SlideShare una empresa de Scribd logo

Introduction to trojans and backdoors

Descargar como DOCX, PDF
J
jibinmanjooran

df

Tecnología
1 de 6
Introduction to Trojans and Backdoors Updated: 13 Oct 2010 | 1 comment FarzadCERTIFIED +2 2 Votes Introduction Trojans and Backdoors are sorts of Bad-wares which their main purpose is to send and receive data and especially commands through a port to another system. This port can be even a well-known port such as 80 or an out of regular ports like 7777. The Trojans are most of the time defaced and shown as a legitimate and harmless application to encourage the user to execute them. The main characteristic of a Trojan is that first it should be executed by the user, second sends or receive data with another system which is the attacker’s system. Sometimes the Trojan is combined with another application. This application can be a flash card, flash game, a patch for OS, or even an antivirus. But actually the file is built of two applications which one of them is the harmless application, and the other one is the Trojan file. Technically defined, a Trojan horse is “a malicious and security-breaking program which is designed as something benign”. Such a program is designed to cause damage, data leakage, or make the victim a medium to attack another system. A Trojan will be executed with the same privilege level as the user who executes it; nevertheless the Trojan may exploit vulnerabilities and increase the privilege. An important point is that not only the connection can be online (so that the commands or data are transmitted immediately between the hacker and victim), but also the communication can be offline and performed using emails, HTTP URL transmits or as the like. Auto Start Methods
One of the actions usually Trojans perform is to make themselves Auto-Start to be executed each time the system reboots. Below are some registry keys Trojan Horses modify for this purpose: HKLMSoftwareMicrosoftWindowsCurrent VersionRun HKLMSoftwareMicrosoftWindowsCurrent VersionRunonce HKLMSoftwareMicrosoftWindowsCurrent VersionRunServices HKLMSoftwareMicrosoftWindowsCurrent VersionRunServicesOnce HKLUSoftwareMicrosoftWindowsCurrent VersionRun HKLUSoftwareMicrosoftWindowsCurrent VersionRunOnce Types of Trojans Remote Access Trojans This sort of Trojans provides full or partial access and control over the victim system. The server application will be sent to the victim and a client listens on the hacker’s system. After the server is started, it establishes the connection with the client through a predefined port. Most of the Trojans are of this kind.
Data Sending Trojans Using email or a backdoor, this type of Trojan send data such as password, cookies or key strokes to the hacker’s system. Destructive Trojans These Trojans are to make destructions such as deleting files, corrupting OS, or make the system crash. If the Trojan is not for fun, usually the purpose of such Trojans is to inactivate a security system like an antivirus or firewall. DDos Attack Trojans This Trojans make the victim a Zombie to listen for commands sent from a DDos Server in the internet. There will be numerous infected systems standby for a command from the server and when the server sends the command to all or a group of infected systems, since all the systems perform the command simultaneously, a huge amount of legitimate request flood to a target and make the service stop responding. Proxy Trojans In order to avoid leaving tracks on the target, a hacker may send the commands or access the resources via another system so that all the records will show the other system and not the hacker’s identities. This sort of Trojans are to make a system works as a medium for attacking another system and therefore the Trojan transfers all the commands sent to it to the primary target and does not harm the proxy victim. Security Software Disabler Trojan This kind of Trojan disables the security system for further attacks. For instance they inactivate the antivirus or make it malfunction or make the firewall stop functioning. How to find the Trojan activity The best method to find the Trojan is by monitoring the ports transmitting data on the network adapter. Note that as mentioned above there are Trojans which can transmit the commands and data via standard ports such as 80 or SMPT (email) which this method of inspection is not effective on them. The command nbtstat is a very powerful tool to check which ports are used to send and receive data. You can use this command with switch –an for a proper result:
netstat –an If you want to check if a particular port is being used by any application, you can add the findstr to the command: netstat –an | findstr 8080 Wireshark is another application which can show all the data transferred on the Network Interface Card and using it you can see what data are being transmitted out the system, and what is the listener of the port. Some Trojan Samples Tini This Trojan listens to port 7777 and provides shell access to the victim’s system for the hacker. ICMD This application provides shell access, but can accept password and preferred port. NetBuss This Trojan has a GUI for controlling the victim’s system. Rather than a serious attack it’s mostly used for fun. Netcat (Known as NC) A very famous Trojan with many options for different methods of command and data transfer. Proxy Server Trojan This Trojan makes the victim a proxy for attacking another system. VNC Although VNC is not a malicious application however since it is not detected by the Antivirus systems it can be used as a means of Trojan horse attack.
Remote By Mail This Trojan can send and receive commands and data using series of emails. Although compared to a shell session the commands are very limited, however due to the protocol it uses (SMTP) it can bypass and evade most of the firewall systems. HTTP Rat This Trojan sends and receives commands by exchanging series of URLs with a server. Since it uses the HTTP protocol, it is a very dangerous Trojan and can evade almost all the firewall systems. Shttp Trojan Same as HTTP Rat Wrappers Wrapper is an application which can concatenate two executable files and produce an application containing both. Most of the times, the Wrapper is used to attach a Trojan file to a small harmless application such as a flash card to deceive the targeted user and encourage him to execute it. Some Wrappers are able to make modifications on the Trojan horse such as compressing it or adding blanks to the end of it and hide it to be detected by the Antivirus’. Some Wrappers Samples Wrapper Convert Program One File EXE Maker Yet Another Builder (Known as YAB and is a very powerful and dangerous application) Defacing Applications Defacing application is a very simple and almost harmless application which can be used to change the icon of an executable file.
Whereas the icon of the Trojan is usually the default icon of the executable files, the hacker maybe change the Trojan’s icon and fake it as a harmless application or even another application such as a Microsoft Word document or a text file.

Recomendados

BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors SeminarChaitali Patel
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoorsGaurav Dalvi
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoorsseth edmond
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoorsmridulahuja
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoorsShrey Vyas
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionn|u - The Open Security Community
 
Seminar On Trojan Horse
Seminar On Trojan HorseSeminar On Trojan Horse
Seminar On Trojan HorseNikhil Chabukswar
 

Recomendados

BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors SeminarChaitali Patel
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoorsGaurav Dalvi
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoorsseth edmond
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoorsmridulahuja
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoorsShrey Vyas
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionn|u - The Open Security Community
 
Seminar On Trojan Horse
Seminar On Trojan HorseSeminar On Trojan Horse
Seminar On Trojan HorseNikhil Chabukswar
 
The Trojan Horse (Computing)
The Trojan Horse (Computing)The Trojan Horse (Computing)
The Trojan Horse (Computing)Angel Sophie
 
Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking IT Department Akre
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virussitinursyafiqah
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmeshDharmesh Kumar Sharma
 
Presentation
PresentationPresentation
PresentationNishant Barot
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkitNikhil Pandit
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virusCassidy Lajangang
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & KeyloggersJithin James
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)NamanKikani
 
Ethical Hacking4
Ethical Hacking4Ethical Hacking4
Ethical Hacking4dodontn
 
Impact of ict on society virus
Impact of ict on society virus Impact of ict on society virus
Impact of ict on society virus Ranjeta Muniandy
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineeringintertelinvestigations
 
Cyber Security Seminar Day 2
Cyber Security Seminar Day 2Cyber Security Seminar Day 2
Cyber Security Seminar Day 2Apurv Singh Gautam
 
Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your EnemiesSoftex Software House
 
Computer Security
Computer SecurityComputer Security
Computer SecuritySatyajit Das
 
Trojan
TrojanTrojan
Trojanbelcy d mathews
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.Anuj Khandelwal
 
It act seminar
It act seminarIt act seminar
It act seminarAkshay Sharma
 
CRM, Technology and Fitness
CRM, Technology and FitnessCRM, Technology and Fitness
CRM, Technology and FitnessThe Concept Store
 
Malwares
MalwaresMalwares
MalwaresAbolfazl Naderi
 

Más contenido relacionado

La actualidad más candente

The Trojan Horse (Computing)
The Trojan Horse (Computing)The Trojan Horse (Computing)
The Trojan Horse (Computing)Angel Sophie
 
Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking IT Department Akre
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virusCassidy Lajangang
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & KeyloggersJithin James
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)NamanKikani
 
Ethical Hacking4
Ethical Hacking4Ethical Hacking4
Ethical Hacking4dodontn
 
Impact of ict on society virus
Impact of ict on society virus Impact of ict on society virus
Impact of ict on society virus Ranjeta Muniandy
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineeringintertelinvestigations
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.Anuj Khandelwal
 

La actualidad más candente (20)

The Trojan Horse (Computing)
The Trojan Horse (Computing)The Trojan Horse (Computing)
The Trojan Horse (Computing)
 
Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virus
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virus
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmesh
 
Presentation
PresentationPresentation
Presentation
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkit
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virus
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & Keyloggers
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)
 
Ethical Hacking4
Ethical Hacking4Ethical Hacking4
Ethical Hacking4
 
Impact of ict on society virus
Impact of ict on society virus Impact of ict on society virus
Impact of ict on society virus
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
 
Cyber Security Seminar Day 2
Cyber Security Seminar Day 2Cyber Security Seminar Day 2
Cyber Security Seminar Day 2
 
Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your Enemies
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Trojan
TrojanTrojan
Trojan
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.
 
It act seminar
It act seminarIt act seminar
It act seminar
 

Destacado

ISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDFISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDFAshley Faciane
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Virusesmkgspsu
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoorsmridulahuja
 
CyberLab CCEH Session - 6 Trojans and Backdoors
CyberLab CCEH Session - 6 Trojans and BackdoorsCyberLab CCEH Session - 6 Trojans and Backdoors
CyberLab CCEH Session - 6 Trojans and BackdoorsCyberLab
 
CEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and BackdoorsCEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and BackdoorsAvirot Mitamura
 
How would you find what you can't see?
How would you find what you can't see?How would you find what you can't see?
How would you find what you can't see?pinkflawd
 
Penetración con una Backdoor
Penetración con una BackdoorPenetración con una Backdoor
Penetración con una BackdoorNEGOCIOS PROPIOS
 
Finding the back door to people’s hearts
Finding the back door to people’s heartsFinding the back door to people’s hearts
Finding the back door to people’s heartsThird Column Ministries
 
Keyloggers
KeyloggersKeyloggers
Keyloggerskdore
 
Onapsis SAP Backdoors
Onapsis SAP BackdoorsOnapsis SAP Backdoors
Onapsis SAP BackdoorsOnapsis Inc.
 
How to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanHow to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanDavid Wong
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
KeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timeKeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timen|u - The Open Security Community
 
Cehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsCehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsVuz Dở Hơi
 
Java Database Connectivity
Java Database ConnectivityJava Database Connectivity
Java Database Connectivitybackdoor
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?amiable_indian
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 

Destacado (20)

CRM, Technology and Fitness
CRM, Technology and FitnessCRM, Technology and Fitness
CRM, Technology and Fitness
 
Malwares
MalwaresMalwares
Malwares
 
ISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDFISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDF
 
File000145
File000145File000145
File000145
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoors
 
CyberLab CCEH Session - 6 Trojans and Backdoors
CyberLab CCEH Session - 6 Trojans and BackdoorsCyberLab CCEH Session - 6 Trojans and Backdoors
CyberLab CCEH Session - 6 Trojans and Backdoors
 
CEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and BackdoorsCEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and Backdoors
 
How would you find what you can't see?
How would you find what you can't see?How would you find what you can't see?
How would you find what you can't see?
 
