and Evading Evadin g Tech Techniqu niques es
Troja rojans ns and Evadi Evading ng Techni echniques ques The The mo modu dule le wi will ll in incl clud ude e th the e understanding the concept of Tro rojjan, Danger cre rea ated by Trojans, how they can come to you yourr co comp mput uter er,, ho how w do th they ey destroy you. How many types of Trojans are there, how Tro Troja jans ns ar are e at atta tach ched ed be behi hind nd other ot her app applic licati ations ons and fi final nally ly the most important, Detection of Tro roja jan n on your co comp mpu ute terr and their prevention to safeguard your system and your data.
Knowing The Trojans A Tro rojjan is a mali lic cious progr gra am misg mi sgui uide ded d as so some me very im impo porta rtant nt appl ap plic icat atio ion. n. Tro roja jans ns co come mess on th the e backs of other programs and are install lle ed on a system without the User’s knowled e. Tro ans are mali lic cious pieces of code used to install hacking software on a target system and aid the Hacker in gaining and retaining access to that system. Tro Troja jans ns an and d th thei eirr co coun unte terpa rparts rts ar are e import rta ant pieces of the Hacker’s toolkit.
Knowing The Trojans Trojans is a program that appears to per perfo form rm a des esiira rab ble an and d nec eces esssary functi fun ction on but th that, at, because because of hid hidden den and unauthorized co cod de, perfo form rmss functions unknown and unwanted by the user. These downloads are fake programs which seems to be a legi le giti tima mate te ap appl plic icat atio ion, n, it ma may y be a soft so ftw war are e li lik ke mo moni nito tori ring ng pr pro ogra gram, m, system viru russ scanners, registry cleaners, computer system optimizers, or they may be applicati tio ons like songs gs,, pict ctu ure ress, screen savers, videos, etc.
Knowing The Trojans You just need to execute that software or application, you will find the application running or you might get an error, but once executed the Trojan will install itself in the system automaticall . Once install lle ed on a system, the program then has system-level access on the target system, where it can be dest de struct ructiive an and d in insi sidi diou ous. s. Th They ey ca can n cause data theft and loss, and system crashes or slowdowns; they can also be used as launching points for other attacks •
•
Knowing The Trojans Many Trojans are used to manipulate files on the victim computer, manage proc proces esse ses, s, rem remot otely ely run co comm mman ands ds,, in inte terc rcep eptt key eyst strok rokes es,, wat atch ch sc scree reen n images, and restart restar t or shut down infected hosts. hosts.
Different Types of Trojans 1.
Remote Adm Remote Adminis inistrat tration ion Trojans rojans:: There are Rem Remote ote Acces Accesss Trojans which are used to control the Victim’s computer remotely.
2.
Data Stea Stealing ling Trojans rojans:: Then Then there are Data Send Sending ing Trojans whic which h compromised the data in the Victim’s computer, then find the data on the com uter and send it to to the the attacker attacker automatica automaticall ll .
3.
Security Disa Security Disabler bler Trojan: There are Securi Security ty softw software are disa disablers blers Trojans Trojans which are used to stop antivirus software running in the Victim’s computer. In most of the cases the Trojan Trojan comes as a Remote Administration Administrati on Tools Tools which turns the Victim’s computer into a server which can controlled remotely. Once the Remote Access Trojan is installed in the system, the attacker can connect to that computer and can control it.
Some Famous Trojans
Beast
Some Famous Trojans
Back Orifice
Some Famous Trojans
Net Bus
Some Famous Trojans
ProRat
Some Famous Trojans
GirlFriend
Some Famous Trojans
Sub7
Components of Trojans Trojan Trojan consists consists of two parts: 1. A Cl Clie ient nt co comp mpon onen entt 2. A Se Serve rverr co comp mpon onen ent. t. One which resides on the Victim’s computer is called the server part of the ’ part part of th the e Tro roja jan. n. For th the e Tro roja jan n to fu func ncti tion on as a ba back ckdo door or,, th the e se serve rverr component has to be installed on the Victim’s machine
Components of Trojans
Components of Trojans 1.
