojans and Backdoors Updated: 13 Oct 2010 | 1 comment FarzadCERTIFIED +2 2 Votes Introduction Trojans and Backdoors are sorts of Bad-wares which their main purpose is to send and receive data and especially commands through a port to another system. This port can be even a well-known port such as 80 or an out of regular ports like 7777. The Trojans are most of the time defaced and shown as a legitimate and harmless application to encourage the user to execute them. The main characteristic of a Trojan is that first it should be executed by the user, second sends or receive data with another system which is the attacker’s system. Sometimes the Trojan is combined with another application. This application can be a flash card, flash game, a patch for OS, or even an antivirus. But actually the file is built of two applications which one of them is the harmless application, and the other one is the Trojan file. Technically defined, a Trojan horse is “a malicious and security-breaking program which is designed as something benign”. Such a program is designed to cause damage, data leakage, or make the victim a medium to attack another system. A Trojan will be executed with the same privilege level as the user who executes it; nevertheless the Trojan may exploit vulnerabilities and increase the privilege. An important point is that not only the connection can be online (so that the commands or data are transmitted immediately between the hacker and victim), but also the communication can be offline and performed using emails, HTTP URL transmits or as the like. Auto Start Methods
One of the actions usually Trojans perform is to make themselves Auto-Start to be executed each time the system reboots. Below are some registry keys Trojan Horses modify for this purpose: HKLMSoftwareMicrosoftWindowsCurrent VersionRun HKLMSoftwareMicrosoftWindowsCurrent VersionRunonce HKLMSoftwareMicrosoftWindowsCurrent VersionRunServices HKLMSoftwareMicrosoftWindowsCurrent VersionRunServicesOnce HKLUSoftwareMicrosoftWindowsCurrent VersionRun HKLUSoftwareMicrosoftWindowsCurrent VersionRunOnce Types of Trojans Remote Access Trojans This sort of Trojans provides full or partial access and control over the victim system. The server application will be sent to the victim and a client listens on the hacker’s system. After the server is started, it establishes the connection with the client through a predefined port. Most of the Trojans are of this kind.
Data Sending Trojans Using email or a backdoor, this type of Trojan send data such as password, cookies or key strokes to the hacker’s system. Destructive Trojans These Trojans are to make destructions such as deleting files, corrupting OS, or make the system crash. If the Trojan is not for fun, usually the purpose of such Trojans is to inactivate a security system like an antivirus or firewall. DDos Attack Trojans This Trojans make the victim a Zombie to listen for commands sent from a DDos Server in the internet. There will be numerous infected systems standby for a command from the server and when the server sends the command to all or a group of infected systems, since all the systems perform the command simultaneously, a huge amount of legitimate request flood to a target and make the service stop responding. Proxy Trojans In order to avoid leaving tracks on the target, a hacker may send the commands or access the resources via another system so that all the records will show the other system and not the hacker’s identities. This sort of Trojans are to make a system works as a medium for attacking another system and therefore the Trojan transfers all the commands sent to it to the primary target and does not harm the proxy victim. Security Software Disabler Trojan This kind of Trojan disables the security system for further attacks. For instance they inactivate the antivirus or make it malfunction or make the firewall stop functioning. How to find the Trojan activity The best method to find the Trojan is by monitoring the ports transmitting data on the network adapter. Note that as mentioned above there are Trojans which can transmit the commands and data via standard ports such as 80 or SMPT (email) which this method of inspection is not effective on them. The command nbtstat is a very powerful tool to check which ports are used to send and receive data. You can use this command with switch –an for a proper result:
netstat –an If you want to check if a particular port is being used by any application, you can add the findstr to the command: netstat –an | findstr 8080 Wireshark is another application which can show all the data transferred on the Network Interface Card and using it you can see what data are being transmitted out the system, and what is the listener of the port. Some Trojan Samples Tini This Trojan listens to port 7777 and provides shell access to the victim’s system for the hacker. ICMD This application provides shell access, but can accept password and preferred port. NetBuss This Trojan has a GUI for controlling the victim’s system. Rather than a serious attack it’s mostly used for fun. Netcat (Known as NC) A very famous Trojan with many options for different methods of command and data transfer. Proxy Server Trojan This Trojan makes the victim a proxy for attacking another system. VNC Although VNC is not a malicious application however since it is not detected by the Antivirus systems it can be used as a means of Trojan horse attack.
Remote By Mail This Trojan can send and receive commands and data using series of emails. Although compared to a shell session the commands are very limited, however due to the protocol it uses (SMTP) it can bypass and evade most of the firewall systems. HTTP Rat This Trojan sends and receives commands by exchanging series of URLs with a server. Since it uses the HTTP protocol, it is a very dangerous Trojan and can evade almost all the firewall systems. Shttp Trojan Same as HTTP Rat Wrappers Wrapper is an application which can concatenate two executable files and produce an application containing both. Most of the times, the Wrapper is used to attach a Trojan file to a small harmless application such as a flash card to deceive the targeted user and encourage him to execute it. Some Wrappers are able to make modifications on the Trojan horse such as compressing it or adding blanks to the end of it and hide it to be detected by the Antivirus’. Some Wrappers Samples Wrapper Convert Program One File EXE Maker Yet Another Builder (Known as YAB and is a very powerful and dangerous application) Defacing Applications Defacing application is a very simple and almost harmless application which can be used to change the icon of an executable file.
Whereas the icon of the Trojan is usually the default icon of the executable files, the hacker maybe change the Trojan’s icon and fake it as a harmless application or even another application such as a Microsoft Word document or a text file.

Recommended

BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors SeminarChaitali Patel
 
Backdoor
BackdoorBackdoor
Backdoor
phanleson
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
Gaurav Dalvi
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoorsseth edmond
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoorsmridulahuja
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
Shrey Vyas
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detection
n|u - The Open Security Community
 
Seminar On Trojan Horse
Seminar On Trojan HorseSeminar On Trojan Horse
Seminar On Trojan Horse
Nikhil Chabukswar
 

Recommended

BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors SeminarChaitali Patel
 
Backdoor
BackdoorBackdoor
Backdoor
phanleson
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
Gaurav Dalvi
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoorsseth edmond
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoorsmridulahuja
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
Shrey Vyas
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detection
n|u - The Open Security Community
 
Seminar On Trojan Horse
Seminar On Trojan HorseSeminar On Trojan Horse
Seminar On Trojan Horse
Nikhil Chabukswar
 
The Trojan Horse (Computing)
The Trojan Horse (Computing)The Trojan Horse (Computing)
The Trojan Horse (Computing)Angel Sophie
 
Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking
IT Department Akre
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
Ankit Mistry
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virus
sitinursyafiqah
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmesh
Dharmesh Kumar Sharma
 
Presentation
PresentationPresentation
PresentationNishant Barot
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkit
Nikhil Pandit
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virus
Cassidy Lajangang
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & Keyloggers
Jithin James
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)
NamanKikani
 
Ethical Hacking4
Ethical Hacking4Ethical Hacking4
Ethical Hacking4dodontn
 
Impact of ict on society virus
Impact of ict on society virus Impact of ict on society virus
Impact of ict on society virus
Ranjeta Muniandy
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
intertelinvestigations
 
Cyber Security Seminar Day 2
Cyber Security Seminar Day 2Cyber Security Seminar Day 2
Cyber Security Seminar Day 2
Apurv Singh Gautam
 
Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your EnemiesSoftex Software House
 
Computer Security
Computer SecurityComputer Security
Computer SecuritySatyajit Das
 
Trojan
TrojanTrojan
Trojanbelcy d mathews
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.
Anuj Khandelwal
 
It act seminar
It act seminarIt act seminar
It act seminarAkshay Sharma
 
CRM, Technology and Fitness
CRM, Technology and FitnessCRM, Technology and Fitness
CRM, Technology and FitnessThe Concept Store
 
Malwares
MalwaresMalwares
Malwares
Abolfazl Naderi
 

More Related Content

What's hot

The Trojan Horse (Computing)
The Trojan Horse (Computing)The Trojan Horse (Computing)
The Trojan Horse (Computing)Angel Sophie
 
Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking
IT Department Akre
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
Ankit Mistry
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virus
sitinursyafiqah
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmesh
Dharmesh Kumar Sharma
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkit
Nikhil Pandit
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virus
Cassidy Lajangang
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & Keyloggers
Jithin James
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)
NamanKikani
 
Ethical Hacking4
Ethical Hacking4Ethical Hacking4
Ethical Hacking4dodontn
 
Impact of ict on society virus
Impact of ict on society virus Impact of ict on society virus
Impact of ict on society virus
Ranjeta Muniandy
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
intertelinvestigations
 
Cyber Security Seminar Day 2
Cyber Security Seminar Day 2Cyber Security Seminar Day 2
Cyber Security Seminar Day 2
Apurv Singh Gautam
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.
Anuj Khandelwal
 

What's hot (20)

The Trojan Horse (Computing)
The Trojan Horse (Computing)The Trojan Horse (Computing)
The Trojan Horse (Computing)
 
Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virus
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virus
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmesh
 
Presentation
PresentationPresentation
Presentation
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkit
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virus
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & Keyloggers
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)
 
Ethical Hacking4
Ethical Hacking4Ethical Hacking4
Ethical Hacking4
 
Impact of ict on society virus
Impact of ict on society virus Impact of ict on society virus
Impact of ict on society virus
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
 
Cyber Security Seminar Day 2
Cyber Security Seminar Day 2Cyber Security Seminar Day 2
Cyber Security Seminar Day 2
 
Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your Enemies
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Trojan
TrojanTrojan
Trojan
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.
 
It act seminar
It act seminarIt act seminar
It act seminar
 

Viewers also liked

Malwares
MalwaresMalwares
Malwares
Abolfazl Naderi
 
ISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDFISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDFAshley Faciane
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
mkgspsu
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoors
mridulahuja
 
CyberLab CCEH Session - 6 Trojans and Backdoors
CyberLab CCEH Session - 6 Trojans and BackdoorsCyberLab CCEH Session - 6 Trojans and Backdoors
CyberLab CCEH Session - 6 Trojans and Backdoors
CyberLab
 
CEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and BackdoorsCEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and Backdoors
Avirot Mitamura
 
How would you find what you can't see?
How would you find what you can't see?How would you find what you can't see?
How would you find what you can't see?
pinkflawd
 
Penetración con una Backdoor
Penetración con una BackdoorPenetración con una Backdoor
Penetración con una Backdoor
NEGOCIOS PROPIOS
 
Finding the back door to people’s hearts
Finding the back door to people’s heartsFinding the back door to people’s hearts
Finding the back door to people’s hearts
Third Column Ministries
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
kdore
 
Onapsis SAP Backdoors
Onapsis SAP BackdoorsOnapsis SAP Backdoors
Onapsis SAP Backdoors
Onapsis Inc.
 
How to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanHow to Backdoor Diffie-Hellman
How to Backdoor Diffie-Hellman
David Wong
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer Jungle
Jason S
 
KeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timeKeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long time
n|u - The Open Security Community
 
Cehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsCehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and Backdoors
Vuz Dở Hơi
 
Java Database Connectivity
Java Database ConnectivityJava Database Connectivity
Java Database Connectivitybackdoor
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?
amiable_indian
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 

Viewers also liked (20)

CRM, Technology and Fitness
CRM, Technology and FitnessCRM, Technology and Fitness
CRM, Technology and Fitness
 
Malwares
MalwaresMalwares
Malwares
 
ISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDFISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDF
 
File000145
File000145File000145
File000145
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoors
 
CyberLab CCEH Session - 6 Trojans and Backdoors
CyberLab CCEH Session - 6 Trojans and BackdoorsCyberLab CCEH Session - 6 Trojans and Backdoors
CyberLab CCEH Session - 6 Trojans and Backdoors
 
CEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and BackdoorsCEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and Backdoors
 
How would you find what you can't see?
How would you find what you can't see?How would you find what you can't see?
How would you find what you can't see?
 
Penetración con una Backdoor
Penetración con una BackdoorPenetración con una Backdoor
Penetración con una Backdoor
 
Finding the back door to people’s hearts
Finding the back door to people’s heartsFinding the back door to people’s hearts
Finding the back door to people’s hearts
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
 
Onapsis SAP Backdoors
Onapsis SAP BackdoorsOnapsis SAP Backdoors
Onapsis SAP Backdoors
 
How to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanHow to Backdoor Diffie-Hellman
How to Backdoor Diffie-Hellman
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer Jungle
 
KeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timeKeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long time
 
Cehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsCehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and Backdoors
 
Java Database Connectivity
Java Database ConnectivityJava Database Connectivity
Java Database Connectivity
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 

Similar to Introduction to trojans and backdoors

RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan Bansal
OWASP Delhi
 
The trojan horse virus
The trojan horse virusThe trojan horse virus
The trojan horse virus
HTS Hosting
 
