Trojans - Cyber Security

TROJANS

To know about Trojans we have to know about those, which are given below.....

•What Is A Trojan Horse

•How Do Trojans Work & Trojans Variations

•How Can I Get Infected

•How Do I Know I'm Infected

•Defence against Trojans

What Is A Trojan Horse?

- An An unauthorized program contained within a legitimate

program. This unauthorized program performs functions unknown

(and probably unwanted) by the user.


- A legitimate program that has been altered by the placement of

unauthorized code within it; this code performs functions unknown

(and probably unwanted) by the user.

How Do Trojans Work?

There are two parts:-

* Client part

* Server part

• Attacker will then use the Client to connect to

the Server and start using the Trojan.

• Server runs on the victim's computer, (usually) hide itself & start listening on some port(s) for incoming connections from the attacker.

• Modify the registry and/or use some other auto starting method.

Auto start methods

•Autostart Folder: C:\Windows\Start Menu\Programs\startup

•Win.ini: load=Trojan.exe and run=Trojan.exe 

•System.ini: 

•Wininit.i

•Winstart.batsk

•Explorer Startup: if c:\explorer.exe  exists, it will be started instead of the usual c:\Windows\Explorer.exe

Auto start methods: Registry

•[HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Run]

•"Info"="c:\directory\Trojan.exe"

•[HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\RunOnce] 

•"Info"="c:\directory\Trojan.exe"

•[HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows\CurrentVersion\RunServices]

•"Info"="c:\directory\Trojan.exe"

•[HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows\CurrentVersion\RunServicesOnce]

•"Info="c:\directory\Trojan.exe"

•[HKEY_CURRENT_USER\Software\Microsoft
\Windows\CurrentVersion\Run]

•"Info"="c:\directory\Trojan.exe"

•[HKEY_CURRENT_USER\Software\Microsoft
\Windows\CurrentVersion\RunOnce]

•"Info"="c:\directory\Trojan.exe"

Trojans Variations

•Remote Access Trojans: they give the attackers the power to do more things on the victim's machine than the victim itself

•Password Sending Trojans

•Key loggers

•Destructive

•Denial Of Service (DOS) Attack Trojans

•Proxy/Wingate Trojans

•FTP Trojans

•Software Detection Killers

How Can I Get Infected?

•ICQ & IRC

•Attachments

•Physical Access

•Browser And E-mail Software Bugs

•NetBIOS (File Sharing)

•Fake Programs

•Untrusted Sites And Freeware Software

How Do I Know I'm Infected
•Suddenly your  browser directs you to some page unknown to you.

•A strange and unknown Windows Message Box appears on your screen, asking  you some personal questions.

•Your Windows settings change by themselves

•Net stat

•Regular check of startup programs.

Defense against Trojans
•Personal Firewall.

•Use safe methods.

•Sand box (OTW)

•Anti-Virus (AV) Scanners

•Perimeter defense for the network.

•Don’t keep sensitive info (encrypt)

After You Clean Yourself

•Change passwords

•Info every contact in Address Book .

•Check your HDD for abnormal activities like a lot of free space missing 

•Think for a while about the sensitive information you had on your machine  before the compromise & take appropriate action

•Scan your machine with Anti-Virus scanner

Thanks.