• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
Trojan horses
A
Trojan horse
is a computer program which carries out malicious operations withoutthe user's knowledge. The name "Trojan horse" comes from a legend told in the
 Iliad 
(bythe writer 
 Homer 
) about the siege of the city of Troy by the Greeks.Legend has it that the Greeks, unable to penetrate the city's defences, got the idea to giveup the siege and instead give the city a giant wooden horse as a gift offering.The Trojans (the people of the city of Troy) accepted this seemingly harmless gift and brought it within the city walls. However, the horse was filled with soldiers, who cameout at nightfall, while the town slept, to open the city gates so that the rest of the armycould enter.Thus, a Trojan horse (in the world of computing
 
) is a hidden program which secretly runscommands, and usually opens up access to the computer running it by opening a
backdoor
. For this reason, it is sometimes called a
Trojan
by analogy to the citizens of Troy.Like avirus, a Trojan horse is a piece of harmful code placed within a healthy program(like a false file-listing command, which destroys files instead of displaying the list).A Trojan horse may, for example:
steal passwords;
copy sensitive date;
carry out any other harmful operations;
etc.Worse, such a program can create an intentional security breach within your network, soas give outside users access to protected areas on the network.The most common Trojan horses openmachine ports, allowing their designer to gainentry to your computer over the network by opening a
backdoor
or 
backorifice
.Detecting such a program is difficult because you must be able to determine whether anaction is being carried out by the Trojan horse or by the user.
Symptoms of infection
Infection by a Trojan horse usually comes after opening a contaminated file containingthe Trojan horse (see the article on protecting yourself from worms
 
) and is indicated bythe following symptoms:
 
Abnormal activity by themodem, network adapter or hard drive: data is being loaded without any activity from the user;
Strange reactions from themouse;
Programs opening unexpectedly;
Repeated crashes.
Principle of a Trojan horse
As a Trojan horse is usually (and increasingly) intended to open a port on your machine so that ahacker can gain control of it (such as by stealing personal data stored on the harddrive), the hacker's goal is to first infect your machine by making you open an infectedfile containing the Trojan and then to access your machine through the opened port.However, to be able to infiltrate your machine, the hacker normally has to know itsIPaddress. So:
Either you have a fixedIP address (as with businesses, or with individuals with a cable or similar connection, etc.) in which case your IP address can easily bediscovered;
or your IP address is dynamic (reassigned each time you connect), as with modemconnections; in which case the hacker must scan IP addresses at random in order to detect those which correspond to infected machines.
Protect yourself from Trojans
Installing afirewall(a program which filters data entering and leaving your machine) isenough to protect you from this kind of intrusion. A firewall monitors both data leavingyour machine (normally initiated by the programs you are using) and data entering it.However, the firewall may detect unknown outside connections even if a hacker is notspecifically targeting you.. They may be tests carried out by your Internet service provider, or a hacker randomly scanning a range of IP addresses.For Windows systems, there are two free high-performance firewalls:
ZoneAlarm
Tiny Personal Firewall
In case of infection
If a program whose origins you are unsure of attempts to open a connection, the firewallwill ask you to confirm it before initiating the connection. It is important to not authoriseconnections for a program you don't recognise, because it might very well be a Trojanhorse.
 
If this reoccurs, it may be helpful to check that your computer isn't affected by a Trojan, by using a program that detects and deletes them (called an
anti-Trojan
).One example is
The Cleaner 
, which can be downloaded from http://www.moosoft.com.
List of ports commonly used by Trojans
Trojan horses commonly open a port on the infected machine and wait for a connection toopen on that port, so that hackers will be able to gain total control over the computer.Here is a (non exhaustive) list of the most common ports used by Trojan horses (source:Site de Rico
 
):
portTrojan
21Back construction, Blade runner, Doly, Fore, FTP trojan, Invisible FTP,Larva, WebEx, WinCrash23TTS (Tiny Telnet Server)25Ajan, Antigen, Email Password Sender, Happy99, Kuang 2, ProMailtrojan, Shtrilitz, Stealth, Tapiras, Terminator, WinPC, WinSpy31Agent 31, Hackers Paradise, Masters Paradise41Deep Throat59DMSetup79FireHotcke80Executor, RingZero99Hidden port110ProMail trojan113Kazimas119Happy 99121JammerKillah421TCP Wrappers456Hackers Paradise531Rasmin555Ini-Killer, NetAdmin, Phase Zero, Stealth Spy666Attack FTP, Back Construction, Cain & Abel, Satanz Backdoor, ServeU,Shadow Phyre911Dark Shadow999Deep Throat, WinSatan1002Silencer, WebEx1010 to1015Doly trojan1024NetSpy1042Bla1045Rasmin1090Xtreme1170Psyber Stream Server, Streaming Audio Trojan, voice
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...