Purpose and uses. Types of Trojan Horses? Popular Trojan horses. How can you be infected? Implementation with an example How to Prevent? References
A Trojan horse or Trojan, is a type of malware that masquerades as a legitimate file or helpful program with the ultimate purpose of granting a hacker unauthorized access to a computer.
*Computer Virus is a program that when triggered by an action of the user, causes copies of itself to be created. *Computer Worms is a program that causes copies of itself to be created without any user intervention. *Trojan Horses is a program that appears to do something useful, but in reality, masks some hidden malicious functionality. It does not make copies of itself. A Trojan gives a hacker remote access to a targeted computer system. Operations that could be performed by a hacker on a targeted computer system may include: Downloading or uploading of files on the user's computer Modification or deletion of files Crashing the computer Data theft (e.g. retrieving passwords or credit card information)
Netbus (by Carl-Fredrik Neikter) Subseven or Sub7(by Mobman) Back Orifice (Sir Dystic) Beast Zeus Flashback Trojan (Trojan.BackDoor.Flashback) Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of Trojans and other pests. Even using a secure web browser, such as Mozilla's Firefox, if Java is enabled, your computer has the potential of receiving a Trojan horse.
E-mail & I.M: Attachments on e-mail messages may contain Trojans. Many get infected through files sent through various I.M. ,this is due to an extreme lack of security in some instant messengers, such of AOL's instant messenger. Trojan.Gletta.A is a Trojan horse program that steals Internet banking passwords. It logs keystrokes of a victim computer when the user visits certain Web pages and then emails the log to the attacker.
1) Trojan.Gletta.A executable locates the System folder copies itself to the system folder and the Windows installation folder. %System%\Wmiprvse.exe %System%\Ntsvc.exe %Windir%\Userlogon.exe
2) Creates %System%\Rsasec.dll, which is a key logger and %System%\rsacb.dll, which is actually a text key logger file.
3) Adds a registry key value "wmiprvse.exe"="%system%\wmiprvse.exe" , to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run, so that the Trojan runs when you start Windows. 4) On Windows NT/2000/XP, it adds the value: "Run" = "%Windir%\userlogon.exe" to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\ WindowsNT\CurrentVersion\Windows, so that the Trojan runs when you start the operating systems.
The program watches for Internet Explorer windows that have any of the following titles: National Internet Banking Welcome to Citibank Bank of China HSBC in Hong Kong
Install latest security patches for the operating system.