Significance of Trojans

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Significance of Trojans

A Trojan is one of the oldest mechanisms used to compromise a computer system and is still one of the more effective methods of doing so. When planned and implemented correctly, a Trojan can grant access to a system on behalf of the attacker, allowing all sorts of activities to take place.

Software Trojans represent one of the biggest dangers to the end user or owner of a system. Users can be easily coerced into installing or running software that looks legitimate but hides a payload that does something unwanted, such as opening up avenues that an attacker can use. Further complicating things is the fact that Trojans operate on a principle that can be summed up as “permitting what you cannot deny,” in other words, using ports and mechanisms on the system that you have to leave open for the system to function normally, such as ports 80 and 21. These programs can even redirect traffic to ports that are open in place of ones that the attacker does not wish to use.

An Unknowing Victim?

The following is an excerpt of a story that was originally published on zdnet.co.uk.

“Julian Green, 45, was taken into custody last October after police with a search warrant raided his house. He then spent a night in a police cell, nine days in Exeter prison, and three months in a bail hostel. During this time, his ex-wife won custody of his seven-year-old daughter and possession of his house.

“This is thought to be the second case in the UK where a ‘Trojan defense’ has been used to clear someone of such an accusation. In April, a man from Reading was found not guilty of the crime after experts testified that a Trojan could have been responsible for the presence of 14 child porn images on his PC.

“Trojan horses can be used to install a backdoor on a PC, allowing an attacker to freely access the computer. Using the backdoor, a malicious user can send pictures or other files to the victim’s computer or use the infected machine to access illegal websites, while hiding the intruder’s identity. Infected machines can be used for storing files without the knowledge of the computer’s owner.”

The list of pieces of software that can be Trojaned is endless. It includes anything that the creator believes will entice the victim to open the software. Applications such as games, messaging software, media players, screen savers, and other similar types have been Trojaned. For example, an attacker may choose a popular downloadable game as a distribution method by downloading it, infecting it, and posting it on a popular download site. By choosing a popular piece of software that people will willingly download, the attacker increases the chances of higher infection rates.

A hacker may have several goals in mind when creating a Trojan, but typically the goal is to maintain access for later use. For example, an attacker may compromise a system and install a Trojan that will leave a backdoor on the system.

Types of Trojans include:

Remote access—A remote-access Trojan (RAT) is designed to give an attacker control over a victim’s system. Several well-known members of this class are Sakula, Kjw0rm, Havex, and DarkComet. Typically, members of this class work in two components: a client and a server.
Data sending—Trojans of this type are designed to capture and redirect data to an attacker. The types of data these Trojans can capture are varied but can include anything from keystrokes and passwords to any other type of information that may be generated or reside on the system. This information can be redirected to a hidden file or even an email if there is a predefined email or social media account.
Destructive—Software in this category is designed to do one thing and one thing only: destroy data and disable a system.
Denial of service (DoS)—Software in this category is designed to target a specific service or server, overwhelm it, and shut it down.
Proxy—Trojans that fit into this category allow attackers to use a victim’s system to perform their own activities. Using a victim’s system to carry out a crime makes locating the actual perpetrator much more difficult.
File Transfer Protocol (FTP)—Software in this category is designed to set up the infected system as an FTP server. An infected system will become a server hosting all sorts of data, including illegal software; pirated movies and music; or, as has been observed in some cases, pornography.
Security software disablers—Trojans of this type are designed to specifically target the security countermeasures present on a system and shut them down. On a system infected with this software, mechanisms such as antivirus software, firewalls, and system updates are often disabled. Trojans often use this strategy first to infect a system and then to perform activities from one of the other categories, such as setting up a proxy server or FTP site.

Software Trojans emerged in the mid-1980s as a way to infect software and distribute the infected payload to different systems without raising suspicion. In most situations, but not all, Trojans are intended to allow an attacker to remotely access or control a victim’s system. In the event that an application infected with a Trojan is installed on a target system, the attacker can not only obtain remote access but also perform other operations designed to gain control of the infected system. In fact, the operations that an attacker can perform are limited by only two factors: the privileges of the user account it is running under and the design the author has chosen to implement. By infecting a system with a Trojan, an attacker opens a backdoor to the system that he or she can take advantage of.

Methods to Get Trojans onto a System

Earlier in this chapter, you read about the range of options hackers have for getting Trojans onto their victims’ computers. A common theme among these methods is that they play on the human desire to get something for nothing.

Once hackers have a Trojan installed on a target computer system, they can perform the following operations:

Data theft
Installation of software
Downloading or uploading of files
Modification or deletion of files
Installing keystroke loggers
Viewing the system user’s screen
Consuming computer storage space
Crashing the victim’s system

Trojans are commonly grouped into the category of viruses, but this is not entirely correct. Trojans are similar in certain ways to viruses in that they attach to other files, which they use as a carrier, but they are different in the fact that they are not designed to replicate. The method of distribution that is used for Trojans is simple in that they attach themselves to another file and the file is retrieved and executed by an unsuspecting victim. Once this event occurs, the Trojan typically grants access to the attacker or can do some other action on the attacker’s behalf.

Trojans require instructions from the hacker to fully realize their purpose before or after distribution. In fact, it has been shown in the majority of cases that Trojans are not actually distributed past the initial stages by their creators. Once attackers release their code into the world, they switch their involvement from the distribution to the listening phase, where Trojans will call home, indicating they have infected a system and may be awaiting instructions.

Targets of Trojans

The more people everywhere use the Internet to communicate, shop, and even store their data, the more they generate targets for hackers and their Trojans. Earlier in this chapter, you read about some of the targets that tempt hackers: financial data, passwords, insider information, and stored data of all kinds. And there are still some hackers who simply want to have some fun at the expense of someone else.

The first widespread Trojans to appear debuted between 1994 and 1998 as distribution methods became more robust (i.e., the Internet). Prior to this point, the software was distributed via bulletin board systems (BBSs), floppies, and similar methods. Since the early days of Trojans, the sophistication of the software has increased, as has the number of reported incidents associated with this type of code. Of course, as Trojans increased in sophistication, so did the methods used to thwart them, such as antivirus software and other tools.

Known Symptoms of an Infection

So what are the symptoms or effects of an infection of a Trojan? In the event that your anti-malware does not detect and eliminate this type of software, it helps to be able to identify some of the signs of a Trojan infection:

The CD/DVD drawer of a computer opens and closes.
The computer screen changes, such as flips or inverts.
Screen settings change by themselves.
Documents print with no explanation.
A browser is redirected to a strange or unknown webpage.
Windows color settings change.
Screen saver settings change.
Right and left mouse buttons reverse their functions.
The mouse pointer disappears.
The mouse pointer moves in unexplained ways.
The start button disappears.
Chat boxes appear on the infected system.
The Internet service provider (ISP) reports that the victim’s computer is running port scans.
People chatting appear to know detailed personal information.
The system shuts down by itself.
The taskbar disappears.
The account passwords are changed.
Legitimate accounts are accessed without authorization.
Unknown purchase statements appear in credit card bills.
Modems dial and connect to the Internet by themselves.
The Ctrl+Alt+Del command stops working.
Although the computer is rebooted, a message states that there are other users still connected.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Significance of Trojans

Create new playlist

Sign In

Sign Up

Table of Contents for
Significance of Trojans