SlideShare a Scribd company logo

Trojan Backdoors

Download as PPT, PDF
JauwadSyed
JauwadSyed

Name (Trojan horse) According to legend , the Greeks won the Trojan war by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. It was built and filled with Greek warriors to get in troy city and open doors for all warriors out side troy city waiting to enter the city.

Internet
1 of 32
Trojan Horse program Back door and remote administration programs: Prepared By : SYED JAUWAD Supervisod By: Dr. Lo’ai Tawalbeh New York Institute of Technology Institute (NYIT)-Jordan
Trojan Horse program Name (Trojan horse) According to legend , the Greeks won the Trojan war by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. It was built and filled with Greek warriors to get in troy city and open doors for all warriors out side troy city waiting to enter the city.
However there is another meaning of the term Trojan Horse in the field of computer architecture. Here it basically represents any piece of User Code which makes the Kernel Code access anything it would not have been able to access itself in the first place!. i.e make the OS do something it wasnt supposed to be doing.And such security loopholes are called Trojan Horses In the context of computer software, a Trojan horse is a program that contains or installs a malicious program (sometimes called the payload )
Types of Trojan horse (payloads) Trojan horse payloads are almost always designed to do various harmful things, but could be harmless. They are broken down in classification based on how they breach systems and the damage they cause. The seven main types of Trojan horse payloads are: 1.Remote Access 2. Email Sending 3. Data Destructive 4. FTP trojan (adding or copying data from the infected computer) 5. denial-of-service attack (DoS)
Some examples are: 1.erasing or overwriting data on a computer. 2. Encrypting files in a crypto vital extortion attack. 3. Upload and download files. 4. Allowing remote access to the victim's computer. This is called a RAT. ( Remote administration tool) 5. Installing a backdoor on a computer system. 6. Opening and closing CD-ROM tray. 7. Harvest e-mail addresses and use them for Spam. 8. Restarts the computer whenever the infected program is started
Trojan horse programs are an easy way for intruders to trick you (sometimes referred to as "social engineering") into installing "back door" programs. These can allow intruders easy access to your computer without your knowledge, change your system configurations, or infect your computer with a computer virus. Trojan horse may appear to be useful or interesting programs or very harmless to an unsuspecting user.
There are two common types of Trojan horses. One, is otherwise useful software that has been corrupted by a cracker (it is software remove protection methods:copy prevention, trial/demo version, serial number, hardware key, CD ) . inserting malicious code that executes while the program is used.Examples 1.include various implementations of weather alerting programs. 2.computer clock setting software. 3. peer to peer file sharing utilities.
The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.
How you can know if you are under Trojan horse attack? For example, you download what appears to be a movie or music file, but when you click on it, you unleash a dangerous program that erases your disk, sends your credit card numbers and passwords to a stranger, or lets that stranger hack your computer to commit illegal Denial of service attacks . How do I get rid of Trojans?!? 1.Clean Re-installation: Back up your entire hard disk, format the disk, re-install the operating system and all your applications from original CDs.
2. Anti-Virus Software: anti-virus software is always going to be playing catch up with active virus on the system. Make sure your computer has an anti virus program on it and update it regularly. If you have an auto-update option included in your anti-virus program you should turn it on; that way if you forget to update your software you can still be protected from threats 3. Anti-Trojan Programs: These programs are the most effective against Trojan horse attacks, because they specialize in Trojans instead of general viruses.
4.. Avoid using peer to peer or P2P sharing networks like kazaa,Lime wire Ares, or Guntella because they are generally unprotected from viruses and Trojan Horse viruses spread through them especially easily. Some of these programs do offer some virus protection, but this is often not strong enough. If you insist on using P2P, it would be safe to not download files that claim to be "rare" songs, books, movies, pictures, etc.
Methods of Infection 1.You can be infected by visiting a rogue website. 2.Email: If you use Microsoft Outlook, you're vulnerable to many of the same problems that Internet Explorer has, even if you don't use IE directly. 3.Open ports: Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide filesharing capabilities such as Instant Messengers (AOL's AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured.
How do I avoid getting infected with (Trojan horse) in the future? 1.NEVER download blindly from people or sites which you aren't 100% sure about 2. Even if the file comes from a friend, you still must be sure what the file is before opening it 3. NEVER use features in your programs that automatically get or preview files 4. Never blindly type commands that others tell you to type, or go to web addresses mentioned by strangers, or run pre- fabricated programs or scripts
Example of a simple Trojan horse 1.A simple example of a trojan horse would be a program named “waterfalls.scr" claiming to be a free waterfall screensaver which, when run, instead would allow access to the user's computer remotely. 2. AIDS (trojan horse) AIDS, also known as Aids Info Disk or PC Cyborg Trojan, is a trojan horse that replaces the AUTOEXEC.BAT file, which would then be used by AIDS to count the number times the computer has booted. Once this boot count reaches 90, AIDS hides directories and encrypts the names of all files on drive C: (rendering the system unusable).
