170 likes | 582 Views
TROJAN HORSE ATTACKS. By MOHD HAZRIL B.MOHD RAZALI 910603-025569 5 IBNU KHALDUN. TROJAN HORSE ATTACKS.
E N D
TROJAN HORSE ATTACKS By MOHD HAZRIL B.MOHD RAZALI 910603-025569 5 IBNU KHALDUN
TROJAN HORSE ATTACKS • If you were referred here, you may have been "hacked" by a Trojan horse attack. It's crucial that you read this page and fix yourself immediately. Failure to do so could result in being disconnected from the IRC network, letting strangers access your private files, or worst yet, allowing your computer to be hijacked and used in criminal attacks on others.
What is a Trojan horse? • Trojan horse attacks pose one of the most serious threats to computer security. • If you were referred here, you may have not only been attacked but may also be attacking others unknowingly. This page will teach you how to avoid falling prey to them, and how to repair the damage if you already did. • According to legend, the Greeks won the Trojan war by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. • In today's computer world, a Trojan horse is defined as a "malicious, security-breaking program that is disguised as something benign". For example, you download what appears to be a movie or music file, but when you click on it, you unleash a dangerous program that erases your disk, sends your credit card numbers and passwords to a stranger, or lets that stranger hijack your computer to commit illegal denial of service attacks like those that have virtually crippled the DALnet IRC network for months on end.
How did I get infected? • Trojans are executable programs, which means that when you open the file, it will perform some action(s). In Windows, executable programs have file extensions like "exe", "vbs", "com", "bat", etc. • Some actual trojan filenames include: "dmsetup.exe" and "LOVE-LETTER-FOR-YOU.TXT.vbs" (when there are multiple extensions, only the last one counts, be sure to unhide your extention so that you see it).
How do I avoid getting infected in the future? • NEVER download blindly from people or sites which you aren't 100% sure about. • Even if the file comes from a friend, you still must be sure what the file is before opening it, • Beware of hidden file extensions • NEVER use features in your programs that automatically get or preview files.Never blindly type commands that others tell you to type, or go to web addresses mentioned by strangers, or run pre-fabricated programs or scripts ( • Don't be lulled into a false sense of security just because you run anti-virus programs. • Finally, don't download an executable program just to "check it out" - if it's a trojan, the first time you run it, you're already infected!
How do I get rid of trojans?!? • Clean Re-installation: Back up your entire hard disk, reformat the disk, re-install the operating system and all your applications from original CDs, and finally, if you're certain they are not infected, restore your user files from the backup. If you are not up to the task, you can pay for a professional repair service to do it. • Anti-Virus Software: There are many products to choose from, but the following are generally effective: AVP, PC-Cilin, and McAfee Virusscan. All are available for immediate downloading typically with a 30 day free trial. For a more complete review of all major anti-virus programs, including specific configuration suggestions for each, see the HackFix Project's anti-virus software page[all are ext. links]. When you are done, make sure you've updated Windows with all security patches[ext. link]. • Anti-Trojan Programs
Example of a Trojan horse • A simple example of a Trojan horse would be a program named "waterfalls.scr" which claimed to be a free waterfall screensaver. When run, it would instead open computer ports and allow hackers to access the user's computer remotely.
Types of Trojan horse payloads • Remote Access. • Email Sending • Data Destruction • Downloader • Proxy Trojan (disguising others as the infected computer) • FTP Trojan (adding or copying data from the infected computer) • security software disabler • Denial-of-services attack (DoS) • URL trojan (directing the infected computer to only connect to the internet via an expensive dial-up connection)
Some examples of damage are: • erasing or overwriting data on a computer • corrupting files in a subtle way • upload and download files • allowing remote access to the victim's computer. This is called a RAT (remote administration tool) • spreading other malware, such as viruses: this type of Trojan horse is called a 'dropper' or 'vector' • setting up networks of zombie computers in order to launch DDoS attacks or send spam. • making screenshots • ogging keystrokes to steal information such as passwords and credit card numbers • phishing for bank or other account details, which can be used for criminal activities • installing a backdoor on a computer system • opening and closing CD-ROM tray • harvesting e-mail addresses and using them for spam • restarting the computer whenever the infected program is started • deactivating or interfering with anti-virus and firewall programs
Well-known trojan horses • Downloader-EV • Dropper-EV • Pest Trap • NetBus • flooder • Tagasaurus • Prorat • Turkojan • TroJanizary • Vundotrojan • Gromozon Trojan • Sub-7 • Cuteqq_Cn.exe • URL: http://www.irchelp.org/irchelp/security/trojan.htm