What is Trojan Horse?

Difference between Virus, Worms & Trojans.

Purpose and uses.
Types of Trojan Horses?
Popular Trojan horses.
How can you be infected?
Implementation with an example
How to Prevent?
References

A Trojan horse or Trojan, is a type of
malware that masquerades as a legitimate
file or helpful program with the ultimate
purpose of granting a hacker unauthorized
access to a computer.

*Computer Virus is a program that when triggered
by an action of the user, causes copies of itself to
be created.
*Computer Worms is a program that causes copies
of itself to be created without any user
intervention.
*Trojan Horses is a program that appears to do
something useful, but in reality, masks some
hidden malicious functionality. It does not make
copies of itself.
A Trojan gives a hacker remote access to a
targeted computer system. Operations that could
be performed by a hacker on a targeted
computer system may include:
Downloading or uploading of files on the user's
computer
Modification or deletion of files
Crashing the computer
Data theft (e.g. retrieving passwords or credit
card information)

Remote Access Trojans
Data Sending Trojans
Destructive Trojans
Proxy Trojans
FTP Trojans
Security software disabler Trojans
Denial-of-service attack (DoS) Trojans

Netbus (by Carl-Fredrik Neikter)
Subseven or Sub7(by Mobman)
Back Orifice (Sir Dystic)
Beast
Zeus
Flashback Trojan (Trojan.BackDoor.Flashback)
Websites: You can be infected by visiting a rogue
website. Internet Explorer is most often targeted by
makers of Trojans and other pests. Even using a secure
web browser, such as Mozilla's Firefox, if Java is
enabled, your computer has the potential of receiving a
Trojan horse.

E-mail & I.M: Attachments on e-mail messages may
contain Trojans. Many get infected through files sent
through various I.M. ,this is due to an extreme lack of
security in some instant messengers, such of AOL's
instant messenger.
Trojan.Gletta.A is a Trojan horse program that
steals Internet banking passwords. It logs
keystrokes of a victim computer when the user
visits certain Web pages and then emails the log to
the attacker.

1) Trojan.Gletta.A executable locates the System
folder copies itself to the system folder and the
Windows installation folder.
%System%\Wmiprvse.exe
%System%\Ntsvc.exe
%Windir%\Userlogon.exe


2) Creates %System%\Rsasec.dll, which is a key
logger and %System%\rsacb.dll, which is actually
a text key logger file.

3) Adds a registry key value
"wmiprvse.exe"="%system%\wmiprvse.exe" , to
the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run,
so that the Trojan runs when you start Windows.
4) On Windows NT/2000/XP, it adds the value:
"Run" = "%Windir%\userlogon.exe" to the
registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\
WindowsNT\CurrentVersion\Windows,
so that the Trojan runs when you start the
operating systems.

The program watches for Internet Explorer
windows that have any of the following titles:
National Internet Banking
Welcome to Citibank
Bank of China
HSBC in Hong Kong


Install latest security patches for the operating system.

Install Anti-Trojan software.
Trojan Hunter
A- Squared

Install anti-virus software and update it regularly

Install a secure firewall

Do not give strangers access (remote as well as physical) to your
computer.

Do not run any unknown or suspicious executable program just to
"check it out".

Scan all email attachments with an antivirus program before
opening it.

References:-
Trojan horse:-
http://www.webopedia.com/TERM/R/Remote_
Access_Trojan.html
http://en.wikipedia.org/wiki/Trojan_horse_(co
mputing)
www.cs.bham.ac.uk/
www.cs.purdue.edu