Trojan Backdoors
Trojan BackdoorsTrojan Backdoors
Trojan Backdoors
JauwadSyed
 
Introduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinIntroduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam hussein
Eslam Hussein
 
Software security
Software securitySoftware security
Software security
jes_d
 
Trojan horse
Trojan horseTrojan horse
Trojan horse
Gaurang Rathod
 
Computing safety
Computing safetyComputing safety
Computing safety
Brulius
 
Information security
Information securityInformation security
Information security
JAMEEL AHMED KHOSO
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
Ave Nawsh
 
Security Software
Security SoftwareSecurity Software
Security Software
bennybigbang
 
System_security.pptx
System_security.pptxSystem_security.pptx
System_security.pptx
SusmitaSaha812194
 
Trojan Virus.pptx
Trojan Virus.pptxTrojan Virus.pptx
Trojan Virus.pptx
HanhSajiDozonArre
 
Trojan and Virus,Trojan horse,virus,how to make and defend the virus
Trojan and Virus,Trojan horse,virus,how to make and defend the virusTrojan and Virus,Trojan horse,virus,how to make and defend the virus
Trojan and Virus,Trojan horse,virus,how to make and defend the virus
ABHAY PATHAK
 
Atul trojan horse ppt 101
Atul trojan horse ppt 101Atul trojan horse ppt 101
Atul trojan horse ppt 101
Atuk4
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
piyushkamble6
 
maliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannyamaliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannya
SYYULIANISKOMMT
 

Similar to Introduction to trojans and backdoors (20)

RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan Bansal
 
The trojan horse virus
The trojan horse virusThe trojan horse virus
The trojan horse virus
 
Trojan Backdoors
Trojan BackdoorsTrojan Backdoors
Trojan Backdoors
 
Case study
Case studyCase study
Case study
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Introduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinIntroduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam hussein
 
Software security
Software securitySoftware security
Software security
 
Trojan horse
Trojan horseTrojan horse
Trojan horse
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Information security
Information securityInformation security
Information security
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Security Software
Security SoftwareSecurity Software
Security Software
 
System_security.pptx
System_security.pptxSystem_security.pptx
System_security.pptx
 
virus
virus virus
virus
 
Trojan Virus.pptx
Trojan Virus.pptxTrojan Virus.pptx
Trojan Virus.pptx
 
Trojan and Virus,Trojan horse,virus,how to make and defend the virus
Trojan and Virus,Trojan horse,virus,how to make and defend the virusTrojan and Virus,Trojan horse,virus,how to make and defend the virus
Trojan and Virus,Trojan horse,virus,how to make and defend the virus
 
Atul trojan horse ppt 101
Atul trojan horse ppt 101Atul trojan horse ppt 101
Atul trojan horse ppt 101
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
Mitppt
MitpptMitppt
Mitppt
 
maliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannyamaliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannya
 

Recently uploaded

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 

Recently uploaded (20)

