it act seminar
TRANSCRIPT
IT Seminar
PPT
Akshay Sharma
INDEX
INTRODUCTIONWHAT IS TROJAN HORSEWHAT ARE THEIR FUNCTIONSHOW TROJAN WORKSMOST COMMON TROJANSMODES OF TRANSMISSIONGET A TROJANCONCLUSION
INTRODUCTION
Trojan Horses pose one of the most significant threats to the Windows OS, thus exposing sensitive information to malicious attackers, as well as providing them with full access to the computer, which often results in further illegal activities done via the infected computer.
WHAT IS A TROJAN HORSE?Basically a Trojan horse can be defined as:
An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user. A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user. Any program that appears to perform a desirable and necessary function but (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.
The trojan has borrowed it's name from the old mythical story about how the Greeks gave their enemy a huge wooden horse as a gift, but after the enemy accepted it, during the night the Greek soldiers crept out of the horse and conquered the city.
WHAT ARE THEIR FUNCTIONS? Hide/show the Start button.
Enable/Disable keyboard.
Restart windows.
Open/Close the CD-ROM tray.
Turn monitor on/off.
File manager: This function acts as an explorer for the attacker while browsing through your system.
Retrieve passwords: This function will provide the attacker with the recorded passwords on your computer.
KeyLogger: Logs all of the keys you've pressed, could be achieved in offline/online mode.
HOW TROJANS WORK? Trojans work similar to the client-server model. Trojans come in two parts, a Client part and a Server part. The attacker deploys the Client to connect to the Server, which runs on the remote machine when the remote user (unknowingly) executes the Trojan on the machine. The typical protocol used by most Trojans is the TCP/IP protocol, but some functions of the Trojans may make use of the UDP protocol as well.When the Server is activated on the remote computer, it will usually try to remain in a stealth mode, or hidden on the computer. This is configurable - for example in the Back Orifice Trojan, the server can be configured to remain in stealth mode and hide its process. Once activated, the server starts listening on default or configured ports for incoming connections from the attacker. It is usual for Trojans to also modify the registry and/or use some other auto starting method.
MOST COMMON TROJANSRemote Access TrojansPassword Sending TrojansKeyloggersDestructiveProxy/Wingate TrojansFTP TrojansSoftware Detection Killers
REMOTE ACCESS TROJAN
These are the Trojans usually seen referred to in the media and hence gain high visibility because of their ability to give the attackers the power to do more things on the victim's machine than the victim itself, while standing in front of the machine.
A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer.
RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment.
Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.
Because a RAT enables administrative control, it makes it possible for the intruder to do just about anything on the targeted computer, including: Monitoring user behavior through keyloggers or other spyware.Accessing confidential information, such as credit card and social security numbers.Activating a system's webcam and recording video.Taking screenshots.Distributing viruses and other malware.Formatting drives.Deleting, downloading or altering files and file
systems.
Password Sending Trojan
These Trojans are directed towards extracting all the cached passwords and also capture other passwords entered by the victim and email them across to an attacker specified mail address, without the victim realizing it. The password harvest may include passwords for ICQ, IRC, FTP, HTTP or any other application that require a user to enter a login and password. Most of them do not restart when Windows is loaded, as the objective is to gather as much info about the victim's machine as passwords, mIRC logs, ICQ conversations and mail them to the attacker.
A PASSWORD STEALING TROJAN IS USUALLY A STANDALONE APPLICATION THAT INSTALLS ITSELF TO SYSTEM AND SOMETIMES DROPS A KEYLOGGING COMPONENT. SUCH TROJAN STAYS ACTIVE IN WINDOWS MEMORY AND STARTS KEYLOGGING (RECORDING KEYSTROKES) WHEN A USER IS ASKED TO INPUT A LOGIN AND A PASSWORD. THEN A TROJAN STORES THE RECORDED KEYSTROKES DATA FOR LATER SUBMISSION OR SENDS THIS DATA TO A HACKER IMMEDIATELY. IN MANY CASES SUCH TROJANS ALSO SEND INFORMATION ABOUT USER'S COMPUTER IP, RAS (REMOTE ACCESS SERVER), AND NETWORK CONFIGURATION. A HACKER WHO GETS THIS INFO IS CAPABLE OF MISUSING OTHER PERSON'S INTERNET ACCOUNT AND IN SOME CASES HACK INTO USER'S NETWORK. STOLEN LOGINS AND PASSWORDS CAN ALLOW A HACKER TO READ USER'S E-MAIL ON PUBLIC AND CORPORATE MAIL SERVERS.
