Академический Документы
Профессиональный Документы
Культура Документы
2. What is a Trojan
3. History of Trojan
4. Attacker’s Motive
5. Types of Trojans
6. Working of Trojans
8. Mode of Attacking
2
Content
9. Mode of Transmission
3
History of Trojan .…
The History Introduction includes information about….
4
Greek Myth…
In Greek mythology, the Trojan War was waged against the city of
Troy by the Achaeans (Greeks) after Paris of Troy took Helen from
her husband Menelaus, the king of Sparta. The war is among the
most important events in Greek mythology and was narrated in
many works of Greek literature, including the Iliad and the
Odyssey by Homer.
5
Greek Myth…
"The Iliad" relates a part of the last year of the siege of Troy, while
the Odyssey describes the journey home of Odysseus, one of the
Achaean leaders. Other parts of the war were told in a cycle of epic
poems, which has only survived in fragments. Episodes from the
war provided material for Greek tragedy and other works of Greek
literature, and for Roman poets like Virgil and Ovid.
6
The Trojan War…
The first nine years of the war consisted of both war in Troy and
war against the neighboring regions. The Greeks realized that Troy
was being supplied by its neighboring kingdoms, so Greeks were
sent to defeat these areas.
7
The Greeks won many important battles and the Trojan hero
Hector fell, as did the Trojan ally Penthesilea. However, the Greeks
could not break down the walls of Troy.
Patroclus was killed and, soonafter, Achilles was felled by Paris.
8
The Trojan Horse..
Still seeking to gain entrance into Troy, clever Odysseus (some say
with the aid of Athena) ordered a large wooden horse to be built. Its
insides were to be hollow so that soldiers could hide within it.
Once the statue had been built by the artist Epeius, a number of
the Greek warriors, along with Odysseus, climbed inside. The rest of
the Greek fleet sailed away, so as to deceive the Trojans.
9
The Trojan Horse..
Greek reassured the Trojans that the wooden horse was safe and
would bring luck to the Trojans.
That night, after most of Troy was asleep or in a drunken stupor,
Sinon let the Greek warriors out from the horse, and they
slaughtered the Trojans. Priam was killed as he huddled by Zeus'
altar and Cassandra was pulled from the statue of Athena
10
After the Trojan war..
The surviving Trojan women were divided among the Greek men
along with the other plunder. The Greeks then set sail for home,
which, for some, proved as difficult and took as much time as the
Trojan War itself (e.g., Odysseus and Menelaus).
11
What is Trojan…
Named after the Trojan Horse of ancient Greek history, a Trojan
is a network software application designed to remain hidden on an
installed computer. Trojans generally serve malicious purposes
and are therefore a form of malware, like viruses.
12
What is Trojan…
13
Trojans sometimes, for example, access personal information
stored locally on home or business computers, then send these
data to a remote party via the Internet. Alternatively, Trojans may
serve merely as a "backdoor" application, opening network ports to
allow other network applications access to that computer. Trojans
are also capable of launching Denial of Service (DoS) attacks. A
combination of firewalls and antivirus software protect networks
against Trojans..
14
In the IT world, a Trojan horse is used to enter a victim’s
computer undetected, granting the attacker unrestricted access to
the data stored on that computer and causing great damage to the
victim. A Trojan can be a hidden program that runs on your
computer without your knowledge, or it can be ‘wrapped’ into a
legitimate program meaning that this program may therefore have
hidden functions that you are not aware of.
15
Attacker’s Motive
16
Attacker’s Motive
Email Addresses (Might be used for spamming, as explained
above)
School work (steal your papers and publish them with his/her
name on it)
17
Type of Trojan…
There are several types of Trojans each behaves differently and
produces differing results from the others. Depending upon the
type of Trojan, an attacker can use them to stage various types of
exploits.
18
Types of Trojans Attack..
Erasing or overwriting data on a computer
Phish for bank or other account details, which can be used for
criminal activities.
19
Types of Trojans
1. Remote Administration Tool
4. Keylogging Trojan
20
Remote Administration Tool
21
File Serving Trojan
Trojan horse viruses from this category are able to create a
file server on the infected machine. Usually this server is
configured as an FTP server and with its help the intruder
will be able to control network connections, upload and
download various files. These Trojan horse viruses are rather
small in size, sometimes not more than 10Kb, which makes
it difficult to detect them.
22
Distributed Denial of Service Attack Trojan
23
Keylogging Trojan Horse
These Trojan horse viruses make use of spyware with the goal of
recording every step of user's activity on the computer. They are
called keylogging because they transmit to the hacker via email
the information about logged and recorded keystrokes. Hackers
use this type of malware for their financial benefit (through card
fraud or identity theft). Some individuals or companies can offer a
great reward for valuable information.
24
Password Stealing Trojan
The name speaks for itself - Trojans from this category are used to
steal passwords. The Trojan transmits information about passwords
to the hacker through email. Just like keylogging Trojans, this
malware is used mainly for hacker's financial benefit (a lot of people
use passwords to access their bank accounts or credit cards).
25
System Killing Trojan
26
Working of Trojan
27
…Working of Trojan
28
…Working of Trojan
29
… Working of Trojan
Most of the Trojans use auto-starting methods so that the servers
are restarted every time the remote machine reboots / starts. This
is also notified to the attacker. As these features are being
countered, new auto-starting methods are evolving. The start up
method ranges from associating the Trojan with some common
executable files such as explorer.exe to the known methods like
modifying the system files or the Windows Registry. Some of the
popular system files targeted by Trojans are Auto start Folder,
Win.ini, System.ini, Wininit.ini, Winstart.bat, Autoexec.bat
Config.sys. Could also be used as an auto-starting method for
Trojans.
30
Where Trojan live\located…
Autostart Folder
The Autostart folder is located in C:\Windows\Start
Menu\Programs\startup and as its name suggests, automatically
starts everything placed there.
Win.ini
Windows system file using load=Trojan.exe and run=Trojan.exe to
execute the Trojan
System.ini
Using Shell=Explorer.exe trojan.exe results in execution of every file
after Explorer.exe
Wininit.ini
Setup-Programs use it mostly; once run, it's being auto-deleted, which
is very handy for Trojans to restart.
31
Trojan Method of Attacking…
A Trojan may infect a system through various attack vectors.
A Trojan employs an attack vector to install its payload on the
target’s computer systems. The most
common attack vectors are:
32
How can you be infected..
34
Type of connections in Trojan..
2. Reverse Connection : new technology that came around about
the same time that routers became popular.
advantages of Reverse connection:
35
Some Known Trojans..
• Beast
• Back Orifice
• Netbus
• Donald Dick
• Sub Seven(help to hack other pc's).
36
… Trojan Beast
Beast is a Windows-based backdoor Trojan horse more commonly
known in the underground cracker community as a RAT (Remote
Administration Tool). It is capable of infecting almost all Windows
versions i.e. 95 through XP.
37
…Trojan Beast
Using the 'reverse connection' there was no need for the attacker to know
the target IP, instead the server itself connected to a predefined DNS,
which was redirected to the attacker IP. For its DLL, it used the 'injection
method' i.e. they were injected into a specified process, commonly
'explorer.exe' (Windows Explorer), 'iexplore.exe' (Internet Explorer) or
'msnmsgr.exe' (MSN Messenger). Due to this the DLLs were automatically
loaded into the memory once these processes were executed.
38
Trojan Beast…
Beast was one of the first Trojans to feature a 'reverse connection to its
victims and once established, it gave the attacker complete control over
the infected computer.
39
Trojan Beast
40
Back Orifice Trojan…
Back Orifice (often shortened to BO) is a controversial computer
program designed for remote system administration. It enables a
user to control a computer running the Microsoft Windows
operating system from a remote location. The name is a pun on
Microsoft BackOffice Server software.
41
Back Orifice Trojan…
42
Netbus Trojan…
Netbus is a software program for remotely controlling a Microsoft
Windows computer system over a network. It was created in 1998
and has been very controversial for its potential of being used as
a backdoor.
43
Netbus Trojan…
The client was a separate program presenting a graphical user
interface that allowed the user to perform a number of activities
on the remote computer.
44
Donald Dick Trojan …
It is also known as Backdoor.DonaldDick.153 Trojan.PSW.EPS.dr
Trojan.PSW.Ring0.a
Attacker does:
• Read/write/delete/run any file on the computer
• Record keystrokes
• Get information about the system
• Open/close the CD-ROM tray
• And many other things
45
Donald Dick Trojan
46
Sub Seven Trojan…
47
Sub Seven Trojan …
It’s helping to access the remote control of pc..
48
Ways of Detecting/Removal a Trojan..
1.Using Anti-Trojan Software
2.Manual Detection
3.TCP Viewer
4.Process Viewer
5.Process Explorer
49
Using Anti-Trojan Software..
Antivirus software is designed to detect
and delete Trojan horses, as well as
preventing them from ever being
installed. Although it is possible to
remove a Trojan horse manually, it
requires a full understanding of how that
particular Trojan horse operates. In
addition, if a Trojan horse has possibly
been used by a hacker to access a
computer system, it will be difficult to
know what damage has been done and
what other problems have been
introduced.
50
Manual Detection Trojan
51
TCP Viewer
52
Process Viewer
53
Process Viewer
54
Process Explorer
Process Explorer is a system monitoring and examination utility. It
provides the functionality of Windows Task Manager along with a
rich set of features for collecting information about processes
running on the user's system. It can be used as the first step in
debugging software or system problems.
55
..Process Explorer
56
..Process Explorer
as another example, it can show the command lines used to start a
program, allowing otherwise identical processes to be distinguished.
Or like Task Manager, it can show a process that is maxing out the
CPU, but unlike Task Manager it can show which thread (with the
call stack) is using the CPU – information that is not even available
under a debugger.
57
..Counter Measures of Trojan
58
..Counter Measures of Trojan
59
60