Name (Trojan horse) According to legend , the Greeks won the Trojan war by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. It was built and filled with Greek warriors to get in troy city and open doors for all warriors out side troy city waiting to enter the city.
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Trojan Backdoors
1. Trojan Horse program
Back door and remote administration
programs:
Prepared By :
SYED JAUWAD
Supervisod By:
Dr. Lo’ai Tawalbeh
New York Institute of Technology
Institute (NYIT)-Jordan
2. Trojan Horse program
Name (Trojan horse)
According to legend , the Greeks won the Trojan war by
hiding in a huge, hollow wooden horse to sneak into the
fortified city of Troy.
It was built and filled with Greek warriors to get in troy city
and open doors for all warriors out side troy city waiting to
enter the city.
3. However there is another meaning of the term Trojan Horse in
the field of computer architecture. Here it basically represents
any piece of User Code which makes the Kernel Code access
anything it would not have been able to access itself in the
first place!. i.e make the OS do something it wasnt supposed
to be doing.And such security loopholes are called Trojan
Horses
In the context of computer software, a Trojan horse is a
program that contains or installs a malicious program
(sometimes called the payload )
4. Types of Trojan horse (payloads)
Trojan horse payloads are almost always designed to do
various harmful things, but could be harmless. They are
broken down in classification based on how they breach
systems and the damage they cause. The seven main types of
Trojan horse payloads are:
1.Remote Access
2. Email Sending
3. Data Destructive
4. FTP trojan (adding or copying data from the infected
computer)
5. denial-of-service attack (DoS)
5. Some examples are:
1.erasing or overwriting data on a computer.
2. Encrypting files in a crypto vital extortion attack.
3. Upload and download files.
4. Allowing remote access to the victim's computer. This
is called a RAT. (
Remote administration tool)
5. Installing a backdoor on a computer system.
6. Opening and closing CD-ROM tray.
7. Harvest e-mail addresses and use them for Spam.
8. Restarts the computer whenever the infected
program is started
6. Trojan horse programs are an easy way for intruders to
trick you (sometimes referred to as "social engineering") into
installing "back door" programs. These can allow intruders
easy access to your computer without your knowledge,
change your system configurations, or infect your computer
with a computer virus.
Trojan horse may appear to be useful or interesting
programs or very harmless to an unsuspecting user.
7. There are two common types of Trojan horses.
One, is otherwise useful software that has been corrupted by
a cracker (it is software remove protection methods:copy
prevention, trial/demo version, serial number, hardware key,
CD ) .
inserting malicious code that executes while the program is
used.Examples
1.include various implementations of
weather alerting programs.
2.computer clock setting software.
3. peer to peer file sharing utilities.
8. The other type is a standalone program that masquerades as
something else, like a game or image file, in order to trick the
user into some misdirected complicity that is needed to carry
out the program's objectives.
9. How you can know if you are under Trojan horse attack?
For example, you download what appears to be a movie or
music file, but when you click on it, you unleash a dangerous
program that erases your disk, sends your credit card numbers
and passwords to a stranger, or lets that stranger hack your
computer to commit illegal Denial of service attacks .
How do I get rid of Trojans?!?
1.Clean Re-installation:
Back up your entire hard disk, format the disk, re-install the
operating system and all your applications from original CDs.
10. 2. Anti-Virus Software:
anti-virus software is always going to be playing catch up
with active virus on the system. Make sure your computer has
an anti virus program on it and update it regularly. If you have
an auto-update option included in your anti-virus program you
should turn it on; that way if you forget to update your
software you can still be protected from threats
3. Anti-Trojan Programs:
These programs are the most effective against Trojan
horse attacks, because they specialize in Trojans
instead of general viruses.
11. 4.. Avoid using peer to peer or P2P sharing networks like
kazaa,Lime wire Ares, or Guntella because they are generally
unprotected from viruses and Trojan Horse viruses spread
through them especially easily.
Some of these programs do offer some virus protection, but
this is often not strong enough. If you insist on using P2P, it
would be safe to not download files that claim to be "rare"
songs, books, movies, pictures, etc.
12. Methods of Infection
1.You can be infected by visiting a rogue website.
2.Email: If you use Microsoft Outlook, you're vulnerable to many of the
same problems that Internet Explorer has, even if you don't use IE directly.