KEYLOGGERS
The only function of these Trojans is to destroy and delete files. They can deliberately delete core system files (for example: .dll, .ini or .exe files, possibly others) on the target machine.
These Trojans log the keystrokes of the victim and then let the attacker search for passwords or other sensitive data in the log file. They usually come with two functions such as online and offline recording. As with the previous group, these Trojans can be configured to send the log file to a specific e-mail address on a regular basis.
Destructive
A DESTRUCTIVE TROJAN IS A VIRUS DESIGNED TO DESTROY OR DELETE FILES. DESTRUCTIVE TROJANS HAVE MORE TYPICAL VIRUS CHARACTERISTICS THAN OTHER TYPES OF TROJANS BUT DO NOT ALWAYS RESULT IN DATA THEFT.
DESTRUCTIVE TROJANS MAY NOT BE DETECTED BY ANTIVIRUS SOFTWARE. ONCE A DESTRUCTIVE TROJAN INFECTS A COMPUTER SYSTEM, IT RANDOMLY DELETES FILES, FOLDERS, AND REGISTRY ENTRIES, OFTEN RESULTING IN OS FAILURES.
A DESTRUCTIVE TROJAN IS USUALLY IN PROGRAM FORM OR MANIPULATED TO STRIKE LIKE A LOGIC BOMB PROGRAMMED AND SPECIFIED BY THE ATTACKER.
PROXY/WINGATE TROJANS
These Trojans open port 21(the port for FTP transfers) and lets anybody or just the attacker connect to the machine. They may be password protected so only the attacker is able connect to the computer.
Underground sites are known to announce freely available proxy servers. These Trojans turn the victim's computer into a proxy/Wingate server available to the whole world or to the attacker only. It is used for anonymous Telnet, ICQ, IRC, etc., and also to register domains with stolen credit cards and for other illegal activities. This gives the attacker complete anonymity and the chance to do everything and point the trail to the victim.
FTP Trojans
SOFTWARE DETECTION KILLERS
There are such functionalities built into some Trojans, but there are also separate programs that will kill Zone Alarm, Norton Anti-Virus and many other (popular anti-virus/firewall) programs, that protect the target machine. When they are disabled, the attacker has full access to the machine to perform some illegal activity or use the computer to attack others and often disappear.
MODES OF TRANSMISSION
ICQ IRC Attachments Physical Access Browser And E-mail Software BugsNETBIOS(FILE SHARING)Fake ProgramsUn-trusted Sites And Freeware Software
ICQ
Here also, the threat comes from exchange of files no matter what they claim to be or where they come from. It is possible that some of these are infected files or disguised files.
People can also get infected while chatting / talking / video messaging over ICQ or any other Instant Messenger Application. It is a risk that the user undertakes when it comes to receiving files no matter from whom or where it comes.
IRC
ATTACHMENTS
Physical access to a target machine is perhaps the easiest way for an attacker to infect a machine. The motive may be a prank or just plain curiosity.
Physical Access
Any attachment, even if it is from a known source should be screened as it is possible that the source was infected earlier and is not aware of it.
BROWSER AND E-MAIL SOFTWARE BUGS
If port 139 is opened, the attacker can install trojan .exe and modify some system file, so that it will run the next time the system is rebooted. To block file sharing in Windows version, go to: Start->Settings->Control Panel->Network->File and Print Sharing and uncheck the boxes there.
Having outdated applications can expose the system to malicious programs such as Trojans without any other action on behalf of the attacker.
NetBIOS (File Sharing)
GET A TROJAN
LINK:-
http://www.sourcecodester.com/visual-basic/trojan-subseven-alike.html
From the above link download the server & client.exe files install the server file on your computer & send the client file to the IP address whom you want to hack or you want remote access on the computer.
CONCLUSION
VIRUSES ARE NOT ONLY USED FOR HACKING OR FOR CRASHING HARD-DISK OR FOR DISTURBING OTHERS THEY ARE ALSO USED FOR REMOTE ACCESING A COMPUTER DURING SOFTWARE TROUBLE SHOOTING OR FOR CHECKING LISCENCE SOFTWARE AS EXAMPLE-WINDOWS GENUINE TEST PERFORMED BY MICROSOFT FOR TESTING LISCENCED OPERATING SYSTEM .
SOMETIMES TROJAN SOFTWARE IS ALSO USED FOR KNOWING PASSWORDS OF YOUR COMPUTER OR FOR E-MAIL ID PASSWORDS OR FOR CREDIT CARDS NUMBERS AND THEIR PASSWORD .SO, BECARE FULL BEFORE SAVING PICTURES OR DATA SEND BY OTHERS.
THANK YOU