- 5paisa
- AdSense
- Android
- Asphalt 8 : Airborne Mod Apk 4.9.1b Unlimited Money
- Battlegrounds Mobile India
- Blogger
- Blogging
- Bug Hunting
- cloud storage
- Cmd
- Damn vulnerable Web Application
- Demat Account
- Difference between
- dj alok
- dj alok in free firefree
- Doodle Army 2 : Mini Militia 5.2.0 Apk + Mod for android
- DVMA
- E-books
- earn Bitcoins
- Ethical hacking tutorials
- Express vpn
- EXPRESSVPN PRO APK 7.12.1
- EXPRESVPN CRACKED APK
- fire dj alok
- Freefire
- Gaming
- Google drive
- Google llc
- gplink
- Groww App
- Health
- helo
- helo mela
- helo app
- Helo app earn paytm
- Helo app full guide
- Helo app invite and earn
- Helo app redeem proof
- Helo app refer and earn
- Helo app unlimited trick
- Helo app withdraw proof
- Helo Mela Offer: Get Rs.2 Free Paytm Cash + Win Upto Rs.10000 Paytm Cash
- helo refer and earn
- How to
- How to combine two Wifi Connections to get a faster Internet
- how to get dj alok for free
- how to get free dj alok
- how to get free dj alok in free fire
- How to install DVWA on Kali Linux 2020.2
- How To Use Light Speed WebCache on Your website
- ICICI Direct
- IOS
- kali linux
- Live streaming
- makeup
- meesho
- Money Earning
- My poems
- Netflix
- Netflix mod
- Netflix premium
- News
- online courses
- Pentesting
- programming
- PUBG
- Puffin Browser Pro 8.3.0.41446 (Full) Apk + Mod for Android
- Puzzles
- Recharge offers
- Refer and Earn
- Reviews
- SEO
- shell Scripting
- Shortlink
- Spotify Music 8.5.57.1164 APK Mega Mod Cracked Latest Android
- stylish name
- Technology
- Tips&Tricks
- Township Mod Apk 7.5.0 Unlimited Money
- Udemy
- Udemy courses
- Udemy free
- Udemy premium
- VClip app download link
- VClip app full details
- VClip app invitation link
- VClip app referral code
- VClip app referral link
- VClip app review
- Web designing
- What is
- WINDOWS
- Wishes
- Wordpress
- World Cricket Championship 2 2.8.9 Apk + Mod (Coins/Unlocked)
- Youtube tricks
- zoom app
- zoom bombing
- zoom call
- Zoom safety tips
What is trojen horse
TROJEN HORSES:BEWARE OF THEM
Trojan horse well this term has many meanings .In the context of computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. Often the term is shortened to simply Trojan, even though this turns the adjective into a noun, reversing the myth (Greeks were gaining malicious access, not Trojans).
There are two common types of Trojan horses.
One, is otherwise useful software that has been corrupted by a cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities. The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives. Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system's security design or configuration. Definition A Trojan horse program has a useful and desired function, or at least it has the appearance of having such. Trojans use false and fake names to trick users into dismissing the processes. These strategies are often collectively termed social engineering. In most cases the program performs other, undesired functions, but not always. The useful, or seemingly useful, functions serve as camouflage for these undesired functions. A trojan is designed to operate with functions unknown to the victim. The kind of undesired functions are not part of the definition of a Trojan Horse; they can be of any kind, but typically they have malicious intent. In practice, Trojan Horses in the wild often contain spying functions (such as a packet sniffer) or backdoor functions that allow a computer, unknown to the owner, to be remotely controlled from the network, creating a "zombie computer". The Sony/BMG rootkit Trojan, distributed on millions of music CDs through 2005, did both of these things. Because Trojan horses often have these harmful behaviors, there often arises the misunderstanding that such functions define a Trojan Horse. In the context of Computer Security, the term 'Trojan horse' was first used in a seminal report edited/written by JP Anderson (aka 'The Anderson Report' (Computer Security Technology Planning, Technical Report ESD-TR-73-51, USAF Electronic Sysstem Division, Hanscom AFB, Oct, 1972), which credits Daniel J Edwards then of NSA for both the coinage and the concept. One of the earliest known Trojans was a binary Trojan distributed in the binary Multics distribution; it was described by PA Karger and RR Schell in 1974 (Multics Security Evaluation, Technical Report ESD-TR-74-193 vol II, HQ Electronic Systems Division, Hanscom AFB, June 1974). The basic difference from computer viruses is that a Trojan horse is technically a normal computer program and does not possess the means to spread itself. The earliest known Trojan horses were not designed to spread themselves. They relied on fooling people to allow the program to perform actions that they would otherwise not have voluntarily performed. Trojans implementing backdoors typically setup a hidden server, from which a hacker with a client can then log on to. They have become polymorphic, process injecting, prevention disabling, easy to use without authorization, and therefore are abusive. Trojans of recent times also come as computer worm payloads. It is important to note that the defining characteristics of Trojans are that they require some user interaction, and cannot function entirely on their own nor do they self-propagate/replicate. Examples Example of a simple Trojan horse A simple example of a trojan horse would be a program named "waterfalls.scr.exe" claiming to be a free waterfall screensaver which, when run, instead begins erasing all the files on the computer. Example of a somewhat advanced Trojan horse On the Microsoft Windows platform, an attacker might attach a Trojan horse with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan horse itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .com, .scr, .bat, or .pif. Since Windows is sometimes configured by default to hide filename extensions from a user, the Trojan horse is an extension that might be "masked" by giving it a name such as 'Readme.txt.exe'. With file extensions hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. Icons can also be chosen to imitate the icon associated with a different and benign program, or file type. When the recipient double-clicks on the attachment, the Trojan horse might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its real, concealed, objectives. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks - possibly joining many other similarly infected computers as part of a distributed denial-of-service attack. The Sony/BMG rootkit mentioned above both installed a vulnerability on victim computers, but also acted as spyware, reporting back to a central server from time to time, when any of the music CDs carrying it were played on a Windows computer system.
Types of Trojan horses
Trojan horses are almost always designed to do various harmful things, but could be harmless. Examples are erasing or overwriting data on a computer. encrypting files in a cryptoviral extortion attack. corrupting files in a subtle way. upload and download files. allowing remote access to the victim's computer. This is called a RAT. (remote administration tool) spreading other malware, such as viruses. In this case the Trojan horse is called a 'dropper' or 'vector'. setting up networks of zombie computers in order to launch DDoS attacks or send spam. spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware). make screenshots. logging keystrokes to steal information such as passwords and credit card numbers (also known as a keylogger). phish for bank or other account details, which can be used for criminal activities. installing a backdoor on a computer system. opening and closing CD-ROM tray Time bombs and logic bombs "Time bombs" and "logic bombs" are types of trojan horses. "Time bombs" activate on particular dates and/or times. "Logic bombs" activate on certain conditions met by the computer. Precautions against Trojan horses Trojan horses can be protected against through end user awareness. Trojan Horse viruses can cause a great deal of damage to a personal computer but even more damaging is what they can do to a business, particularly a small business that usually does not have the same virus protection capabilities as a large business. Since a Trojan Horse virus is hidden it is harder to protect yourself or your company from them but there are things that you can do. Trojan Horses are most commonly spread through an e-mail, much like other types of common viruses. The only difference being of course is that a Trojan Horse is hidden. The best ways to protect yourself and your company from Trojan Horses are as follows: 1. If you receive e-mail from someone that you do not know or you receive an unknown attachment never open it right away. As an e-mail use you should confirm the source. Some hackers have the ability to steal an address books so if you see e-mail from someone you know that does not necessarily make it safe. 2. When setting up your e-mail client make sure that you have the settings so that attachments do not open automatically. Some e-mail clients come ready with an anti-virus program that scans any attachments before they are opened. If your client does not come with this it would be best to purchase on or download one for free. 3. Make sure your computer has an anti-virus program on it and make sure you update it regularly. If you have an auto-update option included in your anti-virus program you should turn it on, that way if you forget to update your software you can still be protected from threats 4. Operating systems offer patches to protect their users from certain threats and viruses, including Trojan Horses. Software developers like Microsoft offer patches that in a sense “close the hole” that the Trojan horse or other virus would use to get through to your system. If you keep your system updated with these patches your computer is kept much safer. 5. Avoid using peer-2-peer or P2P sharing networks like Kazaa , Limewire, Ares, or Gnutella because those programs are generally unprotected from viruses and Trojan Horse viruses are especially easy to spread through these programs. Some of these programs do offer some virus protection but often they are not strong enough. Besides these sensible precautions, one can also install anti-trojan software, some of which are offered free.