Penetración con una Backdoor
Penetración con una BackdoorPenetración con una Backdoor
Penetración con una Backdoor
 
Finding the back door to people’s hearts
Finding the back door to people’s heartsFinding the back door to people’s hearts
Finding the back door to people’s hearts
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
 
Onapsis SAP Backdoors
Onapsis SAP BackdoorsOnapsis SAP Backdoors
Onapsis SAP Backdoors
 
How to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanHow to Backdoor Diffie-Hellman
How to Backdoor Diffie-Hellman
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer Jungle
 
KeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timeKeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long time
 
Cehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsCehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and Backdoors
 
Java Database Connectivity
Java Database ConnectivityJava Database Connectivity
Java Database Connectivity
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 

Similar a Introduction to trojans and backdoors

RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalOWASP Delhi
 
The trojan horse virus
The trojan horse virusThe trojan horse virus
The trojan horse virusHTS Hosting
 
Trojan Backdoors
Trojan BackdoorsTrojan Backdoors
Trojan BackdoorsJauwadSyed
 
Introduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinIntroduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinEslam Hussein
 
Software security
Software securitySoftware security
Software securityjes_d
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
Trojan and Virus,Trojan horse,virus,how to make and defend the virus
Trojan and Virus,Trojan horse,virus,how to make and defend the virusTrojan and Virus,Trojan horse,virus,how to make and defend the virus
Trojan and Virus,Trojan horse,virus,how to make and defend the virusABHAY PATHAK
 
Atul trojan horse ppt 101
Atul trojan horse ppt 101Atul trojan horse ppt 101
Atul trojan horse ppt 101Atuk4
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicpiyushkamble6
 
maliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannyamaliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannyaSYYULIANISKOMMT
 

Similar a Introduction to trojans and backdoors (20)

RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan Bansal
 
The trojan horse virus
The trojan horse virusThe trojan horse virus
The trojan horse virus
 
Trojan Backdoors
Trojan BackdoorsTrojan Backdoors
Trojan Backdoors
 
Case study
Case studyCase study
Case study
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Introduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinIntroduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam hussein
 
Software security
Software securitySoftware security
Software security
 
Trojan horse
Trojan horseTrojan horse
Trojan horse
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Information security
Information securityInformation security
Information security
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Security Software
Security SoftwareSecurity Software
Security Software
 
System_security.pptx
System_security.pptxSystem_security.pptx
System_security.pptx
 
virus
virus virus
virus
 
Trojan Virus.pptx
Trojan Virus.pptxTrojan Virus.pptx
Trojan Virus.pptx
 
Trojan and Virus,Trojan horse,virus,how to make and defend the virus
Trojan and Virus,Trojan horse,virus,how to make and defend the virusTrojan and Virus,Trojan horse,virus,how to make and defend the virus
Trojan and Virus,Trojan horse,virus,how to make and defend the virus
 
Atul trojan horse ppt 101
Atul trojan horse ppt 101Atul trojan horse ppt 101
Atul trojan horse ppt 101
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
Mitppt
MitpptMitppt
Mitppt
 
maliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannyamaliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannya
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Introduction to trojans and backdoors

  • 1. Introduction to Trojans and Backdoors Updated: 13 Oct 2010 | 1 comment FarzadCERTIFIED +2 2 Votes Introduction Trojans and Backdoors are sorts of Bad-wares which their main purpose is to send and receive data and especially commands through a port to another system. This port can be even a well-known port such as 80 or an out of regular ports like 7777. The Trojans are most of the time defaced and shown as a legitimate and harmless application to encourage the user to execute them. The main characteristic of a Trojan is that first it should be executed by the user, second sends or receive data with another system which is the attacker’s system. Sometimes the Trojan is combined with another application. This application can be a flash card, flash game, a patch for OS, or even an antivirus. But actually the file is built of two applications which one of them is the harmless application, and the other one is the Trojan file. Technically defined, a Trojan horse is “a malicious and security-breaking program which is designed as something benign”. Such a program is designed to cause damage, data leakage, or make the victim a medium to attack another system. A Trojan will be executed with the same privilege level as the user who executes it; nevertheless the Trojan may exploit vulnerabilities and increase the privilege. An important point is that not only the connection can be online (so that the commands or data are transmitted immediately between the hacker and victim), but also the communication can be offline and performed using emails, HTTP URL transmits or as the like. Auto Start Methods
  • 2. One of the actions usually Trojans perform is to make themselves Auto-Start to be executed each time the system reboots. Below are some registry keys Trojan Horses modify for this purpose: HKLMSoftwareMicrosoftWindowsCurrent VersionRun HKLMSoftwareMicrosoftWindowsCurrent VersionRunonce HKLMSoftwareMicrosoftWindowsCurrent VersionRunServices HKLMSoftwareMicrosoftWindowsCurrent VersionRunServicesOnce HKLUSoftwareMicrosoftWindowsCurrent VersionRun HKLUSoftwareMicrosoftWindowsCurrent VersionRunOnce Types of Trojans Remote Access Trojans This sort of Trojans provides full or partial access and control over the victim system. The server application will be sent to the victim and a client listens on the hacker’s system. After the server is started, it establishes the connection with the client through a predefined port. Most of the Trojans are of this kind.
  • 3. Data Sending Trojans Using email or a backdoor, this type of Trojan send data such as password, cookies or key strokes to the hacker’s system. Destructive Trojans These Trojans are to make destructions such as deleting files, corrupting OS, or make the system crash. If the Trojan is not for fun, usually the purpose of such Trojans is to inactivate a security system like an antivirus or firewall. DDos Attack Trojans This Trojans make the victim a Zombie to listen for commands sent from a DDos Server in the internet. There will be numerous infected systems standby for a command from the server and when the server sends the command to all or a group of infected systems, since all the systems perform the command simultaneously, a huge amount of legitimate request flood to a target and make the service stop responding. Proxy Trojans In order to avoid leaving tracks on the target, a hacker may send the commands or access the resources via another system so that all the records will show the other system and not the hacker’s identities. This sort of Trojans are to make a system works as a medium for attacking another system and therefore the Trojan transfers all the commands sent to it to the primary target and does not harm the proxy victim. Security Software Disabler Trojan This kind of Trojan disables the security system for further attacks. For instance they inactivate the antivirus or make it malfunction or make the firewall stop functioning. How to find the Trojan activity The best method to find the Trojan is by monitoring the ports transmitting data on the network adapter. Note that as mentioned above there are Trojans which can transmit the commands and data via standard ports such as 80 or SMPT (email) which this method of inspection is not effective on them. The command nbtstat is a very powerful tool to check which ports are used to send and receive data. You can use this command with switch –an for a proper result:
  • 4. netstat –an If you want to check if a particular port is being used by any application, you can add the findstr to the command: netstat –an | findstr 8080 Wireshark is another application which can show all the data transferred on the Network Interface Card and using it you can see what data are being transmitted out the system, and what is the listener of the port. Some Trojan Samples Tini This Trojan listens to port 7777 and provides shell access to the victim’s system for the hacker. ICMD This application provides shell access, but can accept password and preferred port. NetBuss This Trojan has a GUI for controlling the victim’s system. Rather than a serious attack it’s mostly used for fun. Netcat (Known as NC) A very famous Trojan with many options for different methods of command and data transfer. Proxy Server Trojan This Trojan makes the victim a proxy for attacking another system. VNC Although VNC is not a malicious application however since it is not detected by the Antivirus systems it can be used as a means of Trojan horse attack.
  • 5. Remote By Mail This Trojan can send and receive commands and data using series of emails. Although compared to a shell session the commands are very limited, however due to the protocol it uses (SMTP) it can bypass and evade most of the firewall systems. HTTP Rat This Trojan sends and receives commands by exchanging series of URLs with a server. Since it uses the HTTP protocol, it is a very dangerous Trojan and can evade almost all the firewall systems. Shttp Trojan Same as HTTP Rat Wrappers Wrapper is an application which can concatenate two executable files and produce an application containing both. Most of the times, the Wrapper is used to attach a Trojan file to a small harmless application such as a flash card to deceive the targeted user and encourage him to execute it. Some Wrappers are able to make modifications on the Trojan horse such as compressing it or adding blanks to the end of it and hide it to be detected by the Antivirus’. Some Wrappers Samples Wrapper Convert Program One File EXE Maker Yet Another Builder (Known as YAB and is a very powerful and dangerous application) Defacing Applications Defacing application is a very simple and almost harmless application which can be used to change the icon of an executable file.
  • 6. Whereas the icon of the Trojan is usually the default icon of the executable files, the hacker maybe change the Trojan’s icon and fake it as a harmless application or even another application such as a Microsoft Word document or a text file.