Serverr co Serve comp mpon onen entt of th the e Tro roja jan n opens a port in the Victim’s computer and invites the Attacker to connect and administrate the computer.
2.
Client Clie nt co comp mpon onen entt of th the e Tro roja jan n tries to connect the Victim comp co mput uter er an and d ad admi mini nist stra rate te th the e computer without the permission of the User.
Wrapper A Wrapper is a pro rogr gra am used to com co mbi bin ne tw two o or more ex exec ecu uta tab ble less into a single packaged program. The wrapper attaches a har mless executable, like a game, to a Trojan’s pay oa , t e executa e co e t at does the real damag age e, so that it appears to be a harmless file. •
Hackers use Wrappers to bind the Serve Se rverr pa part rt of th the e So Soft ftw war are e be behi hind nd any image or any other file. Wrappers Wrappers are also known as Binders. •
Wrapper Generally, games or other animated installations are used as wrappers because they entertain the user while the Trojan in being installed. This way, the user doesn’t notice the slower processing that occurs while the Trojan is being installed on the system—the user only sees the legitimate application being installed.
Modes of Transmission
Reverse Connection In Trojans Reverse-connecting Trojans let an attacker access a machine on the internal network netwo rk from fr om the outside. The Hacker can install a simple Trojan Trojan program on a system on the internal network. On a regular basis (usually every 60 seconds), the th e inte terna rnall serv erver er tr triies to acc cces esss the ex exttern erna al mas astter sys ysttem to pick up comman com mands ds.. If th the e att attack acker er has typed somethi something ng int into o th the e mas master ter system, system, thi thiss command is retrieved retrieved and executed executed on the the internal s stem. Reverse Reverse WWW shell uses standard HTTP. It’s dangerous because it’s difficult to detect—it looks like a client is browsing the Web from the internal network
Detection And Removal of Troja Unusual Unus ual sys system tem beh behav avio iorr is usu usually ally an in indic dicati ation on of a Troja rojan n att attack. ack. such as • • • • •
Programs starting and running without the User’s initiation CD-ROM drawers Opening or Closing Wal alll a er ba back ck ro roun und d or sc scre reen en sa sav ver se sett ttin in s ch chan an in b th them emse selv lv Screen display flipping f lipping upside down down Browser program opening strange or unexpected websites websites
All above above are indications of a Trojan Trojan attack. Any action that is suspiciou initiated by the user user can be an indication indication of a Trojan Trojan attack.
One thing which you can do is to check the applications which are m
TCPView TCPView is a Windows program TCPView program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. •
On Windows Windows NT, NT, 2000, and XP, XP, TCPView TCPView also reports repor ts the name of the process that own ownss the end oint. •
Active connections will appear in Green Color. You can always Right Click on the check the properties of the application. application. •
Once you have have got hold of the Trojan Trojan application, you can Kill the active connection and the running process and then delete the physical application file. This will make you you recover recover from the attack of Trojan. •
TCPView
Countermeasures Most commercial antivirus programs have Anti-Trojan capabilities as well as spyw sp yware are det detect ectio ion n and remo remov val fu funct nctio ionali nality ty.. Thes These e to tools ols can aut autom omati atically cally scan hard drives on startup to detect backdoor and Trojan Trojan programs before befor e they can cause damage. Once a system is infected, it’s more difficult to clean, but you can do so with co com mmerci cia ally available tools ls.. It’s import rta ant to use commerc a app cat ons to c ea ean n a system nstea o re ree eware too s, eca cau use many freeware removal tools can further infect the system. In addition, portmonitoring tools can identify ports that have been opened or files that have changed.
Trojan Evading Technique The key to preventing Trojans and backdoors from being installed on a system is to not to install appl ap plic icat atio ions ns do down wnlo load aded ed fr from om th the e Internet or open Email attachments rom pa part es yo you on’t now. Ma Many syst sy stem emss ad admi mini nist stra rato tors rs do don’ n’tt gi giv ve users the system perm rmiissions nec ece essary to install pro rogr gram amss on their system for the very same reason.
