Results 1 to 5 of 5

Thread: Trojan FAQ

  1. #1

    Lightbulb Trojan FAQ

    Trojan FAQ

    From Where Did The Term Originated?

    As per WeboPedia : "The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy."

    How the Definition is Relevant To Computers?

    Again from WeboPedia : "A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive."

    What Are Trojans?

    Trojans are the programs that seems to do nothing or something constructive .. but actually your machine is being possessed by someone else. Trojans are disguised as a good piece of software ... we will see the various methods of delivering Trojans later in this tutorial. As soon as you execute the Trojan infected file. The Trojan installs itself, without your knowledge, in some hidden place usually say %system root%. Once installed some of the Trojan starts functioning immediately after installation but most of them become active after the system reboot. Usually all Trojans operate concealed, in "stealth mode" without any indication to the user of their presence. Nothing will be visible in the WINDOWS system tray or will appear if the user activates the "close program" dialog box in windows 9x/me. But there is a utility called "psview" for windows 9x which will show all the processes and opened files. And in windows 2000/XP in task manager -> processes, you will be able to locate the executable running. once the Trojan is running on a system that system can be controlled remotely
    On being active it just sits in the background and waits for the attacker to connect. Usually all Trojans open some specific port for listening the commands from the attacker. Most of Firewalls fails because Trojan will open a port on the computer as soon as it starts up ready and listening for the hacker to connect. As the port is already open when the standard firewall opens, it simply trusts it and ignores the Trojan.

    The moment it is executed the hacker will know because these programs often notify the hacker that their victim is online.

    Trojan has two parts:

    Server part is installed on the victims computer whereas the client part resides with the attacker to control the the server or that is your computer.

    What A Trojan Can Do?

    The various Trojan software provide a common features:
    Open and close the CD-ROM drive
    Run programs already resident on the "target" system remotely without the user’s intervention.
    Capture user keystrokes in real time without alerting the user so they are able to see your conversations, chat, passwords.
    Capture screen shots
    Reboot the computer
    Upload/Download/Execute programs to the "target" computer without the user’s knowledge
    Operate microphones, web camera’s, modems and other peripherals.
    Getting cached passwords.
    Registry editing.
    Look at some of the screen shots of a famous Trojan "SubSeven" to see what a Trojan can do.

    What Would A Hacker Do Of Your Box?

    Why would someone install a Trojan on your computer.
    There can be many motives for this:

    To hide behind your IP to carry Out his operations.
    To get some files from your PC.
    Probably Hacker needs an email account to use and will use yours after getting the password.
    And many other exploits and intentions are also possible including blackmailing also.

    What Are The Various Methods To Deliver Trojans?

    A Trojan can be distributed in many ways. the objective is to force the user click on the infected file at least once be it downloaded from a site or sent as an email attachment and without triggering any alert. Usually the Server part of the Trojan part come as a executable. In some cases this executable does either nothing or are provided as pretending to be legitimate softwares. Other methods of delivering the Trojan is by hiding it in another executable. This is achieved with the help of softwares called Executable binders. Even the most experienced persons can be tricked by using executable binders. One of excellent binders goes by the name of "Yet Another Binder" also called YAB and can be had from http://www.astalavista.com.

    What I Use?

    I don't use Trojans because they can be easily detected by antivirus softwares. There are some legal softwares that are ignored by antivirus these tools go by the name of "RAT (Remote Administration Tools)". Most of the new generation of these tools are very much like Trojans or can be configured to act like Trojans. Like 'Remotely Anywhere' allows you to create a customized server executable which can be made exactly like the one with Trojans ... I wonder why they are exceptions and free tools which can be used for so called 'Remote Administration' are categorized as Trojans.
    I personally use such a legitimate software binded to some useful softwares using YAB.

    What are common Trojans?

    BO2k (Back Orifice) from cult of dead cow, SubSeven, NetBus, there are a lot of others.
    Read BO2K review, A port list of common Trojans

    nsbuttar@rediffmail.com / http://navtejonline.gq.nu

    The whole text in html is available at http://navtejonline.gq.nu

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Very good tutorial on telling us what they are and how they are used....

    But you fail to mention how to detect a trojan and how to get rid of it afterwards.

    You really should cover both sides...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Whilst i agree with the part that you should also mention how to detect and remove them, i like this post very much since it gives the correct definition of what it is, how it works, and what is usually (mis)used for. Good post.

    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  4. #4
    Senior Member
    Join Date
    Mar 2003
    central il
    Also note that not all torjins have a server and client side...some are basicly viri that require human intervention to run. In the strictest definition of the terms the love bug was a trojan.
    Who is more trustworthy then all of the gurus or Buddha’s?

  5. #5
    well i suppose i missed two important question "how do i know i am infected with a trojan?"
    and second one being "how do i remove it?"
    well they are going to be added to the FAQ..but on monday i am busy for two days...and i would like to thank phishphreek80 for getting me to these questions.....also bballad for imporatant information..well bballad would u like to state any trojan which will allow remote backdoor to ur PC except for love bug becoz it is kept in viruses section....certainly i will look for such trojans.

    and u can also look at some of the pic "what a trojan can do to u" here http://navtejonline.gq.nu/articles/subsevenpics.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts