Quote:
How Do Trojans Work?
Trojans come in two parts, one on the attackers machine and one on the the victim's. It usually modifies the Registry, which means it will start up automatically each time the computer is switched on. The attacker will then connect up and start using the trojan to communicate with the victims PC, usually without the victim knowing. The trojan hides somwhere in the PC's files and will listen for incoming communication. .
It's necessary for the attacker to know the victim's IP address to connect to his/her machine. (IP or Internet Protocol is the language used by computers to communicate across the net) Each PC has an "address" allocated by the ISP each time you are online, unless you are on ADSL / Broadband, when you have a fixed one.
"Many trojans have features like mailing the victim's IP, as well as messaging the attacker via ICQ or IRC. This is used when the victim has dynamic IP which means every time you connect to the Internet you get a different IP (most of the dial-up users have this). ADSL users have static IPs so the infected IP is always known to the attacker and this makes it considerably easier to connect to your machine.
"Most of the trojans use Auto-Starting methods so even when you shut down your computer they're able to restart and again give the attacker access to your machine. New auto-starting methods and other tricks are discovered all the time. The variety starts from "joining" the trojan into some executable file you use very often like explorer.exe, for example, and goes to the known methods like modifying the system files or the Windows Registry. System files are located in the Windows directory and here are short explanations of their abuse by the attackers:
The report then lists file and registry details.
Source: