This document discusses Trojan horses, which are unauthorized programs that perform unwanted functions on a user's computer. It defines Trojans and explains how they work, providing examples of common Trojans like remote access Trojans and password stealing Trojans. The document also outlines how Trojans are transmitted and describes ways for users to obtain and install a Trojan on another person's computer without their consent.
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
It act seminar
1.
2. INDEX
INTRODUCTION
WHAT IS TROJAN HORSE
WHAT ARE THEIR FUNCTIONS
HOW TROJAN WORKS
MOST COMMON TROJANS
MODES OF TRANSMISSION
GET A TROJAN
CONCLUSION
3. INTRODUCTION
Trojan Horses pose one of the most
significant threats to the Windows OS,
thus exposing sensitive information to
malicious attackers, as well as providing
them with full access to the computer,
which often results in further illegal
activities done via the infected computer.
4. WHAT IS A TROJAN HORSE?
Basically a Trojan horse can be defined as:
An unauthorized program contained within a legitimate
program. This unauthorized program performs functions
unknown (and probably unwanted) by the user.
A legitimate program that has been altered by the placement of
unauthorized code within it; this code performs functions
unknown (and probably unwanted) by the user.
Any program that appears to perform a desirable and necessary
function but (because of unauthorized code within it that is
unknown to the user) performs functions unknown (and definitely
unwanted) by the user.
The trojan has borrowed it's name from the old mythical story
about how the Greeks gave their enemy a huge wooden horse as
a gift, but after the enemy accepted it, during the night the Greek
soldiers crept out of the horse and conquered the city.
5. WHAT ARE THEIR FUNCTIONS?
Hide/show the Start button.
Enable/Disable keyboard.
Restart windows.
Open/Close the CD-ROM tray.
Turn monitor on/off.
File manager: This function acts as an explorer for the attacker
while browsing through your system.
Retrieve passwords: This function will provide the attacker with
the recorded passwords on your computer.
KeyLogger: Logs all of the keys you've pressed, could be
achieved in offline/online mode.
6. HOW TROJANS WORK?
Trojans work similar to the client-server model. Trojans
come in two parts, a Client part and a Server part. The
attacker deploys the Client to connect to the Server, which
runs on the remote machine when the remote user
(unknowingly) executes the Trojan on the machine. The
typical protocol used by most Trojans is the TCP/IP
protocol, but some functions of the Trojans may make use
of the UDP protocol as well.
When the Server is activated on the remote computer, it
will usually try to remain in a stealth mode, or hidden on
the computer. This is configurable - for example in the
Back Orifice Trojan, the server can be configured to remain
in stealth mode and hide its process. Once activated, the
server starts listening on default or configured ports for
incoming connections from the attacker. It is usual for
Trojans to also modify the registry and/or use some other
auto starting method.
7. MOST COMMON TROJANS
Remote Access Trojans
Password Sending Trojans
Keyloggers
Destructive
Proxy/Wingate Trojans
FTP Trojans
Software Detection Killers
8. REMOTE ACCESS TROJAN
These are the Trojans usually seen referred to in the
media and hence gain high visibility because of their
ability to give the attackers the power to do more
things on the victim's machine than the victim itself,
while standing in front of the machine.
A remote access Trojan (RAT) is a malware program
that includes a back door for administrative control
over the target computer.
9. RATs are usually downloaded invisibly with a user-
requested program -- such as a game -- or sent as an
email attachment.
Once the host system is compromised, the intruder
may use it to distribute RATs to other vulnerable
computers and establish a botnet.
10.
Because a RAT enables administrative control, it makes it
possible for the intruder to do just about anything on the
targeted computer, including:
Monitoring user behavior through keyloggers or other
spyware.
Accessing confidential information, such as credit card and
social security numbers.
Activating a system's webcam and recording video.
Taking screenshots.
Distributing viruses and other malware.
Formatting drives.
Deleting, downloading or altering files and file systems.
11. Password Sending Trojan
These Trojans are directed towards extracting all the cached
passwords and also capture other passwords entered by the
victim and email them across to an attacker specified mail
address, without the victim realizing it. The password
harvest may include passwords for ICQ, IRC, FTP, HTTP or
any other application that require a user to enter a login and
password. Most of them do not restart when Windows is
loaded, as the objective is to gather as much info about the
victim's machine as passwords, mIRC logs, ICQ
conversations and mail them to the attacker.
12. A PASSWORD STEALING TROJAN IS USUALLY A STANDALONE
APPLICATION THAT INSTALLS ITSELF TO SYSTEM AND SOMETIMES
DROPS A KEYLOGGING COMPONENT. SUCH TROJAN STAYS
ACTIVE IN WINDOWS MEMORY AND STARTS KEYLOGGING
(RECORDING KEYSTROKES) WHEN A USER IS ASKED TO INPUT A
LOGIN AND A PASSWORD. THEN A TROJAN STORES THE
RECORDED KEYSTROKES DATA FOR LATER SUBMISSION OR
SENDS THIS DATA TO A HACKER IMMEDIATELY. IN MANY CASES
SUCH TROJANS ALSO SEND INFORMATION ABOUT USER'S
COMPUTER IP, RAS (REMOTE ACCESS SERVER), AND NETWORK
CONFIGURATION. A HACKER WHO GETS THIS INFO IS CAPABLE
OF MISUSING OTHER PERSON'S INTERNET ACCOUNT AND IN
SOME CASES HACK INTO USER'S NETWORK. STOLEN LOGINS
AND PASSWORDS CAN ALLOW A HACKER TO READ USER'S E-
MAIL ON PUBLIC AND CORPORATE MAIL SERVERS.