Methods of Infection
The majority of trojan horse infections occur because the user was tricked into running an infected program. This is why you're not supposed to open unexpected attachments on emails -- the program is often a cute animation or a sexy picture, but behind the scenes it infects the computer with a trojan or worm. The infected program doesn't have to arrive via email, though; it can be sent to you in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. (Physical delivery is uncommon, but if you were the specific target of an attack, it would be a fairly reliable way to infect your computer.) Furthermore, an infected program could come from someone who sits down at your computer and loads it manually. Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of trojans and other pests, because it contains numerous bugs, some of which improperly handle data (such as HTML or images) by executing it as a legitimate program. (Attackers who find such vulnerabilities can then specially craft a bit of malformed data so that it contains a valid program to do their bidding.) The more "features" a web browser has (for example ActiveX objects, and some older versions of Flash or Java), the higher your risk of having security holes that can be exploited by a trojan horse. Email: If you use Microsoft Outlook, you're vulnerable to many of the same problems that Internet Explorer has, even if you don't use IE directly. The same vulnerabilities exist since Outlook allows email to contain HTML and images (and actually uses much of the same code to process these as Internet Explorer). Furthermore, an infected file can be included as an attachment. In some cases, an infected email will infect your system the moment it is opened in Outlook -- you don't even have to run the infected attachment. For this reason, using Outlook lowers your security substantially. Open ports: Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide filesharing capabilities such as Instant Messengers (AOL's AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured. A firewall may be used to limit access to open ports. Firewalls are widely used in practice, and they help to mitigate the problem of remote trojan insertion via open ports, but they are not a totally impenetrable solution, either.
More on trojans
Trojan Part 1
1.What is this text about?/=-=-=-=-=-=-=-=-=-=-=-=-=-=/In this text I'm going to explain you interesting things aboutthe trojans and about their future.I hope you'll realize thattrojans are dangerous and they're still big security problem althoughmany people say don't download files from the net and you won't getinfected which is not right.The main thing I want to explain here isdo the trojans have future and other interesting things about them.This text is only for Windows based trojans not Unix one.=-=-=-=-=-=-=-=-=-=-=-=-=-=2.What Is A Trojan Horse?/=-=-=-=-=-=-=-=-=-=-=-=-=/A trojan horse is-An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.-A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.-Any program that appears to perform a desirable and necessaryfunction but that (because of unauthorized codewithin it that is unknown to the user) performs functions unknown (and probably unwanted) by the user. Trojans can also be called RAT's, or Remote Administration Tools. The trojan got it's name from the old mythical story about how the greeks during the war, gave their enemy a huge wooden horse as a gift.They accepted this gift and they brought into their kingdom, and during the night, greek soldiers crept out of the horse and attacked the city,completely overcoming it.3.Trojans Today/=-=-=-=-=-=-=-=/Trojans has always been big security problem even today.Most of the peopledon't know what a trojan is and they keep downloading files from untrustedsources or from suspicious people.Today there are more than 600 trojans onthe net that I know but I think there are many many more.Because every hacker orprogramer today have it's own trojan made for his/her special needs and notpublished anywhere.Every hacking group has also it's own trojans and programs.When someone start learning winsock the first creating is chat client or trojanhorse.Even the anti-virus scanners I'll talk below people still get infectedby themselves,by some hacker or by some of your friends.----------------------->4.The Future Of Trojans=-=-=-=-=-=-=-=-=-=-=-=-=I think there're a lot of people out there that think thetrojans are outdated and they don't have future.Well I don'tthink so.Trojans will always have future and new things added inthem.There are so many things that can be improved by skilled programersin the trojans.Trojans that COMPLETELY hide in the system and of course restart every time Windows is loadedtrojans that will lie every trojan and anti-virus program this is the future I think.People that program trojans has a lot of ideas that makes their trojans unique.These people start placing backdoors in ActiveX and who knows maybe in future they'llfind other sources they can place the trojans in.Programmers will always think ofnew and unique trojans with functions never seen before.Trojans are made every day by the programers with new options and with better encryption sothe Anti-Trojan software can't detect them.So noone knows how many are the trojans on the net.But the programmers are still programming trojans and they will continue in the future.Technically, a trojan could appear almost anywhere, on any operating system or platform.However, with the exception of the inside job mentioned previously, the spread of trojans worksvery much like the spread of viruses. Software downloaded from the Internet, especially shareware or freeware,is always suspect. Similarly, materials downloaded from underground serversor Usenet newsgroups are also candidates.There are thousand of programs with not checkedsource and new programs are appearing every day especially the freeware one so they can all betrojans.So be careful what you're downloading and from where you're downloading it.Always download software from the official page.----------------------------->5.Anti-Virus Scanners/=-=-=-=-=-=-=-=-=-=-=-=/People think that when they have a virus scanner with the latest virus definitionsthey're secure on the net and they can't get infected with a trojan or noone canhave access to their computer.This is NOT right.The purpose of the anti-virusscanners is to detect not trojans but viruses.But when trojans became popularthe scanners started adding also trojan definitions.These scanners just can'tfind the trojans and analyze them that's why they're just detecting the commonand the well know from everyone trojans like Back Orifice and NetBus and alsoseveral other.As I told they're around 600 trojans I know out there and theanti-virus scanners are detecting just a LITTLE part of them.These scanners are not firewalls that will stop someone that want to connectto your computer or try to attack you as people think they are.So I hope thatyou understand that the main purpose of these scanners is not to detecttrojans and protect you while you're online.Most of the internet users know only Back Orifice and NetBus as trojans.There are some specific tools out there that clean ONLY from these trojans.Again people think that they're secure and protected from every trojan.--------------------------->6.How Can I get Infected?/=-=-=-=-=-=-=-=-=-=-=-=-=-=/Everyone ask this question and often people ask themselves how they gotinfected.Also when someone ask them did they run some file send to themby someone or downloaded from somewhere people always say they didn'trun anything or download some file but they did it.People just don'tpay attention to things they do online and that's why they forgetabout the moment of the infection with the trojan.You can get infected from many places and I'll try to explainyou these things here.6.1 From ICQ6.2 From IRC6.3 From Attachment6.4 Physical Access6.5 Tricks-diskette6.1 From ICQPeople think that they can't infect while they're talking via ICQbut they just forget the moment when someone sends them a file.Everyone knows how insecure ICQ is and that's why some peopleare afraid of using it.As you maybe know there's a bug in ICQ allowing you to send a .exefile to someone but it will look as .bmp or .jpg or whatever you wantit to look like.This is very dangerous as you see and can get you introuble.The attacker will just change the icon of the file likea BMP image,tell you it's a pic of him,rename it to photo.bmpthen you'll get it and of course before getting it you'll see thatit's .bmp and you're secure because the file is not executable.Then you run it see the picture and you think there's nothing toworry about but there is.That's why most of the people say that they didn't run any filesbecause they know that they've run an image not executable.A way to prevent this bug in ICQ is always to check the type ofthe file before running it.It may has an BMP icon but if at the typeof the file is written executable I thin you know that it will bemistake if you run that file.6.2 From IRCYou can also get infected from IRC by receiving files fromuntrusted sources.But I advice you always to be paranoidand do not receive files from ANYONE even from your bestfriend because someone may stolen his/her passwordand infect you.Some people think that they can be 100% surethat the other person is their friend when they ask him/hersomething like a secret or something else that only he/she knowbut as I told you be paranoid because someone may infect your friendand just check his/her IRC logs and see what is this secret about orlearn other things.Be paranoid it's more secure as I say and do notreceive files from anyone on IRC or from somewhere else likee-mail,ICQ or even your online friends.6.3 From AttachmentThe same thing goes about the e-mail attachments.NEVER run anythingeven if it says you'll see hot porno or some passwords for server oranything else.The best way to infect someone with a trojan is masse-mailing the server because there're new people on the net andthey'll of course get infected.This is the best way of infectingas I said that's why it's preferred by the people that want to infectthe masses.6.4 Physical AccessYou can of course get infected by some of your "friends" when theyhave physical access to your computer.Let's suppose you leavesomeone on your computer just for 5 minutes,then of course you canget infected by one of your "friends".There are some very smart peopleout there that keep thinking of new ways of getting physical accessto someone's computer.Here are some tricks that are interesting:1.You "friend" may ask you "Hey bro can you give me some water"or something that will leave him alone.You'll go to take somewater and then........You know2.The attacker may have a plan.Let's say you invited him/herat 12:00 at your home and that attacker told one of your"friends" to call the victim at 12:15 and start talkingabout something with the victim.The attacker again have timeto infect you.Also the "friend" that is calling you may say something like"Is there anyone around you,if so move somewhereelse I don't want anyone to hear what we are talking about"The attacker is again alone and have time to infect you.6.5 TrickThis is one trick that may work on people that reallywant something and the attacker knows what is it.Let's say that the victim wants to watch some pornoor want xxx passwords,then attacker can just leavea diskette with the trojan in the front of the victim'shouse and put the trojan with some xxx pics of course.This is bad things because sometimes if you really wantsomething and you finally found it you don't think aboutanything else except to check it you.You again get infected.I hope now you understand how you got infected the last time(if you got infected of course).