Trojans in Brief

Trojans in Brief

This tutorial will include the understanding concept of Trojan, Dangers created by Trojans, how they can come to your computer, how do they destroy you and your data. How many types of Trojans are there, how Trojans are attached behind other applications and finally the most important, Detection of Trojan on your computer and their prevention to safeguard your system and your data.

Knowing the Trojan

A Trojan is a malicious program misguided as some very important application. Trojans comes on the backs of other programs and are installed on a system without the User’s knowledge. Trojans are malicious pieces of code used to install hacking software on a target system and aid the Hacker in gaining and retaining access to that system. Trojans and their counterparts are important pieces of the Hacker’s tool-kit. Trojans is a program that appears to perform a desirable and necessary function but that, because of hidden and unauthorized code, performs functions unknown and unwanted by the user. These downloads are fake programs which seems to be a original application, it may be a software like monitoring program, system virus scanners, registry cleaners, computer system optimizers, or they may be applications like songs, pictures, screen savers, videos,  etc..

  1. You just need to execute that software or application, you will find the application running or you might get an error, but once executed the Trojan will install itself in the system automatically.

2 Once installed on a system, the program then has system-level access on the target system, where it can be destructive and insidious. They can cause data theft and loss, and system crashes or Slow downs; they can also be used as launching points for other attacks against your system.

3 Many Trojans are used to manipulate files on the victim computer, manage processes, remotely run commands, intercept keystrokes, watch screen images, and restart or shut down infected hosts.

Different Types of Trojans

  1. Remote Administration Trojans: There are Remote Access Trojans which are used to control the Victim’s computer remotely.
  1. Data Stealing Trojans: Then there are Data Sending Trojans which compromised the data in thenVictim’s computer, then find the data on the computer and send it to the attacker automatically.
  1. Security Disabler Trojan: There are Security software disablers Trojans which are used to stop antivirus software running in the Victim’s computer.

In most of the cases the Trojan comes as a Remote Administration Tools which turns the Victim’s computer into a server which can controlled remotely. Once the Remote Access Trojan is installed in the system, the attacker can connect to that computer and can control it.

Some famous Trojan

1 Beast

2 Back Orifice

3 Pro Rat

4 Girl Friend

5  Sub Seven

Components of Trojans

Trojan consists of two parts:

  1. A Client component
  2. A Server component.

One which resides on the Victim’s computer is called the server part of the Trojan and the one which is on the attacker’s computer is called the client Part of the Trojan. For the Trojan to function as a backdoor, the server Component has to be installed on the Victim’s machine.

  1. Server component of the Trojan opens a port in the Victim’s computer and invites the Attacker to connect and administrate the computer.
  1. Client component of the Trojan tries to connect the Victim’s computer and administrate the computer without the permission of the User.

Wrapper:A Wrapper is a program used to combine two or more executables into a single packaged program. The wrapper attaches a harmless executable, like a game, to a Trojan’s payload, the executable code that does the real damage, so that it appears to be a harmless file.

Hackers use Wrappers to bind the Server part of the Software behind any image or any other file. Wrappers are also known as Binders. Generally, games or other animated installations are used as wrappers because they entertain the user while the Trojan in being installed. This way, the user doesn’t notice the slower processing that occurs while the Trojan is being installed on the system—the user only sees the legitimate application being installed.

Mode of Transmission for Trojans

Chat

Email attachment

Website download

Physical drive

Network share

Reverse Connection in Trojans

Reverse-connecting Trojans let an attacker access a machine on the internal network from the outside. The Hacker can install a simple Trojan program on a system on the internal network. On a regular basis (usually every 60 seconds), the internal server tries to access the external master system to pick up commands. If the attacker has typed something intothe master system, this command is retrieved and executed on the internal system. Reverse WWW shell uses standard HTTP. It’s dangerous because it’s difficult to detect – it looks like a client is browsing the Web from the internal network Now the final part ….

Detection and Removal of Trojans

The unusual behaviour of system is usually an indication of a Trojan attack. Actions/symptoms such as,

  • Programs starting and running without the User’s initiation.
  • CD-ROM drawers Opening or Closing.
  • Wallpaper, background, or screen saver settings changing by themselves.
  • Screen display flipping upside down.
  • Browser program opening strange or unexpected websites

All above are indications of a Trojan attack. Any action that is suspicious or not initiated by the user can be an indication of a Trojan attack. One thing which you can do is to check the applications which are making network connections with other computers. One of those applications will be a process started by the Server Trojan.

You also can use the software named process explorer which monitors the processes executed on the computer with its original name and the file name. As there are some Trojans who themselves change their name as per the system process which runs on the computer and you cannot differentiate between the Trojan and the original system process in the task

manager processes tab, so you need PROCESS EXPLORER.

TCP (Transmission Control Protocol) view

  • TCP View is a Windows program that will show you detailed listings of all TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) endpoints on your system, including the local and remote addresses and state of TCP connections.
  • On Windows NT, 2000, and XP, TCP View also reports the name of the process that owns the endpoint.
  • Active connections will appear in Green Color. You can always Right Click on the check the properties of the application.
  • Once you have got hold of the Trojan application, you can Kill the active connection and the running process and then delete the physical application file. This will make you recover from the attack of Trojan.

Countermeasures for Trojan attacks

Most commercial antivirus programs have Anti-Trojan capabilities as well as spy ware detection and removal functionality. These tools can automatically scan hard drives on startup to detect backdoor and Trojan programs before they can cause damage. Once a system is infected, it’s more difficult to clean, but you can do so with commercially available tools. It’s important to use commercial applications to clean a system instead of freeware tools, because many freeware removal tools can further infect the system. In addition, port monitoring tools can identify ports that have been Opened or files that have changed. The key to preventing Trojans and backdoors from being installed on a system is to not to install applications downloaded from the Internet or open Email attachments from parties you don’t know. Many systems administrators don’t give users the system permissions necessary to install programs on system for the very same reason.

Founder of Abhishekpjha.wordpress.com & Padhega To Badhega

Founder of Abhishekpjha.wordpress.com & Padhega To Badhega

 

 

 

 

 

 

 

 


Download the PadhegaToBadhega app Click the link below
http://www.appsgeyser.com/getwidget/PadhegaToBadhega
Join us on Facebook
https://www.facebook.com/PadhegaToBadhega
For :
More Material /Question Bank /Practice Paper /Online Coaching/Online Tution/Guidelines

To Buy NTSE : The Essential Guide(in pdf/ paper ) Click the link below
http://pothi.com/pothi/book/ebook-abhishek-p-jha-ntse-essential-guide
http://www.lulu.com/shop/abhishek-p-jha/ntse-essential-guide/paperback/product-21686772.html
https://www.smashwords.com/profile/view/abhishekpjha

To Learn Computer Programming /Math/NTSE /Sanik School / JNV School / Entrance exam PreperationAptitude/English/Spoken English Contact Abhishek Jha here

Leave a comment