Back door and remote administration programs:
Back door and remote administration programs: On Windows computers, three tools commonly used by intruders to gain remote access to your computer are 1.BackOrifice: Back Orifice (often shortened to BO) is a controversial computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a pun on Microsoft BackOffice Server software.
2. Netbus NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor. 3. Sub Seven(help to hack other pc's). Sub7, or Sub Seven, is the name of a popular Trojan or backdoor program. It is mainly used by script kiddies for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing credit card details with a keystroke logger. These back door or remote administration programs, once installed, allow other people to access and control your computer.
A Remote administration programs (tool): is used to remotely connect and manage a single or multiple computers with a variety of tools, such as: 1.Screen/camera capture or control 2. File management (download/upload/execute/etc.) 3. Computer control (power off/on/log off) 4. Registry management (query/add/delete/modify) 5. Shell control (usually piped from command prompt)
we have 2 kind of connection: 1.Direct Connection A direct-connect RAT is a simple set-up where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability.
2. Reverse Connection new technology that came around about the same time that routers became popular. A few advantages of a reverse- connection: 1. No problems with routers blocking incoming data, because the connection is started outgoing for a server 2. Allows for mass-updating of servers by broadcasting commands, because many servers can easily connect to a single client.
RAT (Remote access Trojans )Trojan Horses: (RAT)Malware or malicious software is software designed to infiltrate or damage a computer system without the owner's known. Many Trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads
They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also kill 1.ant virus software. 2.firewall software. *Fire wall: a logical barrier designed to prevent unauthorized or unwanted communications between sections of a computer network RAT Trojans can generally do the following: 1.Download, upload, delete, and rename files 2. Format drives 3. Open CD-ROM tray 4. Drop viruses and worms
5. Log keystrokes 6. Hack passwords, credit card no. 7. View, kill, and start tasks in task manager 8. Print text, Play sounds 9. Randomly move and click mouse Some RAT Trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's day or a holiday. RATS are generally not harmful, and won't log keystrokes or hack. They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons.
Example of a Back door and remote administration programs: Name: Remote Administration Tool - RAT Aliases: Backdoor.RAT, RAT, Ports: 2989 (UDP), 1095, 1097, 1098, 1099 Files: Rat10.zip - 823 bytes Rat11.zip - 1.032 bytes Rat20.zip - 6,128 bytes Rat10.exe - 8,192 bytes Rat10akaremote administration tool.exe - 8,192 bytes Rat11.exe - 8,192 bytes Rat20.exe - 12,288 bytes Rat21.exe - 12,288 bytes Set-up.exe - 295,936 bytes .exe - Msgsvr16.exe - Pitcher.exe - 21,504 bytes Send.tags - 616 bytes Message.tags - Rat.c - 9,658 bytes Created: Nov 1999 Requires: N/A
Actions: Remote Access / AOL Trojan Can register under 40 different HKEYs. Versions: 1.0, 1.1, 2.0, 2.1, 5.3, Registers: HLMSOFTWAREMicrosoftWindowsCurrentVersionRun HLMSOFTWAREMicrosoftWindowsCurrentVersion RunServices and some 38 other entries !!! Notes: Works on Windows 95, 98, ME and Unix [Linux and FreeBSD]. RAT server 1.1 has IRC support added. Send.tgz is Unix client. ˆ Source code is available. Country: N/A Program: Written in Visual Basic 5.
Check if any unwanted program found in your system Using the process monitor from remote administration programs Tools, you will see whether any foreign programs are running on your computer. If you find some unwanted program, you can terminate it by clicking the 'Terminate Process' button on the Toolbar. So you can find out what programs are started behind your back
END…………….
Extra information….
The Difference Between a Virus and Trojan Horse A computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels. Much like human viruses, computer viruses can range in severity: Some viruses cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail.
A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.
Added into the mix, we also have what is called a blended threat. A blended threat is a sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one threat. Blended threats use server and Internet vulnerabilities to initiate, transmit and spread an attack. This combination of method and techniques means blended threats can spread quickly and cause widespread damage. Characteristics of blended threats include: causes harm, propagates by multiple methods, attacks from multiple points and exploits vulnerabilities. To be considered a blended thread, the attack would normally serve to transport multiple attacks in one payload. For example it wouldn't just launch a DoS attack — it would also install a backdoor and damage a local system in one shot.
Additionally, blended threats are designed to use multiple modes of transport. For example, a worm may travel through e-mail, but a single blended threat could use multiple routes such as e-mail, IRC and file- sharing sharing networks. The actual attack itself is also not limited to a specific act. For example, rather than a specific attack on predetermined .exe files, a blended thread could modify exe files, HTML files and registry keys at the same time — basically it can cause damage within several areas of your network at one time. Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats require no human intervention to propagate.

