Trojan horse - ट्रोजन हॉर्स
A Trojan horse program, or Trojan, is a program that performs actions which are unknown to and/or unauthorized by the user. To be strictly precise, any program that performs an action that hasn't been authorized by a user could be considered a Trojan. Usually though, Anti-virus vendors will only consider a program a 'Trojan' if is has been deliberately designed to perform an action that has potentially harmful repercussions on the computer system or the user's information. These are three actions are perform by Trojan horse; Copy information stored in specific files on the computer, Modify and open network connections, Install and run other programs on the computer, and Connect to and communicate with another computer or server.
A legitimate program that also performs a harmful action because of a bug in its coding or flaw in its design may also be considered a Trojan, at least until the problem is fixed. There are different types of Trojan horse which are classified as bellow;
- Backdoors - Trojan horse
- Denial of Service.doc
- RAT Trojan
- Data collecting Trojan
- Spyware Trojan
- adware
- Key logger
- Screen Logger
- Secuirty software disable
- Data-sending Trojan Horses
- Proxy Trojan
- Root kit
- Bot
- Botnet
Backdoors - Trojan horse :- A backdoor Trojan allows someone to take control of another user‘s computer via the internet without their permission. The Backdoor Virus can copy itself and may install new updates using the Internet. A Backdoor is an alternative entrance into a system. They are used to bypass the existing security mechanisms built into systems.
A backdoor Trojan may pose as legitimate software, just as other Trojan horse programs do, so that users run it. Alternatively – as is now increasingly common – users may allow Trojans onto their computer by following a link in spam mail. Once the Trojan is run, it adds itself to the computer‘s startup routine. It can then monitor the computer until the user is connected to the internet.
When the computer goes online, the person who sent the Trojan can perform many actions –for example, run programs on the infected computer, access personal files, modify and upload files, track the user‘s keystrokes, or send out spam mail.A backdoor Trojan may pose as legitimate software, just as other Trojan horse programs do, so that users run it. Alternatively – as is now increasingly common – users may allow Trojans onto their computer by following a link in spam mail.
Examples :- of such virus are Subs even, Back Orifice and Gray bird, Blaster worm.
The backdoor Trojan is further sub classified in to two categories which are as given bellow -
- Deniel of Service
- RAT Trojan
Deniel of Service (DOS) :- A denial-of-service (DoS) attack prevents users from accessing a computer or website. In a DoS attack, a hacker attempts to overload or shut down a computer, so that legitimate users can no longer access it. Typical DoS attacks target web servers and aim to make websites unavailable. No data is stolen or compromised, but the interruption to the service can be costly for a company. The most common type of DoS attack involves sending more traffic to a computer than it can handle. Rudimentary methods include sending outsized data packets or sending email attachments with names that are longer than permitted by the mail programs.
A Denial of Service (DoS) attack is a type of verbal attack made on an online service, computer network or system, with the aim of disrupting or terminating the services they provide.
The most common targets for DoS attacks are websites, particularly major commercial entities. More rarely, other resources such as e-mail accounts, online databases and Domain Name Service (DNS) servers may also be targeted.
Examples of such Denial of Service (DoS) are - SYN Flood,The Neat worm, on Microsoft WebTV systems.
RAT (Remote administration Trojans) Trojan :- RATs are malicious programs that run invisibly on host PCs and permit an intruder remote access and control. On a basic level, many RATs mimic the functionality of legitimate remote control programs but are designed specifically for stealth installation and operation. Intruders usually hide these Trojan horses in games and other small programs that unsuspecting users then execute on their PCs.
Typically, exploited users either download and execute the malicious programs or are tricked into clicking rogue email attachments. Most RATs come in client and server components. Intruders ultimately launch the server program on a victim's machine by binding the installing component to some other legitimate program.
Examples of such RAT Trojan are-NetBus, Subs even, Deep Throat, and the infamous Back Orifice.
Data collecting Trojan
Surreptitiously collects and sends back information from the victim‘s machine. The surreptitious nature of such software has led to it being referred to as ―stealth ware.Data collecting trojan are classified in the following two categories -
Spyware Trojan :- Spyware is any program that covertly gathers user information through an Internet connection without the user's knowledge. Spyware programs are not viruses (you cannot spread them to other computers) but they can have undesirable effects. You can get spyware on your computer when you visit certain websites.
A pop-up message may prompt you to download a software utility that you ―need, or software may be downloaded automatically without you knowledge. The spyware then runs on the computer, tracking your activity and reports it to others, such as advertisers. It can also change the home page displayed when you start your internet browser. Spyware also uses memory and processing capacity, and can slow or crash the computer. Software is available that detects known spyware programs and enables you to remove them.
Not all spyware programs are Trojans. Spyware is referred to as ―an abroad spectrum of Trojan horse programs that gather information about you and make it available to an attacker‖ Spyware is a category of computer programs that attach themselves to your operating system in adadevil ways.
Examples of such Trojan are Hotbar,Intelligent Explorer,CoolWebSearch, 180solutions, browser hijackers, and “pop-up” ads from your web browser, etc.
Adware : - Adware is software that displays advertisements on your computer. Adware, or advertising-supported software, displays advertising banners or pop-ups on your computer when you use the application. This is not necessarily a bad thing. Adware is similar to spyware in that it that gathers user information and browsing patterns and uses this information to display advertisements in the Web browser. Unlike Spyware, Adware contains a disclosure telling you that your information will be used. A close relative of spy ware is software that downloads to your computer to play, display, or downloads advertising material to a computer. It slows down you computer and often contains inappropriate content.
