TROJAN HORSE

WHAT IS A TROJAN HORSE?

A Trojan Horse is simply a malicious computer program that damages your computer system upon installation. The program claims to do one thing, such as pretending to be a game, but instead do something else when you run them. Some nasty Trojans will actually attempt to erase your hard drive. They were originally named after the historic Trojan horse used by the Greeks to conquer Troy because the first Trojan horse programs pretended to be innocent games or applications. Trojan horses have no way to replicate themselves automatically.

HOW IT WORKS?
Trojans are spread over the Internet through a number of ways, such as through emails, chat programs, and the download of files that may actually contain beneficial material but also include concealed Trojans. Once these files are opened or executed, the malicious program is installed on your computer. Thus, the victim of a Trojan attack has to install the server end of the program in order for it to work. And once installed, the program will run automatically every time your computer is turned on. Also, many Trojans also incorporate a worm that accesses your email addresses and sends them a message with the Trojan attachment. Malicious hackers, also called crackers, can create a network of zombie computers through this worm. This network of zombie computers, also called botnets, can then be used to spread even more Trojans throughout the network. They are called zombies because their users rarely know the computers are infected. As soon as an infected computer, which is the server in this application, is powered up, Trojan sends it IP Address to the attacker, or client. This allows the attacker to communicate with the infected computer and access its files or even erase them.

TYPES
There are several different types of Trojans. Some of these include: remote access Trojans (RATs), backdoor Trojans (backdoors), IRC Trojans (IRCbots), and keylogging Trojans. Many Trojan encompass multiple types. For example, a Trojan may install both a keylogger and a backdoor. IRC Trojans are often combined with backdoors and RATs to create collections of infected computers known as botnets.

HARMS
Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denialof-service attacks)

Data theft (e.g. retrieving passwords or credit card information) Installation of software, including third-party malware Downloading or uploading of files on the user's computer Modification or deletion of files Keystroke logging Watching the user's screen Crashing the computer Anonymizing internet viewing

VIRUS AND WORMS

WHAT IS A VIRUS?
A computer virus is a small malware program written to alter the way a computer operates, without the permission or knowledge of the user. A virus must meet two criteria: It must execute itself. It often places its own code in the path of execution of another program. It must replicate itself. For example, it may replace other executable files with a copy of the virus infected file. With the intent of doing damage to the system, It normally attaches itself to another program or data file in order to spread and reproduce itself in other areas of the computer without the knowledge of the user. Normally a virus enters your computer through a spam email which has attachments (pictures or files) or by downloading infected programs from malicious sites

HOW IT WORKS?
In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user attempts to launch an infected program, the virus' code may be executed simultaneously. Viruses can be divided into two types based on their behavior when they are executed. Nonresident viruses immediately search for other hosts that can be infected, infect those targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.

TYPES OF VIRUSES
Multi-Partite Viruses Some computer viruses appear to behave like many other viruses and sometimes more than one type. These are hybrids and are called as multi-partite computer viruses. Polymorphic Viruses These viruses are written such that it changes its code whenever it passes to another machine so that it is difficult for an anti-virus scanner to locate them. Flaws in the program code make it easy to track down these viruses. It is usually the encryption of the code that changes every time. Stealth Viruses Whenever a virus attaches itself onto another file the size of the file increases and this is indicated in the File allocation table. The stealth virus uses techniques to avoid detection by redirecting the disk head to read another sector or alter the file size shown in the Directory listing. Script Viruses A subset of file viruses these are written in a variety of script languages like JavaScript, VBS, BAT, PHP etc They are also able to infect other file formats such as HTML (if the file format allows script execution) ActiveX & Java Applets Active X and Java Controls are being used in Web browsers to enable and disable sound or video and a host of other controls. If not properly secured this is another area that virus writes use to get private data from your computer.

EXAMPLE: Cih (1998), Morris (1988), Mellisa (1999), Iloveyou (2000), Blaster (2003)
HARMS
Slow down computer. Corrupt system files. Damage boot sector creating problems when boot into the windows. Steal important information from computer and send to some other person.

WHAT IS A WORM?
Worm is a self-replicating malware computer program, which uses a computer network to send copies of it-self to other nodes and it may do so without any user intervention. Worms are memory-resident malware threats that can spread across networks by exploiting possible Vulnerabilities in the TCP/IP stack implementation of the OS and/or specific applications. Unlike a computer virus, it does not need to attach itself to an existing program. They load themselves into the memory of a remote system and then execute themselves all without ever being written to a disk. A worm therefore can live on its own and propagate by copying itself from one computer to another. Worms can harm a network, can consume tremendous bandwidth, and can shut a computer down.

TYPES OF WORMS
Daprosy Worm Replaces folders with .EXE's, key logger, slow mass mailer. Daprosy worm is a malicious computer program that spreads via LAN connections, spammed e-mails and USB mass storage devices Code Red II Exploited Microsoft Internet Information Server security holes. The worm was designed to exploit a security hole in the indexing software included as part of Microsoft's Internet Information Server (IIS) web server software. ExploreZip Spread through zipped documents in a spam e-mail. Kak worm On the first day of every month, at 5:00 pm, the worm uses shutdown.exe to initiate a shutdown and show a popup with text "Kagou-anti-Kro$oft says not today!

EXAMPLE: Code red (2000), Hybris (2000), W32/IRCbot.worm (2007), Witty (2004), Stuxnet (2010) HARMS: Damage the PC network, Consumes too much system memory, Replicate itself on system DIFFERENCE BETWEEN COMPUTER VIRUS AND WORM
# A worm is a type of virus that attacks the computer in a method differing from the way a typical virus attacks a
computer. Unlike the typical virus, the worm does not require a host program to propagate. A worm enters a computer through a weakness in the Computer System and propagates itself using network flaws. The typical virus requires activation through user intervention, such as double clicking or sending outgoing email. However, a worm releases a document containing the worm macro and sends copies of it-self to other computers through network flaws, therefore bypassing any need for user intervention.

# A computer virus attaches itself to a program or file enabling it to spread from one computer to another,
leaving infections as it travels. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action.

# A computer worm does not have to attach itself to a program in your system like a computer virus does in
order to function.

# Unlike a computer virus that generally corrupts and modifies files on your computer to cause damage, a
computer worm generally localizes its damage to the computer network by causing increased bandwidth. However, computer worms may have a "payload" that can delete files, encrypt files or email files on the host computer.

# Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. # The biggest danger with a worm is its capability to replicate itself on your system, so rather than your
computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. In case of Virus most of them has no capability to replicate itself.