Trojan Trojan !! What is it ?
Trojan ( bad ) Beware !!
Trojan horse well this term has many meanings .
In the context of computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.
Often the term is shortened to simply Trojan, even though this turns the adjective into a noun, reversing the myth (Greeks were gaining malicious access, not Trojans).
There are two common types of Trojan horses.
One, is otherwise useful software that has been corrupted by a cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities.
The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.
Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system's security design or configuration.
Definition
A Trojan horse program has a useful and desired function, or at least it has the appearance of having such. Trojans use false and fake names to trick users into dismissing the processes. These strategies are often collectively termed social engineering. In most cases the program performs other, undesired functions, but not always. The useful, or seemingly useful, functions serve as camouflage for these undesired functions. A trojan is designed to operate with functions unknown to the victim. The kind of undesired functions are not part of the definition of a Trojan Horse; they can be of any kind, but typically they have malicious intent.
In practice, Trojan Horses in the wild often contain spying functions (such as a packet sniffer) or backdoor functions that allow a computer, unknown to the owner, to be remotely controlled from the network, creating a "zombie computer". The Sony/BMG rootkit Trojan, distributed on millions of music CDs through 2005, did both of these things. Because Trojan horses often have these harmful behaviors, there often arises the misunderstanding that such functions define a Trojan Horse.
In the context of Computer Security, the term 'Trojan horse' was first used in a seminal report edited/written by JP Anderson (aka 'The Anderson Report' (Computer Security Technology Planning, Technical Report ESD-TR-73-51, USAF Electronic Sysstem Division, Hanscom AFB, Oct, 1972), which credits Daniel J Edwards then of NSA for both the coinage and the concept. One of the earliest known Trojans was a binary Trojan distributed in the binary Multics distribution; it was described by PA Karger and RR Schell in 1974 (Multics Security Evaluation, Technical Report ESD-TR-74-193 vol II, HQ Electronic Systems Division, Hanscom AFB, June 1974).
The basic difference from computer viruses is that a Trojan horse is technically a normal computer program and does not possess the means to spread itself. The earliest known Trojan horses were not designed to spread themselves. They relied on fooling people to allow the program to perform actions that they would otherwise not have voluntarily performed.
Trojans implementing backdoors typically setup a hidden server, from which a hacker with a client can then log on to. They have become polymorphic, process injecting, prevention disabling, easy to use without authorization, and therefore are abusive.
Trojans of recent times also come as computer worm payloads. It is important to note that the defining characteristics of Trojans are that they require some user interaction, and cannot function entirely on their own nor do they self-propagate/replicate.
Examples
Example of a simple Trojan horse
A simple example of a trojan horse would be a program named "waterfalls.scr.exe" claiming to be a free waterfall screensaver which, when run, instead begins erasing all the files on the computer.
Example of a somewhat advanced Trojan horse
On the Microsoft Windows platform, an attacker might attach a Trojan horse with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan horse itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .com, .scr, .bat, or .pif. Since Windows is sometimes configured by default to hide filename extensions from a user, the Trojan horse is an extension that might be "masked" by giving it a name such as 'Readme.txt.exe'. With file extensions hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. Icons can also be chosen to imitate the icon associated with a different and benign program, or file type.
When the recipient double-clicks on the attachment, the Trojan horse might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its real, concealed, objectives. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks - possibly joining many other similarly infected computers as part of a distributed denial-of-service attack. The Sony/BMG rootkit mentioned above both installed a vulnerability on victim computers, but also acted as spyware, reporting back to a central server from time to time, when any of the music CDs carrying it were played on a Windows computer system.
Types of Trojan horses
Trojan horses are almost always designed to do various harmful things, but could be harmless. Examples are
erasing or overwriting data on a computer.
encrypting files in a cryptoviral extortion attack.
corrupting files in a subtle way.
upload and download files.
allowing remote access to the victim's computer. This is called a RAT. (remote administration tool)
spreading other malware, such as viruses. In this case the Trojan horse is called a 'dropper' or 'vector'.
setting up networks of zombie computers in order to launch DDoS attacks or send spam.
spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware).
make screenshots.
logging keystrokes to steal information such as passwords and credit card numbers (also known as a keylogger).
phish for bank or other account details, which can be used for criminal activities.
installing a backdoor on a computer system.
opening and closing CD-ROM tray
Time bombs and logic bombs
"Time bombs" and "logic bombs" are types of trojan horses.
"Time bombs" activate on particular dates and/or times. "Logic bombs" activate on certain conditions met by the computer.
Precautions against Trojan horses
Trojan horses can be protected against through end user awareness. Trojan Horse viruses can cause a great deal of damage to a personal computer but even more damaging is what they can do to a business, particularly a small business that usually does not have the same virus protection capabilities as a large business. Since a Trojan Horse virus is hidden it is harder to protect yourself or your company from them but there are things that you can do.
