TrojanTrojan

HistoryHistory

Trojan comes from Greek mythology, in which Trojan comes from Greek mythology, in which the Greeks battled the Trojans (people of the Greeks battled the Trojans (people of Troy). After years of being unable to break Troy). After years of being unable to break into the fortified city, the Greeks built a into the fortified city, the Greeks built a wooden horse, filled it with soldiers and wooden horse, filled it with soldiers and pretended to sail away. After the Trojans pretended to sail away. After the Trojans brought the horse into the city, the Greek brought the horse into the city, the Greek soldiers crept out at night, opened the gates soldiers crept out at night, opened the gates of Troy to the returning soldiers, and Troy of Troy to the returning soldiers, and Troy was destroyed …was destroyed …

HistoryHistoryThe Greek Siege of Troy had lasted for ten years. The The Greek Siege of Troy had lasted for ten years. The

Greeks devised a new ruse: a giant hollow wooden Greeks devised a new ruse: a giant hollow wooden horse. It was built by horse. It was built by EpeiusEpeius and filled with Greek and filled with Greek warriors led by warriors led by OdeyssiousOdeyssious. The rest of the Greek . The rest of the Greek army appeared to leave, but actually hid behind army appeared to leave, but actually hid behind TenedosTenedos. Meanwhile, a Greek spy, . Meanwhile, a Greek spy, SigonSigon, convinced , convinced the Trojans the horse was a gift despite the warnings the Trojans the horse was a gift despite the warnings of of LaocoonLaocoon and Cassandra; Helen and and Cassandra; Helen and DeiphobusDeiphobus even investigated the horse; in the end, the Trojans even investigated the horse; in the end, the Trojans accepted the gift. In ancient times it was customary accepted the gift. In ancient times it was customary for a defeated general to surrender his horse to the for a defeated general to surrender his horse to the victorious general in a sign of respect. It should be victorious general in a sign of respect. It should be noted here that the horse was the sacred animal of noted here that the horse was the sacred animal of Poseidon; during the contest with Athena over the Poseidon; during the contest with Athena over the patronshippatronship of Athens, Poseidon gave men the horse, of Athens, Poseidon gave men the horse, and Athena gave the Olive Tree…and Athena gave the Olive Tree…

HistoryHistoryThe Trojans hugely celebrated the endThe Trojans hugely celebrated the end of the siege, so that, when the Greeksof the siege, so that, when the Greeks emerged from the horse, the city wasemerged from the horse, the city wasin a drunken stupor. The Greek warriorsin a drunken stupor. The Greek warriors opened the city gates to allow the restopened the city gates to allow the rest of the army to enter, and the city wasof the army to enter, and the city was pillaged ruthlessly, all the men werepillaged ruthlessly, all the men were killed, and all the women and childrenkilled, and all the women and children were taken into slavery.were taken into slavery.

•What Is Trojan ?!What Is Trojan ?!

A destructive Program that masquerades as A destructive Program that masquerades as a benign Application. Unlike Viruses, a benign Application. Unlike Viruses, Trojan horses do not replicate themselves Trojan horses do not replicate themselves but they can be just as destructive. One of but they can be just as destructive. One of the most insidious types of Trojan horse is the most insidious types of Trojan horse is a program that claims to rid your a program that claims to rid your computer of viruses but instead introduces computer of viruses but instead introduces viruses onto your computer …viruses onto your computer …

•What Is Trojan ?!What Is Trojan ?!A program that appears legitimate, but A program that appears legitimate, but

performs some illicit activity when it is run. performs some illicit activity when it is run. It may be used to locate password It may be used to locate password information or make the system more information or make the system more vulnerable to future entry or simply destroy vulnerable to future entry or simply destroy programs or data on the hard disk. A Trojan programs or data on the hard disk. A Trojan is similar to a virus, except that it does not is similar to a virus, except that it does not replicate itself. It stays in the computer replicate itself. It stays in the computer doing its damage or allowing somebody doing its damage or allowing somebody from a remote site to take control of the from a remote site to take control of the computer. Trojans often sneak in attached computer. Trojans often sneak in attached to a free game or other utility …to a free game or other utility …

What Is Trojan ?!What Is Trojan ?!

In the context of Computer Software, a In the context of Computer Software, a Trojan horseTrojan horse is a malicious program is a malicious program that is disguised as or embedded that is disguised as or embedded within legitimate software. The term is within legitimate software. The term is derived from the classical myth of the derived from the classical myth of the Trojan HorseTrojan Horse.. They may look useful or They may look useful or interesting (or at the very least interesting (or at the very least harmless) to an unsuspecting user, but harmless) to an unsuspecting user, but are actually harmful when executed. are actually harmful when executed.

•Diffrences Between Diffrences Between Trojan ,Virus & Worm…Trojan ,Virus & Worm…

The most common blunder people make The most common blunder people make when the topic of a computer virus arises when the topic of a computer virus arises is to refer to a Worm or Trojan Horse as a is to refer to a Worm or Trojan Horse as a Virus. While the words Trojan, worm and Virus. While the words Trojan, worm and virus are often used interchangeably, they virus are often used interchangeably, they are not the same. Viruses, worms and are not the same. Viruses, worms and Trojan Horses are all malicious Programs Trojan Horses are all malicious Programs that can cause damage to your Computer, that can cause damage to your Computer, but there are differences among the three, but there are differences among the three, and knowing those differences can help and knowing those differences can help you to better protect your computer from you to better protect your computer from their often damaging effects …their often damaging effects …

•Diffrences Between Diffrences Between Trojan ,Virus & Worm…Trojan ,Virus & Worm…

A A computer viruscomputer virus attaches itself to a program or file so attaches itself to a program or file so it can spread from one computer to another, leaving it can spread from one computer to another, leaving infections as it travels. Much like human viruses, infections as it travels. Much like human viruses, computer viruses can range in severity: Some viruses computer viruses can range in severity: Some viruses cause only mildly annoying effects while others can cause only mildly annoying effects while others can damage your Hardware, Software or Files. Almost all damage your Hardware, Software or Files. Almost all viruses are attached to an Executable Files, which viruses are attached to an Executable Files, which means the virus may exist on your computer but it means the virus may exist on your computer but it cannot infect your computer unless you run or open cannot infect your computer unless you run or open the malicious program. It is important to note that a the malicious program. It is important to note that a virus cannot be spread without a human action, (such virus cannot be spread without a human action, (such as running an infected program) to keep it going.  as running an infected program) to keep it going.  People continue the spread of a computer virus, mostly People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending E-unknowingly, by sharing infecting files or sending E-mail with viruses as attachments in the e-mail. mail with viruses as attachments in the e-mail.

•Diffrences Between Diffrences Between Trojan ,Virus & Worm…Trojan ,Virus & Worm…

A A wormworm is similar to a virus by its design, and is considered to be a is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel transport features on your system, which allows it to travel unaided. The biggest danger with a worm is its capability to unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that to travel across networks the end result in most cases is that the worm consumes too much System Memory (or Network the worm consumes too much System Memory (or Network bandwidth), causing Web Servers, network servers and bandwidth), causing Web Servers, network servers and individual computers to stop responding. In more recent worm individual computers to stop responding. In more recent worm attacks such as the much-talked-about .Blaster Worm., the attacks such as the much-talked-about .Blaster Worm., the worm has been designed to tunnel into your system and allow worm has been designed to tunnel into your system and allow malicious users to control your computer remotely. malicious users to control your computer remotely.

•Differences Between Differences Between Trojan ,Virus & Worm…Trojan ,Virus & Worm…

A A Trojan HorseTrojan Horse is full of as much trickery as the mythological is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do glance will appear to be useful software but will actually do damage once installed or run on your computer.  Those on damage once installed or run on your computer.  Those on the receiving end of a Trojan Horse are usually tricked into the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving opening them because they appear to be receiving legitimate software or files from a legitimate source.  When legitimate software or files from a legitimate source.  When a Trojan is activated on your computer, the results can a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by desktop icons) or they can cause serious damage by deleting files and destroying information on your system. deleting files and destroying information on your system. Trojans are also known to create a Backdoor on your Trojans are also known to create a Backdoor on your computer that gives malicious users access to your system, computer that gives malicious users access to your system, possibly allowing confidential or personal information to be possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. reproduce by infecting other files nor do they self-replicate.

•Blended threatBlended threat

Added into the mix, we also have what is called a Added into the mix, we also have what is called a blended threatblended threat. A blended threat is a . A blended threat is a sophisticated attack that bundles some of the sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and worst aspects of viruses, worms, Trojan horses and malicious code into one threat. Blended threats use malicious code into one threat. Blended threats use server and Internet vulnerabilities to initiate, server and Internet vulnerabilities to initiate, transmit and spread an attack. This combination of transmit and spread an attack. This combination of method and techniques means blended threats can method and techniques means blended threats can spread quickly and cause widespread damage. spread quickly and cause widespread damage. Characteristics of blended threats include: causes Characteristics of blended threats include: causes harm, propagates by multiple methods, attacks harm, propagates by multiple methods, attacks from multiple points and exploits vulnerabilities. from multiple points and exploits vulnerabilities.

How do I avoid getting infected How do I avoid getting infected in the futurein the future ?! ?!

NEVER download blindly from people or sites which you NEVER download blindly from people or sites which you aren't 100% sure aboutaren't 100% sure about.. In other words, as the old saying goes, In other words, as the old saying goes, don't accept candy from strangers. If you do a lot of file don't accept candy from strangers. If you do a lot of file downloading, it's often just a matter of time before you fall victim downloading, it's often just a matter of time before you fall victim to a trojan. to a trojan.

Even if the file comes from a friend, you still must be sure Even if the file comes from a friend, you still must be sure what the file is before opening itwhat the file is before opening it, because many trojans will , because many trojans will automatically try to spread themselves to friends in an email automatically try to spread themselves to friends in an email address book or on an IRC channel. There is seldom reason for a address book or on an IRC channel. There is seldom reason for a friend to send you a file that you didn't ask for. When in doubt, ask friend to send you a file that you didn't ask for. When in doubt, ask them first, and scan the attachment with a fully updated anti-virus them first, and scan the attachment with a fully updated anti-virus program. program.

Beware of hidden file extensions!Beware of hidden file extensions! Windows by default hides Windows by default hides the last extension of a file, so that innocuous-looking "susie.jpg" the last extension of a file, so that innocuous-looking "susie.jpg" might really be "susie.jpg.exe" - an executable trojan! To reduce might really be "susie.jpg.exe" - an executable trojan! To reduce the chances of being tricked, unhide those pesky extensions. the chances of being tricked, unhide those pesky extensions.

How do I avoid getting infected How do I avoid getting infected in the futurein the future ?! ?!

NEVER use features in your programs that automatically get NEVER use features in your programs that automatically get or preview files.or preview files. Those features may seem convenient, but they let Those features may seem convenient, but they let anybody send you anything which is extremely reckless. For anybody send you anything which is extremely reckless. For example, never turn on "auto DCC get" in mIRC, instead ALWAYS example, never turn on "auto DCC get" in mIRC, instead ALWAYS screen every single file you get manually. Likewise, disable the screen every single file you get manually. Likewise, disable the preview mode in Outlook and other email programs. preview mode in Outlook and other email programs.

Never blindly type that others tell you to type, or go to web Never blindly type that others tell you to type, or go to web addresses mentioned by strangers, or run pre-fabricated addresses mentioned by strangers, or run pre-fabricated programs or scriptsprograms or scripts (not even popular ones). If you do so, you are (not even popular ones). If you do so, you are potentially trusting a stranger with control over your computer, potentially trusting a stranger with control over your computer, which can lead to trojan infection or other serious harm. which can lead to trojan infection or other serious harm.

Don't be lulled into a false sense of security just because you Don't be lulled into a false sense of security just because you run anti-virus programsrun anti-virus programs. Those do . Those do notnot protect perfectly against protect perfectly against many viruses and trojans, even when fully up to date. Anti-virus many viruses and trojans, even when fully up to date. Anti-virus programs should not be your front line of security, but instead they programs should not be your front line of security, but instead they serve as a backup in case something sneaks onto your computer. serve as a backup in case something sneaks onto your computer.

Finally, don't download an executable program just to "check it out" - Finally, don't download an executable program just to "check it out" - if it's a trojan, the first time you run it, you're already infected! if it's a trojan, the first time you run it, you're already infected!

•Types of Trojan horse Types of Trojan horse payloadspayloads

Trojan horse payloads are almost Trojan horse payloads are almost always designed to do various always designed to do various harmful things, but could be harmful things, but could be harmless. They are broken down in harmless. They are broken down in classification based on how they classification based on how they breach systems and the damage breach systems and the damage they cause. The seven main types of they cause. The seven main types of Trojan horse payloads are :Trojan horse payloads are :

•Types of Trojan horse Types of Trojan horse payloadspayloads Remote Access TrojansRemote Access Trojans Data Sending TrojansData Sending Trojans Destructive TrojansDestructive Trojans Proxy TrojansProxy Trojans FTP TrojansFTP Trojans security software disabler Trojanssecurity software disabler Trojans denial-of-service attack (denial-of-service attack (DoSDoS) Trojans) Trojans

•Remote Access TrojanRemote Access Trojan

Abbreviated as RATs, a Remote Access Abbreviated as RATs, a Remote Access Trojan is one of seven major types of Trojan is one of seven major types of Trojan Horse designed to provide the Trojan Horse designed to provide the attacker with complete control of the attacker with complete control of the victim's system. Attackers usually hide victim's system. Attackers usually hide these Trojan horses in games and these Trojan horses in games and other small programs that other small programs that unsuspecting users then execute on unsuspecting users then execute on their PCs. their PCs.

•Data Sending TrojanData Sending Trojan

A type of a Trojan horses that is designed A type of a Trojan horses that is designed to provide the attacker with sensitive to provide the attacker with sensitive data such as passwords, credit card data such as passwords, credit card information, log files, e-mail address or information, log files, e-mail address or IM contact lists. These Trojans can look IM contact lists. These Trojans can look for specific pre-defined data (e.g., just for specific pre-defined data (e.g., just credit card information or passwords), or credit card information or passwords), or they could install a keylogger and send they could install a keylogger and send all recorded keystrokes back to the all recorded keystrokes back to the attacker. attacker.

•Destructive Trojan Destructive Trojan

A type of Trojan horse designed to A type of Trojan horse designed to destroy and delete files, and is more destroy and delete files, and is more like a virus than any other Trojan. It like a virus than any other Trojan. It can often go undetected by antivirus can often go undetected by antivirus software.software.

•Proxy Trojan Proxy Trojan

A type of Trojan horse designed to use A type of Trojan horse designed to use the victim's computer as a proxy server. the victim's computer as a proxy server. This gives the attacker the opportunity This gives the attacker the opportunity to do everything from your computer, to do everything from your computer, including the possibility of conducting including the possibility of conducting credit card fraud and other illegal credit card fraud and other illegal activities, or even to use your system to activities, or even to use your system to launch maliciouslaunch malicious

attacks against other networks .attacks against other networks .

•FTP Trojan FTP Trojan

A type of Trojan horse designed to A type of Trojan horse designed to open port 21 (the port for FTP open port 21 (the port for FTP transfer) and lets the attacker transfer) and lets the attacker connect to your computer using File connect to your computer using File Transfer Protocol (FTP). Transfer Protocol (FTP).

•Security software disabler Security software disabler Trojan Trojan

A type of Trojan horse designed stop A type of Trojan horse designed stop or kill security programs such as an or kill security programs such as an antivirus program or firewall without antivirus program or firewall without the user knowing. This Trojan type is the user knowing. This Trojan type is normally combined with another type normally combined with another type of Trojan as a payload. of Trojan as a payload.

•D o S attack D o S attack

Short for Short for ddenial-enial-oof-f-sservice attack,ervice attack, a type of a type of attack on a network that is designed to attack on a network that is designed to bring the network to its knees by flooding bring the network to its knees by flooding it with useless traffic. Many DoS attacks, it with useless traffic. Many DoS attacks, such as the such as the Ping of DeathPing of Death and and TeardropTeardrop attacks, exploit limitations in the TCP/IP attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there protocols. For all known DoS attacks, there are software fixes that system are software fixes that system administrators can install to limit the administrators can install to limit the damage caused by the attacks. But, like damage caused by the attacks. But, like viruses, new DoS attacks are constantly viruses, new DoS attacks are constantly being dreamed up by hackers. being dreamed up by hackers.

•How do I get rid of How do I get rid of trojans?trojans?!! Clean ReClean Re--installationinstallation: Although arduous, this will always be the only : Although arduous, this will always be the only

sure way to eradicate a trojan or virus. Back up your entire hard disk, sure way to eradicate a trojan or virus. Back up your entire hard disk, reformat the disk, re-install the operating system and all your reformat the disk, re-install the operating system and all your applications from original CDs, and finally, if you're certain they are applications from original CDs, and finally, if you're certain they are not infected, restore your user files from the backup. If you are not up not infected, restore your user files from the backup. If you are not up to the task, you can pay for a professional repair service to do it. to the task, you can pay for a professional repair service to do it.

Anti-Virus SoftwareAnti-Virus Software: Some of these can handle most of the well : Some of these can handle most of the well known trojans, but none are perfect, no matter what their advertising known trojans, but none are perfect, no matter what their advertising claims. You absolutely MUST make sure you have the very latest claims. You absolutely MUST make sure you have the very latest update files for your programs, or else they will miss the latest update files for your programs, or else they will miss the latest trojans. Compared to traditional viruses, today's trojans evolve much trojans. Compared to traditional viruses, today's trojans evolve much quicker and come in many seemingly innocuous forms, so anti-virus quicker and come in many seemingly innocuous forms, so anti-virus software is always going to be playing catch up. Also, if they fail to software is always going to be playing catch up. Also, if they fail to find every trojan, anti-virus software can give you a false sense of find every trojan, anti-virus software can give you a false sense of security, such that you go about your business not realizing that you security, such that you go about your business not realizing that you are still dangerously compromised. There are many products to are still dangerously compromised. There are many products to choose from, but the following are generally effective: AVP, PC-cillin, choose from, but the following are generally effective: AVP, PC-cillin, and McAfee VirusScan. All are available for immediate downloading and McAfee VirusScan. All are available for immediate downloading typically with a 30 day free trial…typically with a 30 day free trial…

•How do I get rid of How do I get rid of trojans?trojans?!! AntiAnti--Trojan ProgramsTrojan Programs: These programs are the : These programs are the

most effective against trojan horse attacks, because most effective against trojan horse attacks, because they specialize in trojans instead of general viruses. A they specialize in trojans instead of general viruses. A popular choice is The Cleaner, $30 commercial popular choice is The Cleaner, $30 commercial software with a 30 day free trial. When you are done, software with a 30 day free trial. When you are done, make sure you've updated Windows with all security make sure you've updated Windows with all security patches [ext. link], then change all your passwords patches [ext. link], then change all your passwords because they may have been seen by every "hacker" because they may have been seen by every "hacker" in the world. in the world.

IRC Help ChannelsIRC Help Channels: If you're the type that needs : If you're the type that needs some hand-holding, you can find trojan/virus removal some hand-holding, you can find trojan/virus removal help on IRC itself, such as EFnet #dmsetup or DALnet help on IRC itself, such as EFnet #dmsetup or DALnet #NoHack. These experts will try to figure out which #NoHack. These experts will try to figure out which trojan(s) you have and offer you advice on how to fix trojan(s) you have and offer you advice on how to fix it. it.

•Back OrificeBack Orifice

A program that installs itself on a Windows machine as a A program that installs itself on a Windows machine as a server, allowing a crackerserver, allowing a cracker

with the client counterpart towith the client counterpart to manipulate the machine moremanipulate the machine more completely than the user at thecompletely than the user at the keyboard. It can come in thekeyboard. It can come in the form of a Trojan or ActiveX controlform of a Trojan or ActiveX control. Back Orifice 2000 (BO2K) provides. Back Orifice 2000 (BO2K) provides access to Windows NT/2000 machines.access to Windows NT/2000 machines.Back Orifice was created byBack Orifice was created by "The Cult of the Dead Cow" (cDc), "The Cult of the Dead Cow" (cDc), a hacker organization (www.cultdeadcow.com).a hacker organization (www.cultdeadcow.com). There are various "BO removers," which are There are various "BO removers," which are programs that detect and remove it…programs that detect and remove it…

• Sub7 Sub7

Sub7, or SubSeven, is the name of a popular trojan or Sub7, or SubSeven, is the name of a popular trojan or backdoor program. It is mainly used by script kiddies for backdoor program. It is mainly used by script kiddies for causing mischief, such as hiding the computer cursor, causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic changing system settings or loading up pornographic websites. However, it can also be used for more serious websites. However, it can also be used for more serious criminal applications, such as stealing credit card details criminal applications, such as stealing credit card details with a keystroke logger.with a keystroke logger.

Sub7 is usually stopped by antivirusSub7 is usually stopped by antivirus software and a firewall, and withsoftware and a firewall, and with popular operating systems providingpopular operating systems providing these features built in, it may becomethese features built in, it may become less of a computer security problem.less of a computer security problem. However if an EXE packer is in use, itHowever if an EXE packer is in use, it may pass through antivirus software…may pass through antivirus software…

• Sub7Sub7

It was originally designed by mobman, whose whereabouts It was originally designed by mobman, whose whereabouts are currently unknown. He is rumored to either have are currently unknown. He is rumored to either have deceased or have become uninterested in continuing the deceased or have become uninterested in continuing the project. Some claim to have spoken with him and maintain project. Some claim to have spoken with him and maintain that he is not dead. At any rate, no development has that he is not dead. At any rate, no development has occurred in several years. The website was not updated in occurred in several years. The website was not updated in several years (last time in April 2004), until there suddenly several years (last time in April 2004), until there suddenly appeared a news message on April 6, 2006. The news was appeared a news message on April 6, 2006. The news was not by mobman himself, but by someone who goes under not by mobman himself, but by someone who goes under the name LaT.the name LaT.

Like other backdoor programs, Sub7 is distributed with a Like other backdoor programs, Sub7 is distributed with a server and a client. The server is the program that victims server and a client. The server is the program that victims must be enticed to run in order to infect their machines, must be enticed to run in order to infect their machines, and the client is the program with a GUI that the hacker and the client is the program with a GUI that the hacker runs on his own machine to control the server. Sub7 allows runs on his own machine to control the server. Sub7 allows crackers to set a password on the server, theoretically so crackers to set a password on the server, theoretically so that once a machine is owned, no other crackers can take that once a machine is owned, no other crackers can take control of it.control of it.

ThankThank You You