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 

Introduction to trojans and backdoors

  • 1. Introduction to Trojans and Backdoors Updated: 13 Oct 2010 | 1 comment FarzadCERTIFIED +2 2 Votes Introduction Trojans and Backdoors are sorts of Bad-wares which their main purpose is to send and receive data and especially commands through a port to another system. This port can be even a well-known port such as 80 or an out of regular ports like 7777. The Trojans are most of the time defaced and shown as a legitimate and harmless application to encourage the user to execute them. The main characteristic of a Trojan is that first it should be executed by the user, second sends or receive data with another system which is the attacker’s system. Sometimes the Trojan is combined with another application. This application can be a flash card, flash game, a patch for OS, or even an antivirus. But actually the file is built of two applications which one of them is the harmless application, and the other one is the Trojan file. Technically defined, a Trojan horse is “a malicious and security-breaking program which is designed as something benign”. Such a program is designed to cause damage, data leakage, or make the victim a medium to attack another system. A Trojan will be executed with the same privilege level as the user who executes it; nevertheless the Trojan may exploit vulnerabilities and increase the privilege. An important point is that not only the connection can be online (so that the commands or data are transmitted immediately between the hacker and victim), but also the communication can be offline and performed using emails, HTTP URL transmits or as the like. Auto Start Methods
  • 2. One of the actions usually Trojans perform is to make themselves Auto-Start to be executed each time the system reboots. Below are some registry keys Trojan Horses modify for this purpose: HKLMSoftwareMicrosoftWindowsCurrent VersionRun HKLMSoftwareMicrosoftWindowsCurrent VersionRunonce HKLMSoftwareMicrosoftWindowsCurrent VersionRunServices HKLMSoftwareMicrosoftWindowsCurrent VersionRunServicesOnce HKLUSoftwareMicrosoftWindowsCurrent VersionRun HKLUSoftwareMicrosoftWindowsCurrent VersionRunOnce Types of Trojans Remote Access Trojans This sort of Trojans provides full or partial access and control over the victim system. The server application will be sent to the victim and a client listens on the hacker’s system. After the server is started, it establishes the connection with the client through a predefined port. Most of the Trojans are of this kind.
  • 3. Data Sending Trojans Using email or a backdoor, this type of Trojan send data such as password, cookies or key strokes to the hacker’s system. Destructive Trojans These Trojans are to make destructions such as deleting files, corrupting OS, or make the system crash. If the Trojan is not for fun, usually the purpose of such Trojans is to inactivate a security system like an antivirus or firewall. DDos Attack Trojans This Trojans make the victim a Zombie to listen for commands sent from a DDos Server in the internet. There will be numerous infected systems standby for a command from the server and when the server sends the command to all or a group of infected systems, since all the systems perform the command simultaneously, a huge amount of legitimate request flood to a target and make the service stop responding. Proxy Trojans In order to avoid leaving tracks on the target, a hacker may send the commands or access the resources via another system so that all the records will show the other system and not the hacker’s identities. This sort of Trojans are to make a system works as a medium for attacking another system and therefore the Trojan transfers all the commands sent to it to the primary target and does not harm the proxy victim. Security Software Disabler Trojan This kind of Trojan disables the security system for further attacks. For instance they inactivate the antivirus or make it malfunction or make the firewall stop functioning. How to find the Trojan activity The best method to find the Trojan is by monitoring the ports transmitting data on the network adapter. Note that as mentioned above there are Trojans which can transmit the commands and data via standard ports such as 80 or SMPT (email) which this method of inspection is not effective on them. The command nbtstat is a very powerful tool to check which ports are used to send and receive data. You can use this command with switch –an for a proper result:
  • 4. netstat –an If you want to check if a particular port is being used by any application, you can add the findstr to the command: netstat –an | findstr 8080 Wireshark is another application which can show all the data transferred on the Network Interface Card and using it you can see what data are being transmitted out the system, and what is the listener of the port. Some Trojan Samples Tini This Trojan listens to port 7777 and provides shell access to the victim’s system for the hacker. ICMD This application provides shell access, but can accept password and preferred port. NetBuss This Trojan has a GUI for controlling the victim’s system. Rather than a serious attack it’s mostly used for fun. Netcat (Known as NC) A very famous Trojan with many options for different methods of command and data transfer. Proxy Server Trojan This Trojan makes the victim a proxy for attacking another system. VNC Although VNC is not a malicious application however since it is not detected by the Antivirus systems it can be used as a means of Trojan horse attack.
  • 5. Remote By Mail This Trojan can send and receive commands and data using series of emails. Although compared to a shell session the commands are very limited, however due to the protocol it uses (SMTP) it can bypass and evade most of the firewall systems. HTTP Rat This Trojan sends and receives commands by exchanging series of URLs with a server. Since it uses the HTTP protocol, it is a very dangerous Trojan and can evade almost all the firewall systems. Shttp Trojan Same as HTTP Rat Wrappers Wrapper is an application which can concatenate two executable files and produce an application containing both. Most of the times, the Wrapper is used to attach a Trojan file to a small harmless application such as a flash card to deceive the targeted user and encourage him to execute it. Some Wrappers are able to make modifications on the Trojan horse such as compressing it or adding blanks to the end of it and hide it to be detected by the Antivirus’. Some Wrappers Samples Wrapper Convert Program One File EXE Maker Yet Another Builder (Known as YAB and is a very powerful and dangerous application) Defacing Applications Defacing application is a very simple and almost harmless application which can be used to change the icon of an executable file.
  • 6. Whereas the icon of the Trojan is usually the default icon of the executable files, the hacker maybe change the Trojan’s icon and fake it as a harmless application or even another application such as a Microsoft Word document or a text file.