3.Open ports: Computers running their own servers (HTTP, FTP, or
SMTP, for example), allowing Windows file sharing, or running programs
that provide filesharing capabilities such as Instant Messengers (AOL's
AIM, MSN Messenger, etc.) may have vulnerabilities similar to those
described above. These programs and services may open a network port
giving attackers a means for interacting with these programs from
anywhere on the Internet. Vulnerabilities allowing unauthorized remote
entry are regularly found in such programs, so they should be avoided or
properly secured.
13. How do I avoid getting infected with (Trojan horse) in the
future?
1.NEVER download blindly from people or sites which you
aren't 100% sure about
2. Even if the file comes from a friend, you still must be sure
what the file is before opening it
3. NEVER use features in your programs that automatically get
or preview files
4. Never blindly type commands that others tell you to type, or
go to web addresses mentioned by strangers, or run pre-
fabricated programs or scripts
14. Example of a simple Trojan horse
1.A simple example of a trojan horse would be a program
named “waterfalls.scr" claiming to be a free waterfall
screensaver which, when run, instead would allow access to
the user's computer remotely.
2. AIDS (trojan horse)
AIDS, also known as Aids Info Disk or PC Cyborg Trojan, is
a trojan horse that replaces the AUTOEXEC.BAT file, which
would then be used by AIDS to count the number times the
computer has booted. Once this boot count reaches 90, AIDS
hides directories and encrypts the names of all files on drive
C: (rendering the system unusable).
16. Back door and remote administration
programs:
On Windows computers, three tools commonly used by
intruders to gain remote access to your computer are
1.BackOrifice:
Back Orifice (often shortened to BO) is a controversial
computer program designed for remote system
administration. It enables a user to control a computer
running the Microsoft Windows operating system from a
remote location. The name is a pun on Microsoft
BackOffice Server software.
17. 2. Netbus
NetBus or Netbus is a software program for remotely controlling a
Microsoft Windows computer system over a network. It was created
in 1998 and has been very controversial for its potential of being
used as a backdoor.
3. Sub Seven(help to hack other pc's).
Sub7, or Sub Seven, is the name of a popular Trojan or backdoor
program. It is mainly used by script kiddies for causing mischief,
such as hiding the computer cursor, changing system settings or
loading up pornographic websites. However, it can also be used for
more serious criminal applications, such as stealing credit card
details with a keystroke logger.
These back door or remote administration programs, once
installed, allow other people to access and control your computer.
18. A Remote administration programs (tool):
is used to remotely connect and manage a single or multiple
computers with a variety of tools, such as:
1.Screen/camera capture or control
2. File management (download/upload/execute/etc.)
3. Computer control (power off/on/log off)
4. Registry management (query/add/delete/modify)
5. Shell control (usually piped from command prompt)
19. we have 2 kind of connection:
1.Direct Connection
A direct-connect RAT is a simple set-up where the client
connects to a single or multiple servers directly. Stable
servers are multi-threaded, allowing for multiple clients
to be connected, along with increased reliability.
20. 2. Reverse Connection
new technology that came around about the same time that
routers became popular. A few advantages of a reverse-
connection:
1. No problems with routers blocking incoming data,
because the connection is started outgoing for a server
2. Allows for mass-updating of servers by broadcasting
commands, because many servers can easily connect to a
single client.
21. RAT (Remote access Trojans )Trojan
Horses:
(RAT)Malware or malicious software is software
designed to infiltrate or damage a computer system
without the owner's known.
Many Trojans and backdoors now have remote
administration capabilities allowing an individual to
control the victim's computer. Many times a file called
the server must be opened on the victim's computer
before the trojan can have access to it. These are
generally sent through email, P2P file sharing software,
and in internet downloads
22. They are usually disguised as a legitimate program or
file. Many server files will display a fake error message
when opened, to make it seem like it didn't open. Some
will also kill
1.ant virus software.
2.firewall software.
*Fire wall: a logical barrier designed to prevent
unauthorized or unwanted communications between
sections of a computer network
RAT Trojans can generally do the following:
1.Download, upload, delete, and rename files
2. Format drives
3. Open CD-ROM tray
4. Drop viruses and worms
23. 5. Log keystrokes
6. Hack passwords, credit card no.
7. View, kill, and start tasks in task manager
8. Print text, Play sounds
9. Randomly move and click mouse
Some RAT Trojans are pranks that are most likely being
controlled by a friend or enemy on April Fool's day or a
holiday. RATS are generally not harmful, and won't log
keystrokes or hack. They usually do whimsical things
like flip the screen upside-down, open the CD-ROM
tray, and swap mouse buttons.