Adware can slow down your PC. It can also slow down your internet connection by downloading advertisements. Sometimes programming flaws in the adware can make your computer unstable. Advertising pop-ups can also distract you and waste your time if they have to be closed before you can continue using your PC.
Examples of such Trojan are Bargain Buddy, A Better Internet, Kazaa, Top Text, Gator, Bonzi Buddy, and Comet Cursor.
Key logger :- These Trojans log the keystrokes of the victim and then let the attacker search for passwords or other sensitive data in the log file. They usually come with two functions such as online and offline recording. As with the previous group, these Trojans can be configured to send the log file to a specific e-mail address on a regular basis. A keystroke logger, also known as a key logger, monitors and records keyboard use. Keystroke loggers can record the information typed into a system, which might include the content of e-mails, usernames and passwords for local or remote systems and applications, and financial information (e.g., credit card number, social security number, personal identification number).
Key logger can be combined with sophisticated logic to perform tasks such as looking for the address of an online bank, recording the username and password, and then transmitting this information back to a rogue server —which in turn can transfer funds from the affected user. Keylogger can also be used to harvest sensitive corporate information.
Examples of such Trojan are KeySnatch, Spyster, and KeyLogger Pro, SpyAnytime and 007 Spy Software.
Screen Logger
This is a destructive Trojan that was designed to capture screen shots and transfer them to another system. It works in the following manner. It will automatically start hidden in the background, and begin capturing at a pre- designated time.
Examples of such Trojan are PC Spy, Spector Pro 3.1, Ghost Keylogger, and Branbra.DCY.
There are two type of Screen Keyloggers, these are followings -
Security Software disable : - These are special Trojans (sometimes called Anti-Protection Trojans); designed to disable programs such as Anti-virus software, firewalls, etc. Once these programs are disabled, the hacker is able to attack the victim‘s machine more easily. The Bugbear virus installed a Trojan on the machines of the infected users and was capable of disabling popular Anti-virus and firewalls software.
Examples of such Trojan are "Goner worm"
Data-sending Trojan : - The purpose of these Trojans is to send data back to the hacker with information about passwords, keystrokes, or other confidential information such as credit card details, chat logs, address lists, etc. The Trojan could look for specific information in particular locations or it could install a key-logger and simply send all recorded keystrokes to the hacker (who in turn can extract the passwords from that data). Captured data can be sent back to the attacker's email address, which in most cases is located at some free web-based email provider. This methods have possibility to go unnoticed and can be done from any machine on your network with Internet access. Both internal and external hackers can use data-sending Trojans to gain access to confidential information about your company.
Examples of such Trojan are "Badtrans.B email virus"
Proxy Trojan :- These Trojans turn the victim's computer into a proxy server, making it available to the whole world or to the attacker alone. It is used for creating anonymizers, which then can be used for illegal activities, such as making purchases with stolen credit cards. This gives the attacker complete anonymity and the opportunity to do everything from your computer, including the possibility to launch attacks from your network. If the attacker's activities are detected and tracked, however, the trail leads back to you not to the attacker - which could bring your organization into legal trouble. Strictly speaking, you are responsible for your network and for any attacks launched from it.
Examples of such Proxy Trojan are, TR/Proxy.Agent.atf.1.tr, Trojan.Proxy.13433, Spamhaus XBL, Saturn TR/Proxy.Horst.2775040.
Root Kit :- Root kits are (set of) programs used to alter the standard operating system functionality to hide any malicious activity done by it. They generally replace common operating utilities like kernel, net stat, ls, ps with their own set of programs so that any of the malicious activity is filtered before displaying results on screen. Rootkits are designed to hide processes, files, or Windows Registry entries. Rootkits are used by hackers to hide their tracks or to insert threats surreptitiously on compromised computers. Various types of malware use Rootkits to hide themselves on a computer. A root kit is installed by replacing system files or libraries, or by installing a specially crafted kernel module. Kernel-mode Rootkits are much more common than user-mode Rootkits, because they more powerful and easier to hide. Used in combination with Trojan software, hackers use Rootkits to change system settings and make use of the victim computer without the user—and usually without monitoring software such as firewalls or Anti-virus programs—being able to detect it.
Examples of such virus are LRK5, Knark, Adore, and Hacker Defender.
BOT :- A bot is a program that does any action based on instructions received from its master or controller. A network of such bots is called a Botnet. Any type of malware that enables the attacker to stealthy gain complete control of the infected machine. Bots may be further subcategorized according to their delivery mechanism. Since these are autonomous programs, they are used majorly in the dark community‘ to accomplish many malicious tasks as dictated by its controllers. IRC is one of the common channels that controllers use to communicate with entire bonnets.
•Botnet : - If the bot clones or otherwise replicates itself and exports those clones to other machines, all of the bot instances can communicate and interact with each other, thereby creating a cooperative network of bots, referred to as a Botnet. Bots can be very beneficial programs when they are designed to assist a human user, either by automating a simple task, or by simplifying a user's control over various programs or systems. Unfortunately, bots can also be created to perform malicious tasks that compromise the system or any information stored on the machine. The 'bot' in bonnets definitely refers to the second type, as these bots are used by an attacker to 'hijack' and control a computer system.
These malicious bots can arrive on a victim machine in many ways. The most common method involves dropping the bot in the payload of a Trojan or a similar malware. Other methods include infecting the computer via a drive-by download, or distributing the bot via spam e-mail messages with infected attachments. A remote attacker can then gives commands to the infected computer via the bot and force it to perform malicious actions. In this context, a bot is very similar to a backdoor program, which is also forcibly planted on a computer and used by a remote attacker to direct the infected machine.
Examples of such Botnet are zombie, TDL-4, MyTob, Storm, Koobface,Sasser, an ultra-resilient .