----------------------------------->7.How dangerous a trojan can be?/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/Many people that don't know what a trojan isthink that when they run an executable nothinghappened because their computer is still workingand all the data is there,if it was a virustheir data will be damaged and their computer willstop working.Someone is downloading and uploading files on yourcomputer.Someone is reading all of your IRC logs and learninginteresting things about you and your friends.Someone is reading ALL of your ICQ messages.Someone is deleting files on your computer.These are some examples how dangerous a trojan can be.There people that use trojans just to place viruson the infected machine like CIH and destroy the machine.--------------------------->8.Different Kinds Of Trojans=-=-=-=-=-=-=-=-=-=-=-=-=-=-=Remote Access Trojans-------------------------------These trojans are the most popular trojans now.Everyone wants to have such trojan because heor she want to have access to their victim's hard drive.The RAT'S (remote access trojans)are verysimple to use.Just make someone run the serverand you get the victim's IP and you have FULLaccess to his or her computer.They you canalmost everything it depends of the trojan you use.But the RAT'S have the common remote access trojan functions like:keylogger,upload and download function,make a screen shot and so on.Some people use thetrojans for malicious purposes.They want just to delete and delete.This is lame.But a have a guideabout the best way to use a trojan.You should read it.There are many programs out therethat detects the most common trojans,but new trojans arecoming every day and these programs are not the maximum defense.The trojans do always the same things.If the trojan restart every time Windows is loaded thatmeans it put something in the registryor in win.ini or in other system file so the trojan can restart.Also the trojans create some file inthe WINDOWS\SYSTEM directory.The file is always lookingto be something that the victim will thinkis a normal WINDOWS executable.Most trojans hidefrom the Alt+Ctrl+Del menu.This is notgood because there are people who use only this way to seewhich process are running.There are programsthat will tell me you exactly the process and thefile from where it comes.Yeah but some trojansas I told you use fake names and it's a little hardfor some people to understand which processshould they kill.The remote access trojans opensa port on your computer letting everyone to connect.Some trojans has options like change the portand put a password so only the guy that infect youwill be able to use the computer.The changeport option is very good because I'm sure youdon't want your victim to see that port 31337 is openon their computer.Remote access trojans areappearing every day and they will continue to appear.For those that use such trojans: BE CAREFULyou can infect yourself and they the victim youwanted to destroy will revenge and you'll be sorry.---------------------------------------Password Sending TrojansThe purpose of these trojans is to rip all cachedpasswords and send them to specified e-mailwithout letting the victim about the e-mail.Most of these trojans don't restart every time Windowsis loaded and most of them use port 25 tosend the e-mail.There are such trojans that e-mailother information too like ICQ numbercomputer info and so on.These trojans are dangerous ifyou have any passwords cached anywhere on your computer.----------------------------------------KeyloggersThese trojans are very simple.The only one thingthey do is to log the keys that the victim is pressingand then check for passwords in the log file.In the most cases these trojans restart everytime Windows is loaded.They have optionslike online and offline recording.In the online recordingthey know that the victim is online andthey record everything.But in the offline recordingeverything written after Windows start isrecorded and saved on the victims disk waiting forto be transferred.----------------------------------------DestructiveThe only one function of these trojans is todestroy and delete files.This makes them very simpleand easy to use.They can automaticallydelete all your .dll or .ini or .exe files on your computer.These are very dangerous trojans and onceyou're infected be sure if you don't disinfect yourcomputer information will no longer exist.-----------------------------------------FTP trojansThese trojans open port 21 on your computerletting EVERYONE that has a FTP client to connectto your computer without password and will full upload and download options.These are the most common trojans.They all are dangerousand you should me careful using them.-------------------------------------->9.Who Can Infect You?/=-=-=-=-=-=-=-=-=-=-=/Well basically you can get infected by everyone that know howto use a trojan(it's VERY easy) and of course know how to infect you.People that use trojans are wannabe hackers that are just at the stageof using trojans.Some of these people don't move to the next stageand they're lamers that can only use trojans and as I said it's VERY easy.But after reading this text you'll know the most common ways that someonecan infect you with a trojan and it will be hard for the people using themto infect you.------------------------>10.What Is The Attacker Looking For?/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/Some of you may think that trojans are used for damage only.Well they can also be used to spy on someone's machine andtake a lot of private information from it.Wellthe common data an attacker looksfor would include but not limit to the following.-----> Credit Card Information-----> Credit Information-----> Checking Account Information-----> Any accounting data-----> Data bases-----> Mailing Lists-----> Personal Addresses-----> Email Addresses-----> Account Passwords-----> Home Office / Small Business Information-----> Company Accounts / Subscribed for Services-----> Resumes-----> Email-----> Any Company Information / Services He Can Access-----> Your or spouse's first and last name-----> Children's names / ages-----> Your address-----> Your telephone number-----> Letters you write to people-----> Email-----> Your personal resume-----> Your family pictures-----> School work-----> Any school accounts / information
wanna know moreeeeeeeeeeeeeeeeeeeeeeeee
Trojan Part 2
11.How The Trojans Works/=-=-=-=-=-=-=-=-=-=-=-=/Here I'll explain you how the trojans work.If you don't know some wordsyou can check the "Terms Used In The Text" section and read about them there.When the victim runs the server it does functions like opening some specific port and listeningfor connections.It can use TCP or UPD protocols.When you connect with the victim IP the you can do what you want because the server let you dothe trojan functions on the infected computer.Some trojans restart every time Windows is loaded.They modify win.ini or system.ini so the trojan can restart but most of the new trojans use theregistry so they can restart.Trojans communicate like client and server.The victim runs the server,the attacker sends commandto the infected server with the client and the server is just following what the client "says" to it.-------------------------->12.The Most Common Trojan Ports/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/Here's a list of the most common trojan ports:Satanz Backdoor666Silencer1001Shivka-Burka1600SpySender1807Shockrave1981WebEx1001Doly Trojan1011Psyber Stream Server1170Ultors Trojan1234VooDoo Doll1245FTP99CMP1492BackDoor1999Trojan Cow2001Ripper2023Bugs2115Deep Throat2140The Invasor2140Phineas Phucker2801Masters Paradise30129Portal of Doom3700WinCrash4092ICQTrojan4590Sockets de Troie5000Sockets de Troie 1.x5001Firehotcker5321Blade Runner5400Blade Runner 1.x5401Blade Runner 2.x5402Robo-Hack5569DeepThroat6670DeepThroat6771GateCrasher6969Priority6969Remote Grab7000NetMonitor7300NetMonitor 1.x7301NetMonitor 2.x7306NetMonitor 3.x7307NetMonitor 4.x7308ICKiller7789Portal of Doom9872Portal of Doom 1.x9873Portal of Doom 2.x9874Portal of Doom 3.x9875Portal of Doom 4.x10067Portal of Doom 5.x10167iNi-Killer9989Senna Spy11000Progenic trojan11223Hack?99 KeyLogger12223GabanBus1245NetBus1245Whack-a-mole12361Whack-a-mole 1.x12362Priority16969Millennium20001NetBus 2 Pro20034GirlFriend21544Prosiak22222Prosiak33333Evil FTP23456Ugly FTP23456Delta26274Back Orifice31337Back Orifice31338DeepBO31338NetSpy DK31339BOWhack31666BigGluck34324The Spy40412Masters Paradise40421Masters Paradise 1.x40422Masters Paradise 2.x40423Masters Paradise 3.x40426Sockets de Troie50505Fore50766Remote Windows Shutdown53001Telecommando61466Devil65000The tHing6400NetBus 1.x12346NetBus Pro 20034SubSeven1243NetSphere30100Silencer 1001Millenium 20000Devil 1.03 65000NetMonitor 7306Streaming Audio Trojan 1170Socket23 30303Gatecrasher 6969Telecommando 61466Gjamer 12076IcqTrojen 4950Priotrity 16969Vodoo 1245Wincrash 5742Wincrash2 2583Netspy 1033ShockRave 1981Stealth Spy 555Pass Ripper 2023Attack FTP 666GirlFriend 21554Fore, Schwindler 50766Tiny Telnet Server 34324Kuang 30999Senna Spy Trojans 11000WhackJob 23456Phase0 555BladeRunner 5400IcqTrojan 4950InIkiller 9989PortalOfDoom 9872ProgenicTrojan 11223Prosiak 0.47 22222RemoteWindowsShutdown 53001RoboHack 5569Silencer 1001Striker 2565TheSpy 40412TrojanCow 2001UglyFtp 23456WebEx 1001Backdoor 1999Phineas 2801Psyber Streaming Server 1509Indoctrination 6939Hackers Paradise 456Doly Trojan 1011FTP99CMP 1492Shiva Burka 1600Remote Windows Shutdown 53001BigGluck, 34324NetSpy DK 31339Hack?99 KeyLogger 12223iNi-Killer 9989ICQKiller 7789Portal of Doom 9875Firehotcker 5321Master Paradise 40423BO jammerkillahV 121--------------------------------->13.How Can I Monitor My Computer Without Scanner?/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/Again the masses think that when they have sometrojan scanner or anti-virus one they're secure.Well the best way you can check for trojans is to doit by your own.You're not sure is the trojan scannerworking correctly so start checking it alone.In this text I've included one list of software andreviews of course that will help you check your systemfor trojans.Well you always need to check which ports are opened onyour system and if you see that one of the common trojanports is open you're probably infected.*NOTE*You can check that by typing "netstat"in the MS-DOS prompt or use other softwarethat can do this for you*NOTE*Always pay attention to which files are running on yourcomputer and check for something suspicious in it likeit's name.Well I think you'll check files likeconfig.EXE,himem.exe or winlilo.exe or other funny one.Just Hex Edit them and if you find something interestinglike "SchoolBus Server" kill the running file.Make sure you're monitoring your registry and checkevery new change in it.Also be sure you monitorsystem.ini or win.ini because there're stilltrojans that restart from there.And as I told you always download software likeICQ,MIRC or some other well known program fromthe official page.Following these simple rules will help youprevent your computer from getting infected.---------------------------------->14.Software To Help You Monitor Your Computer/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/As I told you I've included one list of softwarethat will help you monitor your computer and helpyou prevent trojan infections.+++++++++++++++----LogMonitor++++++++++++++++Files and directories monitoring tool=====================================Version: 1.3.4Home page: http://www.geocities.com/koenigvad/Eng/Author: Vadim Dumbravanu, koenigvad@yahoo.comLog Monitor is a files and directories monitoring tool. The programperiodically checks selected file's modification time and executesexternal program if file's time was changed or not changed. Fordirectories it handles such events as files change, addition orremoval.Works under Windows 95/98/NT.It's free for personal and business use. See LICENSE.TXT forcopyright information.This file contains following topics:1. Purpose.2. Usage.3. Some features.4. Installation.5. Uninstallation.1. PURPOSEThe program is intended for different administrators usingautomated processes. From time to time these processes stop workingor can even terminate abnormally. Sometimes processes create orupdate error log-files. Log Monitor can watch over such processesvia their log-files and warn administrators about problems.Users can watch over common network folders and see what happenswithin their directories.2. USAGEMost of automated processes track log-files, periodically updatingthem. Accordingly, if such process will terminate abnormally,log-files cease changing.If the process did not update the log-file during selectedinterval, Log Monitor runs an external program. It can be "net sendbla bla bla", or paging program, or process restart. Log Monitorcan run a program if the file was changed too, so you can checkerror files for changes.Log Monitor can also watch over directories and handle fileschange, addition or removal events within directory tree.Log Monitor can be used as a task scheduler. NT Scheduler Serviceis uncomfortable if you need to run a task every hour for example.Using Log Monitor you can add nonexisting file, then selectinterval of 3600 seconds and the program. As long as the file doesnot update, selected program will run every hour.You can specify working time and days when program will belaunched.3. SOME FEATURES- Several files or directories can be monitored simultaneously,each file has its own interval and is processing in a separatethread.- A list of monitoring processes stores in the configuration file.- Minimizes to the System Tray (and restores from it). ;)- There is an ability to pause monitoring of selected files."Paused" state can be stored in the configuration file.- Works on the schedule, can check files and directories onlyduring selected time interval and days of week or month.- Many other really beautiful things.++++++++++++----PrcView+++++++++++++PrcView is a freeware process viewer utility that shows comprehensiveinformation about running processes. This information includes suchdetails as the creation time, version and full path for each DLL usedby a selected process, a list of all threads, memory blocks and heaps.PrcVIew also allows you to kill and attach a debugger to a selected process.PrcView runs on both Windows 95/98 and Windows NT platforms and includesWindows and command-line version of the program.This software is free and freely distributable on a non-commercial basis in the formatORIGINALLY RELEASED (PrcView.zip) with the original Copyright clause.The author expressly disclaims any warranty for this software. This software andany related documentation is provided "as is" without warranty of any kind.Distribution of the program or any work based on the program by a commercialorganization to any third party is permitted only with the written permission of the authorIf you encounter a problem while running PrcView, please visithttp://www.teamcti.com to obtain the latest version. If you still have problems,please send a short description to: IgorNys@writeme.com----XNetStatXNetStat is a program like the "netstat"command in the MS-DOS promt.The programsshows you all of the open ports of your computerand all of the established connections.Mail fresh@arez.com if you want itor have questions about it.++++++++++++----AtGuard+++++++++++++AtGuard is a nice firewall with some coolfeatures.It can also show you which fileopened a connection from your computerthat is VERY useful if you want to detectsome trojans on your machine.I currently lost the URL for that programbut try searching altavista.comor packetstorm.securify.com+++++++++++++++++++++++++-----ConSeal PC FIREWALL++++++++++++++++++++++++++This software will help you to secure your PC.It has some major advantages over other PC-based firewalls.It is available on Windows 95, Windows 98 and Windows NT(3.51 & 4.0).This is probably the best firewall for Windows machinesthat will help you block trojans ports on your machineand also against various D.O.S attacks.+++++++++++++++++----LockDown2000++++++++++++++++++This is really good anti-trojan package that detectsa LOT of trojans and other tools and also acts as a firewall,protect you against nuke and ICQ attacks.It alsoblock file sharing so you won't have problems with it.It's updated regulary with many new trojan definitions.A must have for those of you that want to be protectedagainst attacks and trojan infections.You can get it at http://www.lockdown2000.com++++++++++----TDS-2+++++++++++Trojan Defence Suite is also one very goodanti trojan package with a lot of functions andplugins in it.It also detects probably all of the trojans out there and is regulary updated.A must have for those of you that want to be protectedagainst attacks and trojan infections.You can get it at http://www.tds.diamondcs.com.auUsing all of these tools of course with the anti-trojanpackages will result in one SECURE against trojansWindows machine so go and get them.15.Placing BackDoors In Programs/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/The people that infect with trojans are becoming smarter.They started placing the trojans in some real programs thateveryone is using so they can infect the victim.Most of the people know that when they run a trojannothing will happen or an error message will apear,butwhen the trojan is "joined" with another programthe program will work normally without any error messagesand the victim will think that he/she is not infected.That's not right.Programmers made such programs thatjust "join" two or more executables in one so theycan place the trojan in some programs that everyoneknow about.Such well known programs with open source arealso very dangerous.Good programmer may modifythe source and make it like a trojan so let'ssay you're using modified e-mail client.As wellall know the password sending trojans use port 25to send the e-mail with the information.How aboutif the attacker modified the e-mail client to sendyour e-mail password to him/her.You'll of coursesee(if you're monitoring)that port 25 is open butprobably you won't pay attention because you're sendinge-mails and that's why the port is open.As I said people are becoming smarter and smarter.--------------------------------->16.Advices/=-=-=-=-=-=/Some advises from me to help you preventbeing infected by trojan or virus.[1]-Never accept file even it is from some friend.You're never sure who's on the other side of the computer.[2]-When executing file first check it's typesomeone may try to trick you into running it.[3]-Always monitor your open ports and the running fileson your computer.[4]-Download software ONLY from it's official page.[5]-When playing with trojans you can also get infectedbecause the creators some time put the server in the clientso when you run the client you also get infected.This shows youonce again that trojans are dangerous and when you make mistakeyou can lose sensitive information.[6]-Become a paranoid it's more secure.People laugh at these peoplethat burn every paper they have,that keep all of their passwordsin their minds,that always use encryption,that don't ICQ or IRC becausethey know how weak these protocols are BUT that's why these people neverget caught because they know how to protect themselves.------------------------>
KumarJeeru SYNERGIDS Tech Team
There are two common types of Trojan horses.
One, is otherwise useful software that has been corrupted by a cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities. The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives. Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system's security design or configuration. Definition A Trojan horse program has a useful and desired function, or at least it has the appearance of having such. Trojans use false and fake names to trick users into dismissing the processes. These strategies are often collectively termed social engineering. In most cases the program performs other, undesired functions, but not always. The useful, or seemingly useful, functions serve as camouflage for these undesired functions. A trojan is designed to operate with functions unknown to the victim. The kind of undesired functions are not part of the definition of a Trojan Horse; they can be of any kind, but typically they have malicious intent. In practice, Trojan Horses in the wild often contain spying functions (such as a packet sniffer) or backdoor functions that allow a computer, unknown to the owner, to be remotely controlled from the network, creating a "zombie computer". The Sony/BMG rootkit Trojan, distributed on millions of music CDs through 2005, did both of these things. Because Trojan horses often have these harmful behaviors, there often arises the misunderstanding that such functions define a Trojan Horse. In the context of Computer Security, the term 'Trojan horse' was first used in a seminal report edited/written by JP Anderson (aka 'The Anderson Report' (Computer Security Technology Planning, Technical Report ESD-TR-73-51, USAF Electronic Sysstem Division, Hanscom AFB, Oct, 1972), which credits Daniel J Edwards then of NSA for both the coinage and the concept. One of the earliest known Trojans was a binary Trojan distributed in the binary Multics distribution; it was described by PA Karger and RR Schell in 1974 (Multics Security Evaluation, Technical Report ESD-TR-74-193 vol II, HQ Electronic Systems Division, Hanscom AFB, June 1974). The basic difference from computer viruses is that a Trojan horse is technically a normal computer program and does not possess the means to spread itself. The earliest known Trojan horses were not designed to spread themselves. They relied on fooling people to allow the program to perform actions that they would otherwise not have voluntarily performed. Trojans implementing backdoors typically setup a hidden server, from which a hacker with a client can then log on to. They have become polymorphic, process injecting, prevention disabling, easy to use without authorization, and therefore are abusive. Trojans of recent times also come as computer worm payloads. It is important to note that the defining characteristics of Trojans are that they require some user interaction, and cannot function entirely on their own nor do they self-propagate/replicate. Examples Example of a simple Trojan horse A simple example of a trojan horse would be a program named "waterfalls.scr.exe" claiming to be a free waterfall screensaver which, when run, instead begins erasing all the files on the computer. Example of a somewhat advanced Trojan horse On the Microsoft Windows platform, an attacker might attach a Trojan horse with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan horse itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .com, .scr, .bat, or .pif. Since Windows is sometimes configured by default to hide filename extensions from a user, the Trojan horse is an extension that might be "masked" by giving it a name such as 'Readme.txt.exe'. With file extensions hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. Icons can also be chosen to imitate the icon associated with a different and benign program, or file type. When the recipient double-clicks on the attachment, the Trojan horse might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its real, concealed, objectives. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks - possibly joining many other similarly infected computers as part of a distributed denial-of-service attack. The Sony/BMG rootkit mentioned above both installed a vulnerability on victim computers, but also acted as spyware, reporting back to a central server from time to time, when any of the music CDs carrying it were played on a Windows computer system.
Types of Trojan horses
Trojan horses are almost always designed to do various harmful things, but could be harmless. Examples are erasing or overwriting data on a computer. encrypting files in a cryptoviral extortion attack. corrupting files in a subtle way. upload and download files. allowing remote access to the victim's computer. This is called a RAT. (remote administration tool) spreading other malware, such as viruses. In this case the Trojan horse is called a 'dropper' or 'vector'. setting up networks of zombie computers in order to launch DDoS attacks or send spam. spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware). make screenshots. logging keystrokes to steal information such as passwords and credit card numbers (also known as a keylogger). phish for bank or other account details, which can be used for criminal activities. installing a backdoor on a computer system. opening and closing CD-ROM tray Time bombs and logic bombs "Time bombs" and "logic bombs" are types of trojan horses. "Time bombs" activate on particular dates and/or times. "Logic bombs" activate on certain conditions met by the computer. Precautions against Trojan horses Trojan horses can be protected against through end user awareness. Trojan Horse viruses can cause a great deal of damage to a personal computer but even more damaging is what they can do to a business, particularly a small business that usually does not have the same virus protection capabilities as a large business. Since a Trojan Horse virus is hidden it is harder to protect yourself or your company from them but there are things that you can do. Trojan Horses are most commonly spread through an e-mail, much like other types of common viruses. The only difference being of course is that a Trojan Horse is hidden. The best ways to protect yourself and your company from Trojan Horses are as follows: 1. If you receive e-mail from someone that you do not know or you receive an unknown attachment never open it right away. As an e-mail use you should confirm the source. Some hackers have the ability to steal an address books so if you see e-mail from someone you know that does not necessarily make it safe. 2. When setting up your e-mail client make sure that you have the settings so that attachments do not open automatically. Some e-mail clients come ready with an anti-virus program that scans any attachments before they are opened. If your client does not come with this it would be best to purchase on or download one for free. 3. Make sure your computer has an anti-virus program on it and make sure you update it regularly. If you have an auto-update option included in your anti-virus program you should turn it on, that way if you forget to update your software you can still be protected from threats 4. Operating systems offer patches to protect their users from certain threats and viruses, including Trojan Horses. Software developers like Microsoft offer patches that in a sense “close the hole” that the Trojan horse or other virus would use to get through to your system. If you keep your system updated with these patches your computer is kept much safer. 5. Avoid using peer-2-peer or P2P sharing networks like Kazaa , Limewire, Ares, or Gnutella because those programs are generally unprotected from viruses and Trojan Horse viruses are especially easy to spread through these programs. Some of these programs do offer some virus protection but often they are not strong enough. Besides these sensible precautions, one can also install anti-trojan software, some of which are offered free.
Methods of Infection
The majority of trojan horse infections occur because the user was tricked into running an infected program. This is why you're not supposed to open unexpected attachments on emails -- the program is often a cute animation or a sexy picture, but behind the scenes it infects the computer with a trojan or worm. The infected program doesn't have to arrive via email, though; it can be sent to you in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. (Physical delivery is uncommon, but if you were the specific target of an attack, it would be a fairly reliable way to infect your computer.) Furthermore, an infected program could come from someone who sits down at your computer and loads it manually. Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of trojans and other pests, because it contains numerous bugs, some of which improperly handle data (such as HTML or images) by executing it as a legitimate program. (Attackers who find such vulnerabilities can then specially craft a bit of malformed data so that it contains a valid program to do their bidding.) The more "features" a web browser has (for example ActiveX objects, and some older versions of Flash or Java), the higher your risk of having security holes that can be exploited by a trojan horse. Email: If you use Microsoft Outlook, you're vulnerable to many of the same problems that Internet Explorer has, even if you don't use IE directly. The same vulnerabilities exist since Outlook allows email to contain HTML and images (and actually uses much of the same code to process these as Internet Explorer). Furthermore, an infected file can be included as an attachment. In some cases, an infected email will infect your system the moment it is opened in Outlook -- you don't even have to run the infected attachment. For this reason, using Outlook lowers your security substantially. Open ports: Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide filesharing capabilities such as Instant Messengers (AOL's AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured. A firewall may be used to limit access to open ports. Firewalls are widely used in practice, and they help to mitigate the problem of remote trojan insertion via open ports, but they are not a totally impenetrable solution, either.
