INTRODUCTION TO TROJAN
INTRODUCTION TO TROJAN
What is a Trojan?
A Trojan horse could be either:
a) Unauthorized instructions contained within a legitimate program. These instructions perform functions unknown to (and probably unwanted by) the user.
b) A legitimate program that has been altered by the placement of unauthorized instructions within it. These
instructions perform functions unknown to (and probably unwanted by) the user.
c) Any program that appears to perform a desirable and necessary function but that (because of unauthorized instructions within it) performs functions unknown to (and probably unwanted by) the user.
Under a restricted environment (a restricted Unix shell or a restricted Windows computer), malicious Trojans can't do much, since they are restricted in their actions. But on a home PC, Trojans can be lethal and quite destructive.
Remote Administration Trojans
These Trojans are the most popular Trojans now. Everyone wants to have them Trojan because they let you have access to your victim's hard drive, and also perform many functions on his computer (open and close his CD-ROM drive, put message boxes on his computer etc'), which will scare off most computer users and are also a hell lot of fun to run on your friends or enemies.
Modern RAT'S (remote administration Trojans) are very simple to use. They come packaged with two files - the server file and the client file (if you don't know which is which, look for a help file, a FAQ, a read me or instructions on the Trojan's homepage). Just fool someone into running the server file and get his IP and you have FULL control over his/her computer (some Trojans are limited by their functions, but more functions also mean larger server files. Some Trojans are for the attacker to use them to upload another Trojan to his target's computer and run it, hence they take very little disk space). You can also bind Trojans into other programs which appear to be legitimate.
How RATs work
Remote administration Trojans open a port on your computer and bind themselves to it (make the server file listen to incoming connections and data going through these ports). Then, once someone runs his client program and enters the victim's IP, the Trojan starts receiving commands from the attacker and runs them on the victim's computer.
Some Trojans let you change this port into any other port and also put a password so only the person that infect this specific computer will be able to use the Trojan. However, some of these password protections can be cracked due to bugs in the Trojan (people who program RATs usually don't have much knowledge in the field of programming), and in some cases the creator of the Trojan would also put a backdoor (which can be sometimes detected, under certain conditions) within the server file itself so he'll be able to access any computer running his Trojan without the need to enter a password. This is called "a backdoor within a backdoor".
Protecting Yourself Against Trojans
Under Unix
If you are working on your PC, DO NOT work as root! If you run a Trojan as root, you can endanger your entire system! The whole point in multi-users on a single-user system is limiting yourself in such cases (or in case you want to prevent yourself from doing anything stupid). Switch to root only when you NEED root, and when you know what you're running. Also, remember that even if you're working on a restricted environment, you still put the passwords and files you still have access to to risk. Also, if someone has a key logger on your system, and you type in some passwords (especially the root password), they will be logged!
Also, DO NOT download any files from untrusted sources (small websites, underground websites, Usenet newsgroups, IRC etc'), even if it comes in the form of source code.
Under Windows
Windows is a whole lot different in this aspect. Limiting yourself under Windows is quite an annoyance. It is almost impossible to work like that, in comparison to Unix.
Also, make sure you don't run any untrusted software. There are much more evil Windows Trojans for Windows than Unix, since people are more motivated to write Trojans for Unix (because of all the security Unix imposes). Also, when running on a restricted Windows environment, you cannot just act like you're so protected and all. Remember that people can still steal passwords owned by the restricted user, and also, some Trojans can break into administrator privileges and then compromise your entire system, since Windows imposes such lame security.
A Trojan horse could be either:
a) Unauthorized instructions contained within a legitimate program. These instructions perform functions unknown to (and probably unwanted by) the user.
b) A legitimate program that has been altered by the placement of unauthorized instructions within it. These
instructions perform functions unknown to (and probably unwanted by) the user.
c) Any program that appears to perform a desirable and necessary function but that (because of unauthorized instructions within it) performs functions unknown to (and probably unwanted by) the user.
Under a restricted environment (a restricted Unix shell or a restricted Windows computer), malicious Trojans can't do much, since they are restricted in their actions. But on a home PC, Trojans can be lethal and quite destructive.
Remote Administration Trojans
These Trojans are the most popular Trojans now. Everyone wants to have them Trojan because they let you have access to your victim's hard drive, and also perform many functions on his computer (open and close his CD-ROM drive, put message boxes on his computer etc'), which will scare off most computer users and are also a hell lot of fun to run on your friends or enemies.
Modern RAT'S (remote administration Trojans) are very simple to use. They come packaged with two files - the server file and the client file (if you don't know which is which, look for a help file, a FAQ, a read me or instructions on the Trojan's homepage). Just fool someone into running the server file and get his IP and you have FULL control over his/her computer (some Trojans are limited by their functions, but more functions also mean larger server files. Some Trojans are for the attacker to use them to upload another Trojan to his target's computer and run it, hence they take very little disk space). You can also bind Trojans into other programs which appear to be legitimate.
How RATs work
Remote administration Trojans open a port on your computer and bind themselves to it (make the server file listen to incoming connections and data going through these ports). Then, once someone runs his client program and enters the victim's IP, the Trojan starts receiving commands from the attacker and runs them on the victim's computer.
Some Trojans let you change this port into any other port and also put a password so only the person that infect this specific computer will be able to use the Trojan. However, some of these password protections can be cracked due to bugs in the Trojan (people who program RATs usually don't have much knowledge in the field of programming), and in some cases the creator of the Trojan would also put a backdoor (which can be sometimes detected, under certain conditions) within the server file itself so he'll be able to access any computer running his Trojan without the need to enter a password. This is called "a backdoor within a backdoor".
Protecting Yourself Against Trojans
Under Unix
If you are working on your PC, DO NOT work as root! If you run a Trojan as root, you can endanger your entire system! The whole point in multi-users on a single-user system is limiting yourself in such cases (or in case you want to prevent yourself from doing anything stupid). Switch to root only when you NEED root, and when you know what you're running. Also, remember that even if you're working on a restricted environment, you still put the passwords and files you still have access to to risk. Also, if someone has a key logger on your system, and you type in some passwords (especially the root password), they will be logged!
Also, DO NOT download any files from untrusted sources (small websites, underground websites, Usenet newsgroups, IRC etc'), even if it comes in the form of source code.
Under Windows
Windows is a whole lot different in this aspect. Limiting yourself under Windows is quite an annoyance. It is almost impossible to work like that, in comparison to Unix.
Also, make sure you don't run any untrusted software. There are much more evil Windows Trojans for Windows than Unix, since people are more motivated to write Trojans for Unix (because of all the security Unix imposes). Also, when running on a restricted Windows environment, you cannot just act like you're so protected and all. Remember that people can still steal passwords owned by the restricted user, and also, some Trojans can break into administrator privileges and then compromise your entire system, since Windows imposes such lame security.
Comments
Post a Comment