13. KEYLOGGERS
The only function of these Trojans is to destroy and
delete files. They can deliberately delete core system
files (for example: .dll, .ini or .exe files, possibly
others) on the target machine.
These Trojans log the keystrokes of the victim and
then let the attacker search for passwords or other
sensitive data in the log file. They usually come with
two functions such as online and offline recording. As
with the previous group, these Trojans can be
configured to send the log file to a specific e-mail
address on a regular basis.
Destructive
14. A DESTRUCTIVE TROJAN IS A VIRUS DESIGNED TO
DESTROY OR DELETE FILES. DESTRUCTIVE TROJANS
HAVE MORE TYPICAL VIRUS CHARACTERISTICS THAN
OTHER TYPES OF TROJANS BUT DO NOT ALWAYS RESULT
IN DATA THEFT.
DESTRUCTIVE TROJANS MAY NOT BE DETECTED BY
ANTIVIRUS SOFTWARE. ONCE A DESTRUCTIVE TROJAN
INFECTS A COMPUTER SYSTEM, IT RANDOMLY DELETES
FILES, FOLDERS, AND REGISTRY ENTRIES, OFTEN
RESULTING IN OS FAILURES.
A DESTRUCTIVE TROJAN IS USUALLY IN PROGRAM
FORM OR MANIPULATED TO STRIKE LIKE A LOGIC BOMB
PROGRAMMED AND SPECIFIED BY THE ATTACKER.
15. PROXY/WINGATE TROJANS
These Trojans open port 21(the port for FTP transfers)
and lets anybody or just the attacker connect to the
machine. They may be password protected so only the
attacker is able connect to the computer.
Underground sites are known to announce freely available
proxy servers. These Trojans turn the victim's computer into
a proxy/Wingate server available to the whole world or to the
attacker only. It is used for anonymous Telnet, ICQ, IRC, etc.,
and also to register domains with stolen credit cards and for
other illegal activities. This gives the attacker complete
anonymity and the chance to do everything and point the trail
to the victim.
FTP Trojans
16. SOFTWARE DETECTION KILLERS
There are such functionalities built into some Trojans, but
there are also separate programs that will kill Zone Alarm,
Norton Anti-Virus and many other (popular anti-
virus/firewall) programs, that protect the target machine.
When they are disabled, the attacker has full access to
the machine to perform some illegal activity or use the
computer to attack others and often disappear.
17. MODES OF TRANSMISSION
ICQ
IRC
Attachments
Physical Access
Browser And E-mail Software Bugs
NETBIOS(FILE SHARING)
Fake Programs
Un-trusted Sites And Freeware Software
18. ICQ
Here also, the threat comes from exchange of files no
matter what they claim to be or where they come from.
It is possible that some of these are infected files or
disguised files.
People can also get infected while chatting /
talking / video messaging over ICQ or any other
Instant Messenger Application. It is a risk that the
user undertakes when it comes to receiving files
no matter from whom or where it comes.
IRC
19. ATTACHMENTS
Physical access to a target machine is perhaps the
easiest way for an attacker to infect a machine. The
motive may be a prank or just plain curiosity.
Physical Access
Any attachment, even if it is from a known source
should be screened as it is possible that the
source was infected earlier and is not aware of it.
20. BROWSER AND E-MAIL SOFTWARE BUGS
If port 139 is opened, the attacker can install
trojan .exe and modify some system file, so that
it will run the next time the system is rebooted.
To block file sharing in Windows version, go to:
Start->Settings->Control Panel->Network->File
and Print Sharing and uncheck the boxes there.
Having outdated applications can expose the
system to malicious programs such as Trojans
without any other action on behalf of the
attacker.
NetBIOS (File Sharing)
23. CONCLUSION
VIRUSES ARE NOT ONLY USED FOR HACKING OR
FOR CRASHING HARD-DISK OR FOR DISTURBING
OTHERS THEY ARE ALSO USED FOR REMOTE
ACCESING A COMPUTER DURING SOFTWARE
TROUBLE SHOOTING OR FOR CHECKING LISCENCE
SOFTWARE AS EXAMPLE-WINDOWS GENUINE TEST
PERFORMED BY MICROSOFT FOR TESTING
LISCENCED OPERATING SYSTEM .
SOMETIMES TROJAN SOFTWARE IS ALSO USED
FOR KNOWING PASSWORDS OF YOUR COMPUTER
OR FOR E-MAIL ID PASSWORDS OR FOR CREDIT
CARDS NUMBERS AND THEIR PASSWORD .SO,
BECARE FULL BEFORE SAVING PICTURES OR DATA
SEND BY OTHERS.