More on trojans
Trojan Part 1
1.What is this text about?/=-=-=-=-=-=-=-=-=-=-=-=-=-=/In this text I'm going to explain you interesting things aboutthe trojans and about their future.I hope you'll realize thattrojans are dangerous and they're still big security problem althoughmany people say don't download files from the net and you won't getinfected which is not right.The main thing I want to explain here isdo the trojans have future and other interesting things about them.This text is only for Windows based trojans not Unix one.=-=-=-=-=-=-=-=-=-=-=-=-=-=2.What Is A Trojan Horse?/=-=-=-=-=-=-=-=-=-=-=-=-=/A trojan horse is-An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.-A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.-Any program that appears to perform a desirable and necessaryfunction but that (because of unauthorized codewithin it that is unknown to the user) performs functions unknown (and probably unwanted) by the user. Trojans can also be called RAT's, or Remote Administration Tools. The trojan got it's name from the old mythical story about how the greeks during the war, gave their enemy a huge wooden horse as a gift.They accepted this gift and they brought into their kingdom, and during the night, greek soldiers crept out of the horse and attacked the city,completely overcoming it.3.Trojans Today/=-=-=-=-=-=-=-=/Trojans has always been big security problem even today.Most of the peopledon't know what a trojan is and they keep downloading files from untrustedsources or from suspicious people.Today there are more than 600 trojans onthe net that I know but I think there are many many more.Because every hacker orprogramer today have it's own trojan made for his/her special needs and notpublished anywhere.Every hacking group has also it's own trojans and programs.When someone start learning winsock the first creating is chat client or trojanhorse.Even the anti-virus scanners I'll talk below people still get infectedby themselves,by some hacker or by some of your friends.----------------------->4.The Future Of Trojans=-=-=-=-=-=-=-=-=-=-=-=-=I think there're a lot of people out there that think thetrojans are outdated and they don't have future.Well I don'tthink so.Trojans will always have future and new things added inthem.There are so many things that can be improved by skilled programersin the trojans.Trojans that COMPLETELY hide in the system and of course restart every time Windows is loadedtrojans that will lie every trojan and anti-virus program this is the future I think.People that program trojans has a lot of ideas that makes their trojans unique.These people start placing backdoors in ActiveX and who knows maybe in future they'llfind other sources they can place the trojans in.Programmers will always think ofnew and unique trojans with functions never seen before.Trojans are made every day by the programers with new options and with better encryption sothe Anti-Trojan software can't detect them.So noone knows how many are the trojans on the net.But the programmers are still programming trojans and they will continue in the future.Technically, a trojan could appear almost anywhere, on any operating system or platform.However, with the exception of the inside job mentioned previously, the spread of trojans worksvery much like the spread of viruses. Software downloaded from the Internet, especially shareware or freeware,is always suspect. Similarly, materials downloaded from underground serversor Usenet newsgroups are also candidates.There are thousand of programs with not checkedsource and new programs are appearing every day especially the freeware one so they can all betrojans.So be careful what you're downloading and from where you're downloading it.Always download software from the official page.----------------------------->5.Anti-Virus Scanners/=-=-=-=-=-=-=-=-=-=-=-=/People think that when they have a virus scanner with the latest virus definitionsthey're secure on the net and they can't get infected with a trojan or noone canhave access to their computer.This is NOT right.The purpose of the anti-virusscanners is to detect not trojans but viruses.But when trojans became popularthe scanners started adding also trojan definitions.These scanners just can'tfind the trojans and analyze them that's why they're just detecting the commonand the well know from everyone trojans like Back Orifice and NetBus and alsoseveral other.As I told they're around 600 trojans I know out there and theanti-virus scanners are detecting just a LITTLE part of them.These scanners are not firewalls that will stop someone that want to connectto your computer or try to attack you as people think they are.So I hope thatyou understand that the main purpose of these scanners is not to detecttrojans and protect you while you're online.Most of the internet users know only Back Orifice and NetBus as trojans.There are some specific tools out there that clean ONLY from these trojans.Again people think that they're secure and protected from every trojan.--------------------------->6.How Can I get Infected?/=-=-=-=-=-=-=-=-=-=-=-=-=-=/Everyone ask this question and often people ask themselves how they gotinfected.Also when someone ask them did they run some file send to themby someone or downloaded from somewhere people always say they didn'trun anything or download some file but they did it.People just don'tpay attention to things they do online and that's why they forgetabout the moment of the infection with the trojan.You can get infected from many places and I'll try to explainyou these things here.6.1 From ICQ6.2 From IRC6.3 From Attachment6.4 Physical Access6.5 Tricks-diskette6.1 From ICQPeople think that they can't infect while they're talking via ICQbut they just forget the moment when someone sends them a file.Everyone knows how insecure ICQ is and that's why some peopleare afraid of using it.As you maybe know there's a bug in ICQ allowing you to send a .exefile to someone but it will look as .bmp or .jpg or whatever you wantit to look like.This is very dangerous as you see and can get you introuble.The attacker will just change the icon of the file likea BMP image,tell you it's a pic of him,rename it to photo.bmpthen you'll get it and of course before getting it you'll see thatit's .bmp and you're secure because the file is not executable.Then you run it see the picture and you think there's nothing toworry about but there is.That's why most of the people say that they didn't run any filesbecause they know that they've run an image not executable.A way to prevent this bug in ICQ is always to check the type ofthe file before running it.It may has an BMP icon but if at the typeof the file is written executable I thin you know that it will bemistake if you run that file.6.2 From IRCYou can also get infected from IRC by receiving files fromuntrusted sources.But I advice you always to be paranoidand do not receive files from ANYONE even from your bestfriend because someone may stolen his/her passwordand infect you.Some people think that they can be 100% surethat the other person is their friend when they ask him/hersomething like a secret or something else that only he/she knowbut as I told you be paranoid because someone may infect your friendand just check his/her IRC logs and see what is this secret about orlearn other things.Be paranoid it's more secure as I say and do notreceive files from anyone on IRC or from somewhere else likee-mail,ICQ or even your online friends.6.3 From AttachmentThe same thing goes about the e-mail attachments.NEVER run anythingeven if it says you'll see hot porno or some passwords for server oranything else.The best way to infect someone with a trojan is masse-mailing the server because there're new people on the net andthey'll of course get infected.This is the best way of infectingas I said that's why it's preferred by the people that want to infectthe masses.6.4 Physical AccessYou can of course get infected by some of your "friends" when theyhave physical access to your computer.Let's suppose you leavesomeone on your computer just for 5 minutes,then of course you canget infected by one of your "friends".There are some very smart peopleout there that keep thinking of new ways of getting physical accessto someone's computer.Here are some tricks that are interesting:1.You "friend" may ask you "Hey bro can you give me some water"or something that will leave him alone.You'll go to take somewater and then........You know2.The attacker may have a plan.Let's say you invited him/herat 12:00 at your home and that attacker told one of your"friends" to call the victim at 12:15 and start talkingabout something with the victim.The attacker again have timeto infect you.Also the "friend" that is calling you may say something like"Is there anyone around you,if so move somewhereelse I don't want anyone to hear what we are talking about"The attacker is again alone and have time to infect you.6.5 TrickThis is one trick that may work on people that reallywant something and the attacker knows what is it.Let's say that the victim wants to watch some pornoor want xxx passwords,then attacker can just leavea diskette with the trojan in the front of the victim'shouse and put the trojan with some xxx pics of course.This is bad things because sometimes if you really wantsomething and you finally found it you don't think aboutanything else except to check it you.You again get infected.I hope now you understand how you got infected the last time(if you got infected of course).----------------------------------->7.How dangerous a trojan can be?