Recommended

Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoors
seth edmond
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
Mirza Adnan Baig
 
Information security
Information securityInformation security
Information security
JAMEEL AHMED KHOSO
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
Shrey Vyas
 
Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)
siti zulaikha
 
virus salami attack and trojan horse
virus salami attack and trojan horsevirus salami attack and trojan horse
virus salami attack and trojan horse
siti zulaikha
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
Manish Kumar
 
virus
virus virus
virus
增福 蔡增福
 

Recommended

Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoors
seth edmond
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
Mirza Adnan Baig
 
Information security
Information securityInformation security
Information security
JAMEEL AHMED KHOSO
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
Shrey Vyas
 
Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)
siti zulaikha
 
virus salami attack and trojan horse
virus salami attack and trojan horsevirus salami attack and trojan horse
virus salami attack and trojan horse
siti zulaikha
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
Manish Kumar
 
virus
virus virus
virus
增福 蔡增福
 
Presentation2
Presentation2Presentation2
Presentation2
Jeslynn
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
CAS
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
sandeep shergill
 
RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan Bansal
OWASP Delhi
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
PriSim
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To Malwares
Cyber Vignan
 
Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your Enemies
Softex Software House
 
Presentation24190
Presentation24190Presentation24190
Presentation24190
KRT395
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
Mohammed Jaseem Tp
 
Computervirus
Computervirus Computervirus
Computervirus
Dushyant Shekhawat
 
It act seminar
It act seminarIt act seminar
It act seminar
Akshay Sharma
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
richarddxd
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
Sagilasagi1
 
Mitppt
MitpptMitppt
Mitppt
Aarti Prakash
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
Satria Ady Pradana
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)
ainizbahari97
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virus
sumitra22
 
Dickmaster
DickmasterDickmaster
Dickmaster
DickMaster1
 
Virus&malware
Virus&malwareVirus&malware
Virus&malware
Robin Garza
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
Muniba Bukhari
 
Data mining / data extraction 2024
Data mining / data extraction 2024Data mining / data extraction 2024
Data mining / data extraction 2024
JauwadSyed
 
Fractal and Bayesian Networks Inference
Fractal and Bayesian Networks InferenceFractal and Bayesian Networks Inference
Fractal and Bayesian Networks Inference
JauwadSyed
 

More Related Content

Similar to Trojan Backdoors

Presentation2
Presentation2Presentation2
Presentation2
Jeslynn
 
Presentation24190
Presentation24190Presentation24190
Presentation24190
KRT395
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
richarddxd
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)
ainizbahari97
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virus
sumitra22
 

Similar to Trojan Backdoors (20)

Presentation2
Presentation2Presentation2
Presentation2
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan Bansal
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To Malwares
 
Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your Enemies
 
Presentation24190
Presentation24190Presentation24190
Presentation24190
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
 
Computervirus
Computervirus Computervirus
Computervirus
 
It act seminar
It act seminarIt act seminar
It act seminar
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Mitppt
MitpptMitppt
Mitppt
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virus
 
Dickmaster
DickmasterDickmaster
Dickmaster
 
Virus&malware
Virus&malwareVirus&malware
Virus&malware
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 

More from JauwadSyed

More from JauwadSyed (20)

Data mining / data extraction 2024
Data mining / data extraction 2024Data mining / data extraction 2024
Data mining / data extraction 2024
 
Fractal and Bayesian Networks Inference
Fractal and Bayesian Networks InferenceFractal and Bayesian Networks Inference
Fractal and Bayesian Networks Inference
 
The Koch Snowflake SELF SIMILAR CONCEPTS
The Koch Snowflake SELF SIMILAR CONCEPTSThe Koch Snowflake SELF SIMILAR CONCEPTS
The Koch Snowflake SELF SIMILAR CONCEPTS
 
Fractal Geometry A new branch of mathematics
Fractal Geometry A new branch of mathematicsFractal Geometry A new branch of mathematics
Fractal Geometry A new branch of mathematics
 
BRAIN COMPUTER INTERFACE AND TECHNOLOGY
BRAIN COMPUTER INTERFACE AND TECHNOLOGYBRAIN COMPUTER INTERFACE AND TECHNOLOGY
BRAIN COMPUTER INTERFACE AND TECHNOLOGY
 
EYE GAZE IN TURNTAKING IN SIGN LANGUAGE INTERACTION
EYE GAZE IN TURNTAKING IN SIGN LANGUAGE INTERACTIONEYE GAZE IN TURNTAKING IN SIGN LANGUAGE INTERACTION
EYE GAZE IN TURNTAKING IN SIGN LANGUAGE INTERACTION
 
WIRELESS COMMUNICATION IN HEALTH CARE.ppt
WIRELESS COMMUNICATION IN HEALTH CARE.pptWIRELESS COMMUNICATION IN HEALTH CARE.ppt
WIRELESS COMMUNICATION IN HEALTH CARE.ppt
 
zigbee operates TRENDING TECHNOLOGY 2024
zigbee operates TRENDING TECHNOLOGY 2024zigbee operates TRENDING TECHNOLOGY 2024
zigbee operates TRENDING TECHNOLOGY 2024
 
Interdisciplinary
InterdisciplinaryInterdisciplinary
Interdisciplinary
 
Cognitive development
Cognitive developmentCognitive development
Cognitive development
 
Noise abatement training presentation
Noise abatement training presentationNoise abatement training presentation
Noise abatement training presentation
 
GREEN CLOUD COMPUTING
GREEN CLOUD COMPUTINGGREEN CLOUD COMPUTING
GREEN CLOUD COMPUTING
 
wildlife-conseravtion
wildlife-conseravtionwildlife-conseravtion
wildlife-conseravtion
 
Presentation on eu ets & aviation for iffaad
Presentation on eu ets & aviation for iffaadPresentation on eu ets & aviation for iffaad
Presentation on eu ets & aviation for iffaad
 
Bearing
BearingBearing
Bearing
 
Technology
TechnologyTechnology
Technology
 
Disaster Management in India Past, Present and Future
Disaster Management in India Past, Present and FutureDisaster Management in India Past, Present and Future
Disaster Management in India Past, Present and Future
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
Noise Reduction for Internal Combustion Engines
Noise Reduction for Internal Combustion Engines Noise Reduction for Internal Combustion Engines
Noise Reduction for Internal Combustion Engines
 
Disaster Management Activities in region by youth
Disaster Management Activities in region by youthDisaster Management Activities in region by youth
Disaster Management Activities in region by youth
 

Recently uploaded

一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理
F
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...
Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...
Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...
Sareena Khatun
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
gragchanchal546
 
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
apekaom
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理
SS
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 

Recently uploaded (20)

一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Research Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptxResearch Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptx
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...
Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...
Delivery in 20 Mins Call Girls Cuttack 9332606886 HOT & SEXY Models beautifu...
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
 
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 

Trojan Backdoors

  • 1. Trojan Horse program Back door and remote administration programs: Prepared By : SYED JAUWAD Supervisod By: Dr. Lo’ai Tawalbeh New York Institute of Technology Institute (NYIT)-Jordan
  • 2. Trojan Horse program Name (Trojan horse) According to legend , the Greeks won the Trojan war by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. It was built and filled with Greek warriors to get in troy city and open doors for all warriors out side troy city waiting to enter the city.
  • 3. However there is another meaning of the term Trojan Horse in the field of computer architecture. Here it basically represents any piece of User Code which makes the Kernel Code access anything it would not have been able to access itself in the first place!. i.e make the OS do something it wasnt supposed to be doing.And such security loopholes are called Trojan Horses In the context of computer software, a Trojan horse is a program that contains or installs a malicious program (sometimes called the payload )
  • 4. Types of Trojan horse (payloads) Trojan horse payloads are almost always designed to do various harmful things, but could be harmless. They are broken down in classification based on how they breach systems and the damage they cause. The seven main types of Trojan horse payloads are: 1.Remote Access 2. Email Sending 3. Data Destructive 4. FTP trojan (adding or copying data from the infected computer) 5. denial-of-service attack (DoS)
  • 5. Some examples are: 1.erasing or overwriting data on a computer. 2. Encrypting files in a crypto vital extortion attack. 3. Upload and download files. 4. Allowing remote access to the victim's computer. This is called a RAT. ( Remote administration tool) 5. Installing a backdoor on a computer system. 6. Opening and closing CD-ROM tray. 7. Harvest e-mail addresses and use them for Spam. 8. Restarts the computer whenever the infected program is started
  • 6. Trojan horse programs are an easy way for intruders to trick you (sometimes referred to as "social engineering") into installing "back door" programs. These can allow intruders easy access to your computer without your knowledge, change your system configurations, or infect your computer with a computer virus. Trojan horse may appear to be useful or interesting programs or very harmless to an unsuspecting user.
  • 7. There are two common types of Trojan horses. One, is otherwise useful software that has been corrupted by a cracker (it is software remove protection methods:copy prevention, trial/demo version, serial number, hardware key, CD ) . inserting malicious code that executes while the program is used.Examples 1.include various implementations of weather alerting programs. 2.computer clock setting software. 3. peer to peer file sharing utilities.
  • 8. The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.
  • 9. How you can know if you are under Trojan horse attack? For example, you download what appears to be a movie or music file, but when you click on it, you unleash a dangerous program that erases your disk, sends your credit card numbers and passwords to a stranger, or lets that stranger hack your computer to commit illegal Denial of service attacks . How do I get rid of Trojans?!? 1.Clean Re-installation: Back up your entire hard disk, format the disk, re-install the operating system and all your applications from original CDs.
  • 10. 2. Anti-Virus Software: anti-virus software is always going to be playing catch up with active virus on the system. Make sure your computer has an anti virus program on it and update it regularly. If you have an auto-update option included in your anti-virus program you should turn it on; that way if you forget to update your software you can still be protected from threats 3. Anti-Trojan Programs: These programs are the most effective against Trojan horse attacks, because they specialize in Trojans instead of general viruses.
  • 11. 4.. Avoid using peer to peer or P2P sharing networks like kazaa,Lime wire Ares, or Guntella because they are generally unprotected from viruses and Trojan Horse viruses spread through them especially easily. Some of these programs do offer some virus protection, but this is often not strong enough. If you insist on using P2P, it would be safe to not download files that claim to be "rare" songs, books, movies, pictures, etc.
  • 12. Methods of Infection 1.You can be infected by visiting a rogue website. 2.Email: If you use Microsoft Outlook, you're vulnerable to many of the same problems that Internet Explorer has, even if you don't use IE directly. 3.Open ports: Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide filesharing capabilities such as Instant Messengers (AOL's AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured.
  • 13. How do I avoid getting infected with (Trojan horse) in the future? 1.NEVER download blindly from people or sites which you aren't 100% sure about 2. Even if the file comes from a friend, you still must be sure what the file is before opening it 3. NEVER use features in your programs that automatically get or preview files 4. Never blindly type commands that others tell you to type, or go to web addresses mentioned by strangers, or run pre- fabricated programs or scripts
  • 14. Example of a simple Trojan horse 1.A simple example of a trojan horse would be a program named “waterfalls.scr" claiming to be a free waterfall screensaver which, when run, instead would allow access to the user's computer remotely. 2. AIDS (trojan horse) AIDS, also known as Aids Info Disk or PC Cyborg Trojan, is a trojan horse that replaces the AUTOEXEC.BAT file, which would then be used by AIDS to count the number times the computer has booted. Once this boot count reaches 90, AIDS hides directories and encrypts the names of all files on drive C: (rendering the system unusable).