Trojan Horses are most commonly spread through an e-mail, much like other types of common viruses. The only difference being of course is that a Trojan Horse is hidden. The best ways to protect yourself and your company from Trojan Horses are as follows:
1. If you receive e-mail from someone that you do not know or you receive an unknown attachment never open it right away. As an e-mail use you should confirm the source. Some hackers have the ability to steal an address books so if you see e-mail from someone you know that does not necessarily make it safe.
2. When setting up your e-mail client make sure that you have the settings so that attachments do not open automatically. Some e-mail clients come ready with an anti-virus program that scans any attachments before they are opened. If your client does not come with this it would be best to purchase on or download one for free.
3. Make sure your computer has an anti-virus program on it and make sure you update it regularly. If you have an auto-update option included in your anti-virus program you should turn it on, that way if you forget to update your software you can still be protected from threats
4. Operating systems offer patches to protect their users from certain threats and viruses, including Trojan Horses. Software developers like Microsoft offer patches that in a sense “close the hole” that the Trojan horse or other virus would use to get through to your system. If you keep your system updated with these patches your computer is kept much safer.
5. Avoid using peer-2-peer or P2P sharing networks like Kazaa , Limewire, Ares, or Gnutella because those programs are generally unprotected from viruses and Trojan Horse viruses are especially easy to spread through these programs. Some of these programs do offer some virus protection but often they are not strong enough.
Besides these sensible precautions, one can also install anti-trojan software, some of which are offered free.
Methods of Infection
The majority of trojan horse infections occur because the user was tricked into running an infected program. This is why you're not supposed to open unexpected attachments on emails -- the program is often a cute animation or a sexy picture, but behind the scenes it infects the computer with a trojan or worm. The infected program doesn't have to arrive via email, though; it can be sent to you in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. (Physical delivery is uncommon, but if you were the specific target of an attack, it would be a fairly reliable way to infect your computer.) Furthermore, an infected program could come from someone who sits down at your computer and loads it manually.
Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of trojans and other pests, because it contains numerous bugs, some of which improperly handle data (such as HTML or images) by executing it as a legitimate program. (Attackers who find such vulnerabilities can then specially craft a bit of malformed data so that it contains a valid program to do their bidding.) The more "features" a web browser has (for example ActiveX objects, and some older versions of Flash or Java), the higher your risk of having security holes that can be exploited by a trojan horse.
Email: If you use Microsoft Outlook, you're vulnerable to many of the same problems that Internet Explorer has, even if you don't use IE directly. The same vulnerabilities exist since Outlook allows email to contain HTML and images (and actually uses much of the same code to process these as Internet Explorer). Furthermore, an infected file can be included as an attachment. In some cases, an infected email will infect your system the moment it is opened in Outlook -- you don't even have to run the infected attachment.
For this reason, using Outlook lowers your security substantially.
Open ports: Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide filesharing capabilities such as Instant Messengers (AOL's AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured.
A firewall may be used to limit access to open ports. Firewalls are widely used in practice, and they help to mitigate the problem of remote trojan insertion via open ports, but they are not a totally impenetrable solution, either.
More on trojans
Trojan Part 1
1.What is this text about?
/=-=-=-=-=-=-=-=-=-=-=-=-=-=/
In this text I'm going to explain you interesting things about
the trojans and about their future.I hope you'll realize that
trojans are dangerous and they're still big security problem although
many people say don't download files from the net and you won't get
infected which is not right.The main thing I want to explain here is
do the trojans have future and other interesting things about them.
This text is only for Windows based trojans not Unix one.
=-=-=-=-=-=-=-=-=-=-=-=-=-=
2.What Is A Trojan Horse?
/=-=-=-=-=-=-=-=-=-=-=-=-=/
A trojan horse is
-An unauthorized program contained within a legitimate program. This unauthorized
program performs functions unknown (and probably unwanted) by the user.
-A legitimate program that has been altered by the placement of
unauthorized code within it; this code performs functions unknown
(and probably unwanted) by the user.
-Any program that appears to perform a desirable and necessary
function but that (because of unauthorized code
within it that is unknown to the user) performs functions unknown
(and probably unwanted) by the user.
Trojans can also be called RAT's, or Remote Administration Tools.
The trojan got it's name from the old mythical story about how the greeks during
the war, gave their enemy a huge wooden horse as a gift.
They accepted this gift and they brought into their kingdom,
and during the night, greek soldiers crept out of the horse and attacked the city,
completely overcoming it.