/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/Many people that don't know what a trojan isthink that when they run an executable nothinghappened because their computer is still workingand all the data is there,if it was a virustheir data will be damaged and their computer willstop working.Someone is downloading and uploading files on yourcomputer.Someone is reading all of your IRC logs and learninginteresting things about you and your friends.Someone is reading ALL of your ICQ messages.Someone is deleting files on your computer.These are some examples how dangerous a trojan can be.There people that use trojans just to place viruson the infected machine like CIH and destroy the machine.--------------------------->8.Different Kinds Of Trojans=-=-=-=-=-=-=-=-=-=-=-=-=-=-=Remote Access Trojans-------------------------------These trojans are the most popular trojans now.Everyone wants to have such trojan because heor she want to have access to their victim's hard drive.The RAT'S (remote access trojans)are verysimple to use.Just make someone run the serverand you get the victim's IP and you have FULLaccess to his or her computer.They you canalmost everything it depends of the trojan you use.But the RAT'S have the common remote access trojan functions like:keylogger,upload and download function,make a screen shot and so on.Some people use thetrojans for malicious purposes.They want just to delete and delete.This is lame.But a have a guideabout the best way to use a trojan.You should read it.There are many programs out therethat detects the most common trojans,but new trojans arecoming every day and these programs are not the maximum defense.The trojans do always the same things.If the trojan restart every time Windows is loaded thatmeans it put something in the registryor in win.ini or in other system file so the trojan can restart.Also the trojans create some file inthe WINDOWS\SYSTEM directory.The file is always lookingto be something that the victim will thinkis a normal WINDOWS executable.Most trojans hidefrom the Alt+Ctrl+Del menu.This is notgood because there are people who use only this way to seewhich process are running.There are programsthat will tell me you exactly the process and thefile from where it comes.Yeah but some trojansas I told you use fake names and it's a little hardfor some people to understand which processshould they kill.The remote access trojans opensa port on your computer letting everyone to connect.Some trojans has options like change the portand put a password so only the guy that infect youwill be able to use the computer.The changeport option is very good because I'm sure youdon't want your victim to see that port 31337 is openon their computer.Remote access trojans areappearing every day and they will continue to appear.For those that use such trojans: BE CAREFULyou can infect yourself and they the victim youwanted to destroy will revenge and you'll be sorry.---------------------------------------Password Sending TrojansThe purpose of these trojans is to rip all cachedpasswords and send them to specified e-mailwithout letting the victim about the e-mail.Most of these trojans don't restart every time Windowsis loaded and most of them use port 25 tosend the e-mail.There are such trojans that e-mailother information too like ICQ numbercomputer info and so on.These trojans are dangerous ifyou have any passwords cached anywhere on your computer.----------------------------------------KeyloggersThese trojans are very simple.The only one thingthey do is to log the keys that the victim is pressingand then check for passwords in the log file.In the most cases these trojans restart everytime Windows is loaded.They have optionslike online and offline recording.In the online recordingthey know that the victim is online andthey record everything.But in the offline recordingeverything written after Windows start isrecorded and saved on the victims disk waiting forto be transferred.----------------------------------------DestructiveThe only one function of these trojans is todestroy and delete files.This makes them very simpleand easy to use.They can automaticallydelete all your .dll or .ini or .exe files on your computer.These are very dangerous trojans and onceyou're infected be sure if you don't disinfect yourcomputer information will no longer exist.-----------------------------------------FTP trojansThese trojans open port 21 on your computerletting EVERYONE that has a FTP client to connectto your computer without password and will full upload and download options.These are the most common trojans.They all are dangerousand you should me careful using them.-------------------------------------->9.Who Can Infect You?/=-=-=-=-=-=-=-=-=-=-=/Well basically you can get infected by everyone that know howto use a trojan(it's VERY easy) and of course know how to infect you.People that use trojans are wannabe hackers that are just at the stageof using trojans.Some of these people don't move to the next stageand they're lamers that can only use trojans and as I said it's VERY easy.But after reading this text you'll know the most common ways that someonecan infect you with a trojan and it will be hard for the people using themto infect you.------------------------>10.What Is The Attacker Looking For?/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/Some of you may think that trojans are used for damage only.Well they can also be used to spy on someone's machine andtake a lot of private information from it.Wellthe common data an attacker looksfor would include but not limit to the following.-----> Credit Card Information-----> Credit Information-----> Checking Account Information-----> Any accounting data-----> Data bases-----> Mailing Lists-----> Personal Addresses-----> Email Addresses-----> Account Passwords-----> Home Office / Small Business Information-----> Company Accounts / Subscribed for Services-----> Resumes-----> Email-----> Any Company Information / Services He Can Access-----> Your or spouse's first and last name-----> Children's names / ages-----> Your address-----> Your telephone number-----> Letters you write to people-----> Email-----> Your personal resume-----> Your family pictures-----> School work-----> Any school accounts / information
wanna know moreeeeeeeeeeeeeeeeeeeeeeeee
Trojan Part 2
11.How The Trojans Works/=-=-=-=-=-=-=-=-=-=-=-=/Here I'll explain you how the trojans work.If you don't know some wordsyou can check the "Terms Used In The Text" section and read about them there.When the victim runs the server it does functions like opening some specific port and listeningfor connections.It can use TCP or UPD protocols.When you connect with the victim IP the you can do what you want because the server let you dothe trojan functions on the infected computer.Some trojans restart every time Windows is loaded.They modify win.ini or system.ini so the trojan can restart but most of the new trojans use theregistry so they can restart.Trojans communicate like client and server.The victim runs the server,the attacker sends commandto the infected server with the client and the server is just following what the client "says" to it.-------------------------->12.The Most Common Trojan Ports/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/Here's a list of the most common trojan ports:Satanz Backdoor666Silencer1001Shivka-Burka1600SpySender1807Shockrave1981WebEx1001Doly Trojan1011Psyber Stream Server1170Ultors Trojan1234VooDoo Doll1245FTP99CMP1492BackDoor1999Trojan Cow2001Ripper2023Bugs2115Deep Throat2140The Invasor2140Phineas Phucker2801Masters Paradise30129Portal of Doom3700WinCrash4092ICQTrojan4590Sockets de Troie5000Sockets de Troie 1.x5001Firehotcker5321Blade Runner5400Blade Runner 1.x5401Blade Runner 2.x5402Robo-Hack5569DeepThroat6670DeepThroat6771GateCrasher6969Priority6969Remote Grab7000NetMonitor7300NetMonitor 1.x7301NetMonitor 2.x7306NetMonitor 3.x7307NetMonitor 4.x7308ICKiller7789Portal of Doom9872Portal of Doom 1.x9873Portal of Doom 2.x9874Portal of Doom 3.x9875Portal of Doom 4.x10067Portal of Doom 5.x10167iNi-Killer9989Senna Spy11000Progenic trojan11223Hack?99 KeyLogger12223GabanBus1245NetBus1245Whack-a-mole12361Whack-a-mole 1.x12362Priority16969Millennium20001NetBus 2 Pro20034GirlFriend21544Prosiak22222Prosiak33333Evil FTP23456Ugly FTP23456Delta26274Back Orifice31337Back Orifice31338DeepBO31338NetSpy DK31339BOWhack31666BigGluck34324The Spy40412Masters Paradise40421Masters Paradise 1.x40422Masters Paradise 2.x40423Masters Paradise 3.x40426Sockets de Troie50505Fore50766Remote Windows Shutdown53001Telecommando61466Devil65000The tHing6400NetBus 1.x12346NetBus Pro 20034SubSeven1243NetSphere30100Silencer 1001Millenium 20000Devil 1.03 65000NetMonitor 7306Streaming Audio Trojan 1170Socket23 30303Gatecrasher 6969Telecommando 61466Gjamer 12076IcqTrojen 4950Priotrity 16969Vodoo 1245Wincrash 5742Wincrash2 2583Netspy 1033ShockRave 1981Stealth Spy 555Pass Ripper 2023Attack FTP 666GirlFriend 21554Fore, Schwindler 50766Tiny Telnet Server 34324Kuang 30999Senna Spy Trojans 11000WhackJob 23456Phase0 555BladeRunner 5400IcqTrojan 4950InIkiller 9989PortalOfDoom 9872ProgenicTrojan 11223Prosiak 0.47 22222RemoteWindowsShutdown 53001RoboHack 5569Silencer 1001Striker 2565TheSpy 40412TrojanCow 2001UglyFtp 23456WebEx 1001Backdoor 1999Phineas 2801Psyber Streaming Server 1509Indoctrination 6939Hackers Paradise 456Doly Trojan 1011FTP99CMP 1492Shiva Burka 1600Remote Windows Shutdown 53001BigGluck, 34324NetSpy DK 31339Hack?99 KeyLogger 12223iNi-Killer 9989ICQKiller 7789Portal of Doom 9875Firehotcker 5321Master Paradise 40423BO jammerkillahV 121--------------------------------->13.How Can I Monitor My Computer Without Scanner?/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/Again the masses think that when they have sometrojan scanner or anti-virus one they're secure.Well the best way you can check for trojans is to doit by your own.You're not sure is the trojan scannerworking correctly so start checking it alone.In this text I've included one list of software andreviews of course that will help you check your systemfor trojans.Well you always need to check which ports are opened onyour system and if you see that one of the common trojanports is open you're probably infected.*NOTE*You can check that by typing "netstat"in the MS-DOS prompt or use other softwarethat can do this for you*NOTE*Always pay attention to which files are running on yourcomputer and check for something suspicious in it likeit's name.Well I think you'll check files likeconfig.EXE,himem.exe or winlilo.exe or other funny one.Just Hex Edit them and if you find something interestinglike "SchoolBus Server" kill the running file.Make sure you're monitoring your registry and checkevery new change in it.Also be sure you monitorsystem.ini or win.ini because there're stilltrojans that restart from there.And as I told you always download software likeICQ,MIRC or some other well known program fromthe official page.Following these simple rules will help youprevent your computer from getting infected.---------------------------------->14.Software To Help You Monitor Your Computer/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/As I told you I've included one list of softwarethat will help you monitor your computer and helpyou prevent trojan infections.+++++++++++++++----LogMonitor++++++++++++++++Files and directories monitoring tool=====================================Version: 1.3.4Home page: http://www.geocities.com/koenigvad/Eng/Author: Vadim Dumbravanu, koenigvad@yahoo.comLog Monitor is a files and directories monitoring tool. The programperiodically checks selected file's modification time and executesexternal program if file's time was changed or not changed. Fordirectories it handles such events as files change, addition orremoval.Works under Windows 95/98/NT.It's free for personal and business use. See LICENSE.TXT forcopyright information.This file contains following topics:1. Purpose.2. Usage.3. Some features.4. Installation.5. Uninstallation.1. PURPOSEThe program is intended for different administrators usingautomated processes. From time to time these processes stop workingor can even terminate abnormally. Sometimes processes create orupdate error log-files. Log Monitor can watch over such processesvia their log-files and warn administrators about problems.Users can watch over common network folders and see what happenswithin their directories.2. USAGEMost of automated processes track log-files, periodically updatingthem. Accordingly, if such process will terminate abnormally,log-files cease changing.If the process did not update the log-file during selectedinterval, Log Monitor runs an external program. It can be "net sendbla bla bla", or paging program, or process restart. Log Monitorcan run a program if the file was changed too, so you can checkerror files for changes.Log Monitor can also watch over directories and handle fileschange, addition or removal events within directory tree.Log Monitor can be used as a task scheduler. NT Scheduler Serviceis uncomfortable if you need to run a task every hour for example.Using Log Monitor you can add nonexisting file, then selectinterval of 3600 seconds and the program. As long as the file doesnot update, selected program will run every hour.You can specify working time and days when program will belaunched.3. SOME FEATURES- Several files or directories can be monitored simultaneously,each file has its own interval and is processing in a separatethread.- A list of monitoring processes stores in the configuration file.- Minimizes to the System Tray (and restores from it). ;)- There is an ability to pause monitoring of selected files."Paused" state can be stored in the configuration file.- Works on the schedule, can check files and directories onlyduring selected time interval and days of week or month.- Many other really beautiful things.++++++++++++----PrcView+++++++++++++PrcView is a freeware process viewer utility that shows comprehensiveinformation about running processes. This information includes suchdetails as the creation time, version and full path for each DLL usedby a selected process, a list of all threads, memory blocks and heaps.PrcVIew also allows you to kill and attach a debugger to a selected process.PrcView runs on both Windows 95/98 and Windows NT platforms and includesWindows and command-line version of the program.This software is free and freely distributable on a non-commercial basis in the formatORIGINALLY RELEASED (PrcView.zip) with the original Copyright clause.The author expressly disclaims any warranty for this software. This software andany related documentation is provided "as is" without warranty of any kind.Distribution of the program or any work based on the program by a commercialorganization to any third party is permitted only with the written permission of the authorIf you encounter a problem while running PrcView, please visithttp://www.teamcti.com to obtain the latest version. If you still have problems,please send a short description to: IgorNys@writeme.com----XNetStatXNetStat is a program like the "netstat"command in the MS-DOS promt.The programsshows you all of the open ports of your computerand all of the established connections.Mail fresh@arez.com if you want itor have questions about it.++++++++++++----AtGuard+++++++++++++AtGuard is a nice firewall with some coolfeatures.It can also show you which fileopened a connection from your computerthat is VERY useful if you want to detectsome trojans on your machine.I currently lost the URL for that programbut try searching altavista.comor packetstorm.securify.com+++++++++++++++++++++++++-----ConSeal PC FIREWALL++++++++++++++++++++++++++This software will help you to secure your PC.It has some major advantages over other PC-based firewalls.It is available on Windows 95, Windows 98 and Windows NT(3.51 & 4.0).This is probably the best firewall for Windows machinesthat will help you block trojans ports on your machineand also against various D.O.S attacks.+++++++++++++++++----LockDown2000++++++++++++++++++This is really good anti-trojan package that detectsa LOT of trojans and other tools and also acts as a firewall,protect you against nuke and ICQ attacks.It alsoblock file sharing so you won't have problems with it.It's updated regulary with many new trojan definitions.A must have for those of you that want to be protectedagainst attacks and trojan infections.You can get it at http://www.lockdown2000.com++++++++++----TDS-2+++++++++++Trojan Defence Suite is also one very goodanti trojan package with a lot of functions andplugins in it.It also detects probably all of the trojans out there and is regulary updated.A must have for those of you that want to be protectedagainst attacks and trojan infections.You can get it at http://www.tds.diamondcs.com.auUsing all of these tools of course with the anti-trojanpackages will result in one SECURE against trojansWindows machine so go and get them.15.Placing BackDoors In Programs/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/The people that infect with trojans are becoming smarter.They started placing the trojans in some real programs thateveryone is using so they can infect the victim.Most of the people know that when they run a trojannothing will happen or an error message will apear,butwhen the trojan is "joined" with another programthe program will work normally without any error messagesand the victim will think that he/she is not infected.That's not right.Programmers made such programs thatjust "join" two or more executables in one so theycan place the trojan in some programs that everyoneknow about.Such well known programs with open source arealso very dangerous.Good programmer may modifythe source and make it like a trojan so let'ssay you're using modified e-mail client.As wellall know the password sending trojans use port 25to send the e-mail with the information.How aboutif the attacker modified the e-mail client to sendyour e-mail password to him/her.You'll of coursesee(if you're monitoring)that port 25 is open butprobably you won't pay attention because you're sendinge-mails and that's why the port is open.As I said people are becoming smarter and smarter.--------------------------------->16.Advices/=-=-=-=-=-=/Some advises from me to help you preventbeing infected by trojan or virus.[1]-Never accept file even it is from some friend.You're never sure who's on the other side of the computer.[2]-When executing file first check it's typesomeone may try to trick you into running it.[3]-Always monitor your open ports and the running fileson your computer.[4]-Download software ONLY from it's official page.[5]-When playing with trojans you can also get infectedbecause the creators some time put the server in the clientso when you run the client you also get infected.This shows youonce again that trojans are dangerous and when you make mistakeyou can lose sensitive information.[6]-Become a paranoid it's more secure.People laugh at these peoplethat burn every paper they have,that keep all of their passwordsin their minds,that always use encryption,that don't ICQ or IRC becausethey know how weak these protocols are BUT that's why these people neverget caught because they know how to protect themselves.------------------------>
KumarJeeru SYNERGIDS Tech Team
Also Read
KUMAR JEERU
. I am a Programmer and Pentester. I find and Fix loophole in websites and networks. Connect with me for queries , web developemnt , Scanning and Fixing website Security issues. My company gives special discount for independent entrepreneur , small and Medium size companies. Contact me directly on my face page
Post a Comment
Post a Comment