  • 15. Back door and remote administration programs:
  • 16. Back door and remote administration programs: On Windows computers, three tools commonly used by intruders to gain remote access to your computer are 1.BackOrifice: Back Orifice (often shortened to BO) is a controversial computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a pun on Microsoft BackOffice Server software.
  • 17. 2. Netbus NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor. 3. Sub Seven(help to hack other pc's). Sub7, or Sub Seven, is the name of a popular Trojan or backdoor program. It is mainly used by script kiddies for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing credit card details with a keystroke logger. These back door or remote administration programs, once installed, allow other people to access and control your computer.
  • 18. A Remote administration programs (tool): is used to remotely connect and manage a single or multiple computers with a variety of tools, such as: 1.Screen/camera capture or control 2. File management (download/upload/execute/etc.) 3. Computer control (power off/on/log off) 4. Registry management (query/add/delete/modify) 5. Shell control (usually piped from command prompt)
  • 19. we have 2 kind of connection: 1.Direct Connection A direct-connect RAT is a simple set-up where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability.
  • 20. 2. Reverse Connection new technology that came around about the same time that routers became popular. A few advantages of a reverse- connection: 1. No problems with routers blocking incoming data, because the connection is started outgoing for a server 2. Allows for mass-updating of servers by broadcasting commands, because many servers can easily connect to a single client.
  • 21. RAT (Remote access Trojans )Trojan Horses: (RAT)Malware or malicious software is software designed to infiltrate or damage a computer system without the owner's known. Many Trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads
  • 22. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also kill 1.ant virus software. 2.firewall software. *Fire wall: a logical barrier designed to prevent unauthorized or unwanted communications between sections of a computer network RAT Trojans can generally do the following: 1.Download, upload, delete, and rename files 2. Format drives 3. Open CD-ROM tray 4. Drop viruses and worms
  • 23. 5. Log keystrokes 6. Hack passwords, credit card no. 7. View, kill, and start tasks in task manager 8. Print text, Play sounds 9. Randomly move and click mouse Some RAT Trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's day or a holiday. RATS are generally not harmful, and won't log keystrokes or hack. They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons.
  • 24. Example of a Back door and remote administration programs: Name: Remote Administration Tool - RAT Aliases: Backdoor.RAT, RAT, Ports: 2989 (UDP), 1095, 1097, 1098, 1099 Files: Rat10.zip - 823 bytes Rat11.zip - 1.032 bytes Rat20.zip - 6,128 bytes Rat10.exe - 8,192 bytes Rat10akaremote administration tool.exe - 8,192 bytes Rat11.exe - 8,192 bytes Rat20.exe - 12,288 bytes Rat21.exe - 12,288 bytes Set-up.exe - 295,936 bytes .exe - Msgsvr16.exe - Pitcher.exe - 21,504 bytes Send.tags - 616 bytes Message.tags - Rat.c - 9,658 bytes Created: Nov 1999 Requires: N/A
  • 25. Actions: Remote Access / AOL Trojan Can register under 40 different HKEYs. Versions: 1.0, 1.1, 2.0, 2.1, 5.3, Registers: HLMSOFTWAREMicrosoftWindowsCurrentVersionRun HLMSOFTWAREMicrosoftWindowsCurrentVersion RunServices and some 38 other entries !!! Notes: Works on Windows 95, 98, ME and Unix [Linux and FreeBSD]. RAT server 1.1 has IRC support added. Send.tgz is Unix client. ˆ Source code is available. Country: N/A Program: Written in Visual Basic 5.
  • 26. Check if any unwanted program found in your system Using the process monitor from remote administration programs Tools, you will see whether any foreign programs are running on your computer. If you find some unwanted program, you can terminate it by clicking the 'Terminate Process' button on the Toolbar. So you can find out what programs are started behind your back
  • 29. The Difference Between a Virus and Trojan Horse A computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels. Much like human viruses, computer viruses can range in severity: Some viruses cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail.
  • 30. A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.
  • 31. Added into the mix, we also have what is called a blended threat. A blended threat is a sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one threat. Blended threats use server and Internet vulnerabilities to initiate, transmit and spread an attack. This combination of method and techniques means blended threats can spread quickly and cause widespread damage. Characteristics of blended threats include: causes harm, propagates by multiple methods, attacks from multiple points and exploits vulnerabilities. To be considered a blended thread, the attack would normally serve to transport multiple attacks in one payload. For example it wouldn't just launch a DoS attack — it would also install a backdoor and damage a local system in one shot.
  • 32. Additionally, blended threats are designed to use multiple modes of transport. For example, a worm may travel through e-mail, but a single blended threat could use multiple routes such as e-mail, IRC and file- sharing sharing networks. The actual attack itself is also not limited to a specific act. For example, rather than a specific attack on predetermined .exe files, a blended thread could modify exe files, HTML files and registry keys at the same time — basically it can cause damage within several areas of your network at one time. Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats require no human intervention to propagate.