Trojan Horse
Contents
What is a Trojan?
In computer security, a Trojan
horse is a malicious program that is disguised
as legitimate or useful software. The term is derived
from the classical myth of the Trojan Horse in the Siege
of Troy. In the Siege of Troy, the Greeks left a large
wooden horse outside the city. The Trojans were convinced
it was a gift, and moved the horse inside the city walls.
It turned out that this wooden horse was hollow and contained
Greek soldiers inside it who later opened the gates at
night to let the remainder of the Greek are soldiers come
in and invade the city. Trojan horse programs work in
a very similar way. They may look useful, interesting,
or harmless to an unsuspecting user, but are extremely
harmful when executed.
Trojan horse programs cannot self replicate
unlike computer viruses,
or worms.
What can Trojans Do?
Trojan horses can do numerous malicious
tasks. Some of these harmful tasks are:
- Erasing or overwriting data.
- Corrupting files.
- Spreading other malware, in this case the Trojan horse
is called a dropper.
- Setting up networks of zombie computers and
allowing remote hackers to gain full control over a
system.
- Spying on the user, such as, logging keystrokes, capturing
video screen shots of the computer, turning on the microphone
or web cam, and intercepting emails.
- Steal confidential information such as names, addresses,
phone numbers, credit card numbers, and social security
numbers.
Methods of Propagation
Trojans cannot self replicate. They must
either be dropped by another worm,
or sent by a user. Here are some common methods of propagation:
Infected Programs: Most
of the Trojan horse infections occurred when the user
was tricked in to executing a program. The program is
often pornography; while the user views the pornographic
program, a Trojan installs itself silently in the background,
and wreaks all kinds of havoc later on. Other Trojans
may be embedded within other programs that may look legitimate.
Trojans (as well as other malicious software) may even
be transported via floppy disks, or CDs (physical delivery
is extremely rare, unless your computer is the specific
target of an attack).
Web sites:
You can be infected by visiting a malicious web site.
Trojans may be downloaded into your computer silently
in the background by using web downloaders. Trojans
may also infect your computer by exploiting bugs found
on Flash, Java, or Internet Explorer.
Email:
You may be infected by opening an infected email attachment,
that's why its always good practice to double check who
sent you that email, and to verify that he or she actually
sent it to you. Some email services have the ability to
send and receive HTML messages, thus your computer may
be infected through the methods described above for visiting
web sites (since reading HTML messages is the
same thing as looking at a web site).
Open ports: Computers
can be infected by leaving certain ports open, for example:
computers running their own servers, allowing Windows
file sharing, or running programs that provide file sharing
capabilities (such as: AIM, MSN Messenger, Limewire or
Kazaa).
Logic Bombs
A logic bomb is a program that
is scheduled to run when its triggered by a certain event,
such as someone logging in, or torun on a certain date
and time.
Logic bombs are a common way for students
to get back at school administrators, or disgrunted employees
who seek revenge on their former employers. Some logic
bombs have destroyed entire databases of information,
including the famous logic bomb planted by Tim Lloyd,
a software engineer at Omega Engineering that was programmed
to go off exactly ten days after his termination. This
logic bomb wiped out all of its research, development
and production programs, and entire databases of important
information, as well as the backup tapes. This event put
a grinding halt to the company's manufacturing processes,
and resulted in $10 million in damages, and ultimately
80 employees got laid off.
Remote Administration Tools (RAT)
Not all Trojans are used for malicious
reasons. Some are used for managing large networks with
ease. These are not considered Trojans; although many
of them provide the same spying functions such as capturing
keystrokes, and taking screen shots. These are considered
as Remote Administration Tools (RAT). Many network administrators
use RATs to help manage large networks, and to monitor
network usage.
Protection
By far, the best way to protect against
Trojans is to install an anti-virus software. Remember,
just because you have an anti-virus doesn't mean you will
be immune to everything out there on the internet. You
must regularly update the anti-virus software in order
for the anti-virus software to protect you against the
latest threats. You will also regularly update your operating
system and all the programs to insure that Trojans do
not exploit the commonly used ports. Installing a firewall
will also help plug up any vulnerable ports.
|
|
|