24. Example of a Back door and remote administration programs:
Name:
Remote Administration Tool - RAT
Aliases:
Backdoor.RAT, RAT,
Ports:
2989 (UDP), 1095, 1097, 1098, 1099
Files:
Rat10.zip - 823 bytes Rat11.zip - 1.032 bytes Rat20.zip - 6,128 bytes
Rat10.exe - 8,192 bytes Rat10akaremote administration tool.exe - 8,192
bytes Rat11.exe - 8,192 bytes Rat20.exe - 12,288 bytes Rat21.exe - 12,288
bytes Set-up.exe - 295,936 bytes .exe - Msgsvr16.exe - Pitcher.exe -
21,504 bytes Send.tags - 616 bytes Message.tags - Rat.c - 9,658 bytes
Created:
Nov 1999
Requires:
N/A
25. Actions:
Remote Access / AOL Trojan
Can register under 40 different HKEYs.
Versions:
1.0, 1.1, 2.0, 2.1, 5.3,
Registers:
HLMSOFTWAREMicrosoftWindowsCurrentVersionRun
HLMSOFTWAREMicrosoftWindowsCurrentVersion RunServices
and some 38 other entries !!!
Notes:
Works on Windows 95, 98, ME and Unix [Linux and FreeBSD]. RAT
server 1.1 has IRC support added. Send.tgz is Unix client. ˆ Source code is
available.
Country:
N/A
Program:
Written in Visual Basic 5.
26. Check if any unwanted program found in your system
Using the process monitor from remote administration
programs Tools, you will see whether any foreign programs
are running on your computer.
If you find some unwanted program, you can terminate it by
clicking the 'Terminate Process' button on the Toolbar. So you
can find out what programs are started behind your back
29. The Difference Between a
Virus and Trojan Horse
A computer virus attaches itself to a program or file so it can spread from
one computer to another, leaving infections as it travels. Much like human
viruses, computer viruses can range in severity: Some viruses cause only
mildly annoying effects while others can damage your hardware, software
or files. Almost all viruses are attached to an executable file, which means
the virus may exist on your computer but it cannot infect your computer
unless you run or open the malicious program. It is important to note that a
virus cannot be spread without a human action, (such as running an
infected program) to keep it going. People continue the spread of a
computer virus, mostly unknowingly, by sharing infecting files or sending
e-mails with viruses as attachments in the e-mail.
30. A Trojan Horse is full of as much trickery as the mythological Trojan
Horse it was named after. The Trojan Horse, at first glance will appear to
be useful software but will actually do damage once installed or run on
your computer. Those on the receiving end of a Trojan Horse are usually
tricked into opening them because they appear to be receiving legitimate
software or files from a legitimate source. When a Trojan is activated on
your computer, the results can vary. Some Trojans are designed to be more
annoying than malicious (like changing your desktop, adding silly active
desktop icons) or they can cause serious damage by deleting files and
destroying information on your system. Trojans are also known to create a
backdoor on your computer that gives malicious users access to your
system, possibly allowing confidential or personal information to be
compromised. Unlike viruses and worms, Trojans do not reproduce by
infecting other files nor do they self-replicate.
31. Added into the mix, we also have what is called a blended threat. A
blended threat is a sophisticated attack that bundles some of the worst
aspects of viruses, worms, Trojan horses and malicious code into one
threat. Blended threats use server and Internet vulnerabilities to initiate,
transmit and spread an attack. This combination of method and techniques
means blended threats can spread quickly and cause widespread damage.
Characteristics of blended threats include: causes harm, propagates by
multiple methods, attacks from multiple points and exploits vulnerabilities.
To be considered a blended thread, the attack would normally serve to
transport multiple attacks in one payload. For example it wouldn't just
launch a DoS attack — it would also install a backdoor and damage a local
system in one shot.
32. Additionally, blended threats are designed to use multiple modes of
transport. For example, a worm may travel through e-mail, but a single
blended threat could use multiple routes such as e-mail, IRC and file-
sharing sharing networks. The actual attack itself is also not limited to a
specific act. For example, rather than a specific attack on predetermined
.exe files, a blended thread could modify exe files, HTML files and
registry keys at the same time — basically it can cause damage within
several areas of your network at one time.
Blended threats are considered to be the worst risk to security since the
inception of viruses, as most blended threats require no human
intervention to propagate.