June 12th, 2002, 07:04 PM
Trojan Horse Detection and Removal Part 1
About Trojan Detection And Removal PART 1
Okay, I have noticed a lot of questions regarding how to rid and/or detect a trojan on your computer. However, in this tutorial, we will discuss what a trojan is, and what kinds exist.
What is a trojan? Is a destructive program pretending to be benign. This term was from the mythological battle of Troy (encarta). Despite a virus that replicates and may have payload data that could be very destructive (CIH, Empire Monkey, SIRCAM), the nature of the trojan horse (especially the RAT) can be far more destructive due to human involvment rather than pure code. Here are some common types out there:
RAT or Remote Access Trojan: These are by far the most common types out there and is based on the server-client architecture. Some examples are Back Orifice 2000, SubSeven and Deep Throat.
Destructive: These kinds of trojans can do everything from spew paper out your printer, delete files, change system settings or totally destroy contents. Some examples include Death Penalty Suite, 3troj and Batman.
Annoyances: Can be anything from freezing, to painting annoying screens.
Password Stealers: Password stealers usually listen on the lower ports than the RAT counterparts. Here I should reiterate a password stealer is not necessarily mean it is a packet sniffer. Examples include AIM Jacker, Ch and Barok (used in ILOVEYOU).
DDoS (Distributed Denial Of Service): Use other computers as "dummies" to act as a collective entity in denial of service. A classic example is Trinoo.
Where are "hotspots" for infection? There are many places to get hit with a trojan and how to avoid them:
* E-Mail- Make sure to scan ALL attachments and have your mail in ASCII rather than HTML.
* Peer To Peer services- Avoid warez, cracks and files that are of the wrong file length. And despite of what any file is, make sure to scan BEFORE using the files.
* NNTP- Never open attachments. If you decide to open the attachment, make sure to SCAN FIRST. However, since a good number of new virii and trojans crop in newsgroups, your scanner might not catch them right away.
* Instant Messengers and other chat programs that allow anonymous trading of files- If you do not know the person, NEVER trust any program.
* By experimenting with trojans... DON'T DO IT.
Who makes these? There are many authors, and intentions may even be good and people abuse the program that it was originally designed for. For instance, Back Orifice 2000 claims to be a "remote administration tool" for which administrators can administer networks and home computers easily and securely (Novel concept, an open source PC Anywhere). The infamous NetBus that was originally designed to be a "joke" on a friend turned into shareware. Then there are the trojan authors who tell it like it is such as SNID: It's a trojan, and if you get infected, then we will not tell you how to remove the server. Whatever the intentions of the author may be, it's how the end user uses it is what makes the difference.
NEXT INSTALLMENT: How to tell if you are infected and techniques to get rid of them
June 13th, 2002, 11:26 PM
I found that very informitive, looking forward to reading your next installment/part.
I know of some ways of detecting and removeing Trojans and related Programs. You have certianly provided me with more information then many other tutoriasls I have read on this subject. Good job.
In snatches, they learn something of the wisdom
which is of good, and more of the mere knowledge which is of evil. But must I know what must not come, for I shale become those of knowledgedome. Peace~
June 14th, 2002, 11:40 AM
Yes, a nice intro.. I supose the meat come in tut 3 or 4 ?
looking forward to reading your next installment/part.
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
June 14th, 2002, 08:04 PM
Thanks Und3ertak3r and ele5125, I have tutorial #2 up. Sorry for the delay; I had my e-mail changed and took a while for me to come back. I didn't know if this was going to work, or if I just sounded stupid, but if even ONE person is interested, I will keep on going. Any additions would be cool; I don't know everything.