Trojan FAQ
From Where Did The Term Originated?
As per WeboPedia : "The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy."
How the Definition is Relevant To Computers?
Again from WeboPedia : "A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive."
What Are Trojans?
Trojans are the programs that seems to do nothing or something constructive .. but actually your machine is being possessed by someone else. Trojans are disguised as a good piece of software ... we will see the various methods of delivering Trojans later in this tutorial. As soon as you execute the Trojan infected file. The Trojan installs itself, without your knowledge, in some hidden place usually say %system root%. Once installed some of the Trojan starts functioning immediately after installation but most of them become active after the system reboot. Usually all Trojans operate concealed, in "stealth mode" without any indication to the user of their presence. Nothing will be visible in the WINDOWS system tray or will appear if the user activates the "close program" dialog box in windows 9x/me. But there is a utility called "psview" for windows 9x which will show all the processes and opened files. And in windows 2000/XP in task manager -> processes, you will be able to locate the executable running. once the Trojan is running on a system that system can be controlled remotely
On being active it just sits in the background and waits for the attacker to connect. Usually all Trojans open some specific port for listening the commands from the attacker. Most of Firewalls fails because Trojan will open a port on the computer as soon as it starts up ready and listening for the hacker to connect. As the port is already open when the standard firewall opens, it simply trusts it and ignores the Trojan.
The moment it is executed the hacker will know because these programs often notify the hacker that their victim is online.
Trojan has two parts:
Server
Client.
Server part is installed on the victims computer whereas the client part resides with the attacker to control the the server or that is your computer.
What A Trojan Can Do?
The various Trojan software provide a common features:
Open and close the CD-ROM drive
Run programs already resident on the "target" system remotely without the user’s intervention.
Capture user keystrokes in real time without alerting the user so they are able to see your conversations, chat, passwords.
Capture screen shots
Reboot the computer
Upload/Download/Execute programs to the "target" computer without the user’s knowledge
Operate microphones, web camera’s, modems and other peripherals.
Getting cached passwords.
Registry editing.
Look at some of the screen shots of a famous Trojan "SubSeven" to see what a Trojan can do.
What Would A Hacker Do Of Your Box?
Why would someone install a Trojan on your computer.
There can be many motives for this:
To hide behind your IP to carry Out his operations.
To get some files from your PC.
Probably Hacker needs an email account to use and will use yours after getting the password.
And many other exploits and intentions are also possible including blackmailing also.
What Are The Various Methods To Deliver Trojans?
A Trojan can be distributed in many ways. the objective is to force the user click on the infected file at least once be it downloaded from a site or sent as an email attachment and without triggering any alert. Usually the Server part of the Trojan part come as a executable. In some cases this executable does either nothing or are provided as pretending to be legitimate softwares. Other methods of delivering the Trojan is by hiding it in another executable. This is achieved with the help of softwares called Executable binders. Even the most experienced persons can be tricked by using executable binders. One of excellent binders goes by the name of "Yet Another Binder" also called YAB and can be had from http://www.astalavista.com.
What I Use?
I don't use Trojans because they can be easily detected by antivirus softwares. There are some legal softwares that are ignored by antivirus these tools go by the name of "RAT (Remote Administration Tools)". Most of the new generation of these tools are very much like Trojans or can be configured to act like Trojans. Like 'Remotely Anywhere' allows you to create a customized server executable which can be made exactly like the one with Trojans ... I wonder why they are exceptions and free tools which can be used for so called 'Remote Administration' are categorized as Trojans.
I personally use such a legitimate software binded to some useful softwares using YAB.
What are common Trojans?
BO2k (Back Orifice) from cult of dead cow, SubSeven, NetBus, there are a lot of others.
Read BO2K review, A port list of common Trojans
[email protected] / http://navtejonline.gq.nu
Quote:
