Trojan Horse
Download
Report
Transcript Trojan Horse
Trojan Horse
Implementation and Prevention
By
Pallavi Dharmadhikari
Sirisha Bollineni
VijayaLakshmi Jothiram
Vasanthi Madala
Trojan Horse
Agenda
Introduction of Trojan Horse
Objectives of Trojan Horse
Types of Trojan Horses
Trojan Horse Techniques
Implementation with an example
Prevention Methods
Q&A
Trojan Horse : Introduction
A
Trojan Horse program is a unique form of computer
attack that allows a remote user a means of gaining
access to a victim's machine without their knowledge.
Trojan
Horse initially appears to be harmless, but later
proves to be extremely destructive.
Trojan
Horse is not a Virus.
Objectives of Trojan Horse Programs
Trojan horses can exploit your system in various and creative ways
including:
Creating a "backdoor" that allows remote access to control your
machine
Recording keystrokes to steal credit card or password information
Commandeering your system to distribute malware or spam to
other computers
Spying on your activities by sending screenshots of your monitor
to a remote location
Uploading or downloading files
Erasing or overwriting data
Types of Trojan Horses
The EC Council groups Trojan horses into seven main types
Remote Access Trojans
Subseven
Data Sending Trojans
Eblaster
Destructive Trojans
Hard Disk Killer
Proxy Trojans
Troj/Proxy-GG
FTP Trojans
Trojan.Win32.FTP Attack
security software disabler Trojans
Trojan.Win32.Disabler.b
denial-of-service attack (DoS) Trojans
PC Cyborg Trojan
Trojan Horse Techniques
Alter name of malicious code on system.
Create a file name to obscure the file's type.
just_text.txt.exe
abcd.shs where by default the shs file will not be
displayed in the system"
Trojan Horse Techniques
Create another file and process with same name eg. UNIX init
process.
Combine malicious code with an innocuous program
Implementation of a Trojan Horse
Program
Trojan.Gletta.A is a Trojan horse program that steals Internet banking
passwords. It logs keystrokes of a victim computer when the user visits
certain Web pages and then emails the log to the attacker.
1) Trojan.Gletta.A executable locates the System folder copies itself to the
system folder and the Windows installation folder.
%System%\Wmiprvse.exe
%System%\Ntsvc.exe
%Windir%\Userlogon.exe
2) Creates %System%\Rsasec.dll, which is a key logger and
%System%\rsacb.dll, which is actually a text file key logger file.
3) Adds a registry key value "wmiprvse.exe"="%system%\wmiprvse.exe" , to
the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run,
so that the Trojan runs when you start Windows.
Implementation of a Trojan Horse
Program
4) On Windows NT/2000/XP, it adds the value:
"Run" = "%Windir%\userlogon.exe" to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Windows,
so that the Trojan runs when you start the operating systems.
The program watches for Internet Explorer windows that have any of the following titles:
National Internet Banking
Welcome to Citibank
Bank of China
HSBC in Hong Kong
or one of the following URLs:
https:/ /olb.westpac.com.au/ib/asp/
https:/ /olb.westpac.com.au/ib/
5) It also captures all the keystrokes entered into any windows that match those listed above, and
writes them into a log file.
6) Later it uses its own SMTP engine to send the log file to an external mail account of the intruder.
The mail has the following characteristics:
Both the FROM and TO addresses have the domain "mail.ru"
The subject starts with "Business News from"
Prevention of Trojan Horse Programs
Install latest security patches for the operating system.
Install Anti-Trojan software.
Trojan Hunter
A- Squared
Install anti-virus software and update it regularly
Install a secure firewall
Do not give strangers access (remote as well as physical) to your computer.
Do not run any unknown or suspicious executable program just to "check it
out".
Scan all email attachments with an antivirus program before opening it.
Prevention of Trojan Horse Programs
Do regular backup of your system.
Do not use the features in programs that can automatically get or preview
files.
Do not type commands that others tell you to type, or go to web addresses
mentioned by strangers.
Never open instant message (IM) attachments from unknown people.
Do not use peer-to-peer or P2P sharing networks, such as Kazaa,
Limewire, Gnutella, etc. as they do not filter out malicious programs hidden
in shared files.
Educate your coworkers, employees, and family members about the effects
of Trojan Horse.
Finally, protection from Trojans involves simple common sense
References
[1] Trojan horse, http://www.webopedia.com/TERM/R/Remote_Access_Trojan.html
[2] The corporate threat posed by email Trojans, http://www.gfi.com/whitepapers/network-protection-against-trojans.pdf
[3] Trojan.Gletta.A, June 09, 2004 http://www.sarc.com/avcenter/venc/data/trojan.gletta.a.html
[4] What You Click May Not Always Be What You Get!, Robert B. Fried,
http://www.crime-scene-investigator.net/TrojanHorse.pdf
[5] Trojan Programs, http://www.viruslist.com/en/virusesdescribed?chapter=152540521
[6]. Lo, Joseph, "Trojan Horse or Virus?", Feb 5, 2006
http://www.irchelp.org/irchelp/security/trojanterms.html
[7]. Delio, Michelle, "Viruses? Feh! Fear the Trojan". May 24, 2001.
http://www.wired.com/news/infostructure/0,1377,43981,00.html
[8] Trojan horse, http://www.cybertraveler.org/trojan_horse.html
[9]Microsoft CRM Implementation Guide - Planning the Security of your Microsoft CRM System,
http://www.microsoft.com/technet/prodtechnol/mscrm/mscrm1/plan/13_secur.mspx
[10] Trojan horse, http://en.wikipedia.org/wiki/Trojan_horse_(computing)
[11] Safari Online, ProQuest Information and Learning, http://proquest.safaribooksonline.com.
Q & A?