THE TROJAN “HORSE”


trojan

I found it necessary to devote a chapter to Trojans. Trojan’s are probably the most compromising of all types of attacks. Trojans are being released by the hundreds every week, each more cleverly designed that the other. We all know the story of the Trojan horse probably the greatest strategic move ever made. In my studies I have found that Trojans are primarily responsible for almost all Windows Based machines being compromised. For those of you who do not know what Trojans are I’ll briefly explain. Trojans are small programs that effectively give “hackers” remote control over your entire Computer

Some common features with Trojans are as follows:

Open your CD-Rom drive

Capture a screenshot of your computer

Record your key strokes and send them to the “Hacker”

Full Access to all your drives and files

Ability to use your computer as a bridge to do other

hacking related activities.

Disable your keyboard

Disable your mouse…and more!

Let’s take a closer look at a couple of more popular

Trojans:

Netbus

SubSeven

The Netbus Trojan has two parts to it as almost all Trojans do.

There is a Client and a Server. The server is the file that

would have to get installed on your system in order to have

your system compromised. Here’s how the hack would

e Hack

Objective: Getting the potential victim to install the server

onto his/her system.

Method 1

Send the server file (for explanation purposes we’ll call the file

netbusserver.exe) to you via E-Mail. This was how it was

originally done.

The hacker would claim the file to be a game of some sort.

When you then double click on the file, the result is nothing.

You don’t see anything. (Very Suspicious)

Note: (How many times have you double clicked on a

file someone has sent you and it apparently did

nothing)

At this point what has happened is the server has now been

installed on your system. All the “hacker” has to do is use the

Netbus Client to connect to your system and everything you

have on your system is now accessible to this “hacker.”

With increasing awareness of the use of Trojans, “hackers”

became smarter, hence method 2.

Method 2

Objective: Getting you to install the server on your system.

Let’s see, how many of you receive games from friends?

Games like hit gates in the face with a pie. Perhaps the game

shoot Saddam? There are lots of funny little files like that.

Now I’ll show you how someone intent on getting access to

your computer can use that against you.

There are utility programs available that can combine the

(“server” (a.k.a. Trojan)) file with a legitimate “executable

file.” (An executable file is any file ending in .exe). It will

then output another (.exe) file of some kind. Think of this

process as mixing poison in a drink.

For Example:

Tomato Juice + Poison = something

Now the result is not really Tomato Juice anymore but you can

call it whatever you want. Same procedure goes for

combining the Trojan with another file.

For Example:

The “Hacker” in question would do this: (for demonstration

purposes we’ll use a chess game)

Name: chess.exe (name of file that starts the chess

game)

Trojan: netbusserver.exe (The Trojan)

(Again for explanation purposes we’ll call it that)

The joiner utility will combine the two files together and output

1 executable file called:

<insert name here>.exe

This file can then be renamed back to chess.exe. It’s not

exactly the same Chess Game. It’s like the Tomato Juice, it’s

just slightly different.

The difference in these files will be noticed in their size.

The original file: chess.exe size: 50,000 bytes

The new file (with Trojan): chess.exe size: 65,000 bytes

(Note: These numbers and figures are just for explanation

purposes only)

The process of joining the two files, takes about 10 seconds to

get done. Now the “hacker” has a new chess file to send out

with the Trojan in it.

Q. What happens when you click on the new chess.exe file?

Answer: The chess program starts like normal. No more

suspicion because the file did something. The only difference

is while the chess program starts the Trojan also gets installed

on your system.

Now you receive an email with the attachment except in the

format of chess.exe.

The unsuspecting will execute the file and see a chess game.

Meanwhile in the background the “Trojan” gets silently

installed on your computer.

If that’s not scary enough, after the Trojan installs itself on

your computer, it will then send a message from your

computer to the hacker telling him the following information.

Username: (A name they call you)

IP Address: (Your IP address)

Online: (Your victim is online)

So it doesn’t matter if you are on dial up. The potential

hacker will automatically be notified when you log on to your

computer.

You’re probably asking yourself “how likely is it that this has

happened to me?” Well think about this. Take into

consideration the second chapter of this manual. Used in

conjunction with the above mentioned methods can make for

a deadly combination.

These methods are just but a few ways that “hackers” can

gain access to your machine.

Listed below are some other ways they can get the infected

file to you.

News Groups:

By posting articles in newsgroups with file attachments like

(mypic.exe) in adult newsgroups are almost guaranteed to

have someone fall victim.

Don’t be fooled though, as these folks will post these files to

any newsgroups.

Grapevine:

Unfortunately there is no way to control this effect. You

receive the file from a friend who received it from a friend etc.

etc.

Email:

The most widely used delivery method. It can be sent as an

attachment in an email addressed to you.

Unsafe Web sites:

Web sites that are not “above the table” so to speak. Files

downloaded from such places should always be accepted with

high suspicion.

IRC:

On IRC servers sometimes when you join a channel you will

automatically get sent a file like “mypic.exe” or “sexy.exe” or

sexy.jpg.vbs something to that effect. Usually you’ll find

wannabe’s are at fault for this.

Chat Sites:

Chat sites are probably one of the primary places that this sort

of activity takes place. The sad part to that is 80% are not

aware of it.

As you can see there are many different ways to deliver that

file to you as a user. By informing you of these methods I

hope I have made you more aware of the potential dangers

around you. In Chapter 3 we’ll discuss what files should be

considered acceptable.

Recommended for you
Powered by

What's Your Reaction?

Angry Angry
0
Angry
Cute Cute
0
Cute
Geek Geek
0
Geek
LOL LOL
0
LOL
Love Love
0
Love
Omg Omg
0
Omg
Sad Sad
0
Sad
Scary Scary
0
Scary
Wtf Wtf
0
Wtf

THE TROJAN “HORSE”

reset password

Back to
log in
Loading...