3.Trojans Today
/=-=-=-=-=-=-=-=/
Trojans has always been big security problem even today.Most of the people
don't know what a trojan is and they keep downloading files from untrusted
sources or from suspicious people.Today there are more than 600 trojans on
the net that I know but I think there are many many more.Because every hacker or
programer today have it's own trojan made for his/her special needs and not
published anywhere.Every hacking group has also it's own trojans and programs.
When someone start learning winsock the first creating is chat client or trojan
horse.Even the anti-virus scanners I'll talk below people still get infected
by themselves,by some hacker or by some of your friends.
----------------------->
4.The Future Of Trojans
=-=-=-=-=-=-=-=-=-=-=-=-=
I think there're a lot of people out there that think the
trojans are outdated and they don't have future.Well I don't
think so.Trojans will always have future and new things added in
them.There are so many things that can be improved by skilled programers
in the trojans.
Trojans that COMPLETELY hide in the system and of course restart every time Windows is loaded
trojans that will lie every trojan and anti-virus program this is the future I think.
People that program trojans has a lot of ideas that makes their trojans unique.
These people start placing backdoors in ActiveX and who knows maybe in future they'll
find other sources they can place the trojans in.Programmers will always think of
new and unique trojans with functions never seen before.
Trojans are made every day by the programers with new options and with better encryption so
the Anti-Trojan software can't detect them.So noone knows how many are the trojans on the net.
But the programmers are still programming trojans and they will continue in the future.
Technically, a trojan could appear almost anywhere, on any operating system or platform.
However, with the exception of the inside job mentioned previously, the spread of trojans works
very much like the spread of viruses. Software downloaded from the Internet, especially shareware or freeware,
is always suspect. Similarly, materials downloaded from underground servers
or Usenet newsgroups are also candidates.There are thousand of programs with not checked
source and new programs are appearing every day especially the freeware one so they can all be
trojans.So be careful what you're downloading and from where you're downloading it.
Always download software from the official page.
----------------------------->
5.Anti-Virus Scanners
/=-=-=-=-=-=-=-=-=-=-=-=/
People think that when they have a virus scanner with the latest virus definitions
they're secure on the net and they can't get infected with a trojan or noone can
have access to their computer.This is NOT right.The purpose of the anti-virus
scanners is to detect not trojans but viruses.But when trojans became popular
the scanners started adding also trojan definitions.These scanners just can't
find the trojans and analyze them that's why they're just detecting the common
and the well know from everyone trojans like Back Orifice and NetBus and also
several other.As I told they're around 600 trojans I know out there and the
anti-virus scanners are detecting just a LITTLE part of them.
These scanners are not firewalls that will stop someone that want to connect
to your computer or try to attack you as people think they are.So I hope that
you understand that the main purpose of these scanners is not to detect
trojans and protect you while you're online.
Most of the internet users know only Back Orifice and NetBus as trojans.
There are some specific tools out there that clean ONLY from these trojans.
Again people think that they're secure and protected from every trojan.
--------------------------->
6.How Can I get Infected?
/=-=-=-=-=-=-=-=-=-=-=-=-=-=/
Everyone ask this question and often people ask themselves how they got
infected.Also when someone ask them did they run some file send to them
by someone or downloaded from somewhere people always say they didn't
run anything or download some file but they did it.People just don't
pay attention to things they do online and that's why they forget
about the moment of the infection with the trojan.
You can get infected from many places and I'll try to explain
you these things here.
6.1 From ICQ
6.2 From IRC
6.3 From Attachment
6.4 Physical Access
6.5 Tricks-diskette
6.1 From ICQ
People think that they can't infect while they're talking via ICQ
but they just forget the moment when someone sends them a file.
Everyone knows how insecure ICQ is and that's why some people
are afraid of using it.
As you maybe know there's a bug in ICQ allowing you to send a .exe
file to someone but it will look as .bmp or .jpg or whatever you want
it to look like.This is very dangerous as you see and can get you in
trouble.The attacker will just change the icon of the file like
a BMP image,tell you it's a pic of him,rename it to photo.bmp
then you'll get it and of course before getting it you'll see that
it's .bmp and you're secure because the file is not executable.
Then you run it see the picture and you think there's nothing to
worry about but there is.
That's why most of the people say that they didn't run any files
because they know that they've run an image not executable.
A way to prevent this bug in ICQ is always to check the type of
the file before running it.It may has an BMP icon but if at the type
of the file is written executable I thin you know that it will be
mistake if you run that file.
6.2 From IRC
You can also get infected from IRC by receiving files from
untrusted sources.But I advice you always to be paranoid
and do not receive files from ANYONE even from your best
friend because someone may stolen his/her password
and infect you.Some people think that they can be 100% sure
that the other person is their friend when they ask him/her
something like a secret or something else that only he/she know
but as I told you be paranoid because someone may infect your friend
and just check his/her IRC