SlideShare une entreprise Scribd logo

Introduction to trojans and backdoors

Télécharger en tant que DOCX, PDF
J
jibinmanjooran

df

Technologie
1  sur  6
Introduction to Trojans and Backdoors Updated: 13 Oct 2010 | 1 comment FarzadCERTIFIED +2 2 Votes Introduction Trojans and Backdoors are sorts of Bad-wares which their main purpose is to send and receive data and especially commands through a port to another system. This port can be even a well-known port such as 80 or an out of regular ports like 7777. The Trojans are most of the time defaced and shown as a legitimate and harmless application to encourage the user to execute them. The main characteristic of a Trojan is that first it should be executed by the user, second sends or receive data with another system which is the attacker’s system. Sometimes the Trojan is combined with another application. This application can be a flash card, flash game, a patch for OS, or even an antivirus. But actually the file is built of two applications which one of them is the harmless application, and the other one is the Trojan file. Technically defined, a Trojan horse is “a malicious and security-breaking program which is designed as something benign”. Such a program is designed to cause damage, data leakage, or make the victim a medium to attack another system. A Trojan will be executed with the same privilege level as the user who executes it; nevertheless the Trojan may exploit vulnerabilities and increase the privilege. An important point is that not only the connection can be online (so that the commands or data are transmitted immediately between the hacker and victim), but also the communication can be offline and performed using emails, HTTP URL transmits or as the like. Auto Start Methods
One of the actions usually Trojans perform is to make themselves Auto-Start to be executed each time the system reboots. Below are some registry keys Trojan Horses modify for this purpose: HKLMSoftwareMicrosoftWindowsCurrent VersionRun HKLMSoftwareMicrosoftWindowsCurrent VersionRunonce HKLMSoftwareMicrosoftWindowsCurrent VersionRunServices HKLMSoftwareMicrosoftWindowsCurrent VersionRunServicesOnce HKLUSoftwareMicrosoftWindowsCurrent VersionRun HKLUSoftwareMicrosoftWindowsCurrent VersionRunOnce Types of Trojans Remote Access Trojans This sort of Trojans provides full or partial access and control over the victim system. The server application will be sent to the victim and a client listens on the hacker’s system. After the server is started, it establishes the connection with the client through a predefined port. Most of the Trojans are of this kind.
Data Sending Trojans Using email or a backdoor, this type of Trojan send data such as password, cookies or key strokes to the hacker’s system. Destructive Trojans These Trojans are to make destructions such as deleting files, corrupting OS, or make the system crash. If the Trojan is not for fun, usually the purpose of such Trojans is to inactivate a security system like an antivirus or firewall. DDos Attack Trojans This Trojans make the victim a Zombie to listen for commands sent from a DDos Server in the internet. There will be numerous infected systems standby for a command from the server and when the server sends the command to all or a group of infected systems, since all the systems perform the command simultaneously, a huge amount of legitimate request flood to a target and make the service stop responding. Proxy Trojans In order to avoid leaving tracks on the target, a hacker may send the commands or access the resources via another system so that all the records will show the other system and not the hacker’s identities. This sort of Trojans are to make a system works as a medium for attacking another system and therefore the Trojan transfers all the commands sent to it to the primary target and does not harm the proxy victim. Security Software Disabler Trojan This kind of Trojan disables the security system for further attacks. For instance they inactivate the antivirus or make it malfunction or make the firewall stop functioning. How to find the Trojan activity The best method to find the Trojan is by monitoring the ports transmitting data on the network adapter. Note that as mentioned above there are Trojans which can transmit the commands and data via standard ports such as 80 or SMPT (email) which this method of inspection is not effective on them. The command nbtstat is a very powerful tool to check which ports are used to send and receive data. You can use this command with switch –an for a proper result:
netstat –an If you want to check if a particular port is being used by any application, you can add the findstr to the command: netstat –an | findstr 8080 Wireshark is another application which can show all the data transferred on the Network Interface Card and using it you can see what data are being transmitted out the system, and what is the listener of the port. Some Trojan Samples Tini This Trojan listens to port 7777 and provides shell access to the victim’s system for the hacker. ICMD This application provides shell access, but can accept password and preferred port. NetBuss This Trojan has a GUI for controlling the victim’s system. Rather than a serious attack it’s mostly used for fun. Netcat (Known as NC) A very famous Trojan with many options for different methods of command and data transfer. Proxy Server Trojan This Trojan makes the victim a proxy for attacking another system. VNC Although VNC is not a malicious application however since it is not detected by the Antivirus systems it can be used as a means of Trojan horse attack.
Remote By Mail This Trojan can send and receive commands and data using series of emails. Although compared to a shell session the commands are very limited, however due to the protocol it uses (SMTP) it can bypass and evade most of the firewall systems. HTTP Rat This Trojan sends and receives commands by exchanging series of URLs with a server. Since it uses the HTTP protocol, it is a very dangerous Trojan and can evade almost all the firewall systems. Shttp Trojan Same as HTTP Rat Wrappers Wrapper is an application which can concatenate two executable files and produce an application containing both. Most of the times, the Wrapper is used to attach a Trojan file to a small harmless application such as a flash card to deceive the targeted user and encourage him to execute it. Some Wrappers are able to make modifications on the Trojan horse such as compressing it or adding blanks to the end of it and hide it to be detected by the Antivirus’. Some Wrappers Samples Wrapper Convert Program One File EXE Maker Yet Another Builder (Known as YAB and is a very powerful and dangerous application) Defacing Applications Defacing application is a very simple and almost harmless application which can be used to change the icon of an executable file.
Whereas the icon of the Trojan is usually the default icon of the executable files, the hacker maybe change the Trojan’s icon and fake it as a harmless application or even another application such as a Microsoft Word document or a text file.

Recommandé

BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors Seminar
Chaitali Patel
 
Backdoor
BackdoorBackdoor
Backdoor
phanleson
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
Gaurav Dalvi
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoors
seth edmond
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoors
mridulahuja
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
Shrey Vyas
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detection
n|u - The Open Security Community
 
Seminar On Trojan Horse
Seminar On Trojan HorseSeminar On Trojan Horse
Seminar On Trojan Horse
Nikhil Chabukswar
 

Recommandé

BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors Seminar
Chaitali Patel
 
Backdoor
BackdoorBackdoor
Backdoor
phanleson
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
Gaurav Dalvi
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoors
seth edmond
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoors
mridulahuja
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
Shrey Vyas
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detection
n|u - The Open Security Community
 
Seminar On Trojan Horse
Seminar On Trojan HorseSeminar On Trojan Horse
Seminar On Trojan Horse
Nikhil Chabukswar
 
The Trojan Horse (Computing)
The Trojan Horse (Computing)The Trojan Horse (Computing)
The Trojan Horse (Computing)
Angel Sophie
 
Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking
IT Department Akre
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virus
sumitra22
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
Ankit Mistry
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virus
sitinursyafiqah
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmesh
Dharmesh Kumar Sharma
 
Presentation
PresentationPresentation
Presentation
Nishant Barot
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkit
Nikhil Pandit
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virus
Cassidy Lajangang
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & Keyloggers
Jithin James
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)
NamanKikani
 
Ethical Hacking4
Ethical Hacking4Ethical Hacking4
Ethical Hacking4
dodontn
 
Impact of ict on society virus
Impact of ict on society virus Impact of ict on society virus
Impact of ict on society virus
Ranjeta Muniandy
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
intertelinvestigations
 
Cyber Security Seminar Day 2
Cyber Security Seminar Day 2Cyber Security Seminar Day 2
Cyber Security Seminar Day 2
Apurv Singh Gautam
 
Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your Enemies
Softex Software House
 
Computer Security
Computer SecurityComputer Security
Computer Security
Satyajit Das
 
Trojan
TrojanTrojan
Trojan
belcy d mathews
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.
Anuj Khandelwal
 
It act seminar
It act seminarIt act seminar
It act seminar
Akshay Sharma
 
CRM, Technology and Fitness
CRM, Technology and FitnessCRM, Technology and Fitness
CRM, Technology and Fitness
The Concept Store
 
Malwares
MalwaresMalwares
Malwares
Abolfazl Naderi
 

Contenu connexe

Tendances

The Trojan Horse (Computing)
The Trojan Horse (Computing)The Trojan Horse (Computing)
The Trojan Horse (Computing)
Angel Sophie
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virus
sumitra22
 
Ethical Hacking4
Ethical Hacking4Ethical Hacking4
Ethical Hacking4
dodontn
 

Tendances (20)

The Trojan Horse (Computing)
The Trojan Horse (Computing)The Trojan Horse (Computing)
The Trojan Horse (Computing)
 
Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virus
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virus
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmesh
 
Presentation
PresentationPresentation
Presentation
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkit
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virus
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & Keyloggers
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)
 
Ethical Hacking4
Ethical Hacking4Ethical Hacking4
Ethical Hacking4
 
Impact of ict on society virus
Impact of ict on society virus Impact of ict on society virus
Impact of ict on society virus
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
 
Cyber Security Seminar Day 2
Cyber Security Seminar Day 2Cyber Security Seminar Day 2
Cyber Security Seminar Day 2
 
Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your Enemies
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Trojan
TrojanTrojan
Trojan
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.
 
It act seminar
It act seminarIt act seminar
It act seminar
 

En vedette

ISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDFISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDF
Ashley Faciane
 
Finding the back door to people’s hearts
Finding the back door to people’s heartsFinding the back door to people’s hearts
Finding the back door to people’s hearts
Third Column Ministries
 
How to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanHow to Backdoor Diffie-Hellman
How to Backdoor Diffie-Hellman
David Wong
 
Java Database Connectivity
Java Database ConnectivityJava Database Connectivity
Java Database Connectivity
backdoor
 

En vedette (20)

CRM, Technology and Fitness
CRM, Technology and FitnessCRM, Technology and Fitness
CRM, Technology and Fitness
 
Malwares
MalwaresMalwares
Malwares
 
ISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDFISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDF
 
File000145
File000145File000145
File000145
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoors
 
CyberLab CCEH Session - 6 Trojans and Backdoors
CyberLab CCEH Session - 6 Trojans and BackdoorsCyberLab CCEH Session - 6 Trojans and Backdoors
CyberLab CCEH Session - 6 Trojans and Backdoors
 
CEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and BackdoorsCEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and Backdoors
 
How would you find what you can't see?
How would you find what you can't see?How would you find what you can't see?
How would you find what you can't see?
 
Penetración con una Backdoor
Penetración con una BackdoorPenetración con una Backdoor
Penetración con una Backdoor
 
Finding the back door to people’s hearts
Finding the back door to people’s heartsFinding the back door to people’s hearts
Finding the back door to people’s hearts
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
 
Onapsis SAP Backdoors
Onapsis SAP BackdoorsOnapsis SAP Backdoors
Onapsis SAP Backdoors
 
How to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanHow to Backdoor Diffie-Hellman
How to Backdoor Diffie-Hellman
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer Jungle
 
KeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timeKeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long time
 
Cehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsCehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and Backdoors
 
Java Database Connectivity
Java Database ConnectivityJava Database Connectivity
Java Database Connectivity
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 

Similaire à Introduction to trojans and backdoors

maliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannyamaliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannya
SYYULIANISKOMMT
 

Similaire à Introduction to trojans and backdoors (20)

RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan Bansal
 
The trojan horse virus
The trojan horse virusThe trojan horse virus
The trojan horse virus
 
Trojan Backdoors
Trojan BackdoorsTrojan Backdoors
Trojan Backdoors
 
Case study
Case studyCase study
Case study
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Introduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinIntroduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam hussein
 
Software security
Software securitySoftware security
Software security
 
Trojan horse
Trojan horseTrojan horse
Trojan horse
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Information security
Information securityInformation security
Information security
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Security Software
Security SoftwareSecurity Software
Security Software
 
System_security.pptx
System_security.pptxSystem_security.pptx
System_security.pptx
 
virus
virus virus
virus
 
Trojan Virus.pptx
Trojan Virus.pptxTrojan Virus.pptx
Trojan Virus.pptx
 
Trojan and Virus,Trojan horse,virus,how to make and defend the virus
Trojan and Virus,Trojan horse,virus,how to make and defend the virusTrojan and Virus,Trojan horse,virus,how to make and defend the virus
Trojan and Virus,Trojan horse,virus,how to make and defend the virus
 
Atul trojan horse ppt 101
Atul trojan horse ppt 101Atul trojan horse ppt 101
Atul trojan horse ppt 101
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
Mitppt
MitpptMitppt
Mitppt
 
maliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannyamaliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannya
 

Dernier

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Dernier (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Introduction to trojans and backdoors

  • 1. Introduction to Trojans and Backdoors Updated: 13 Oct 2010 | 1 comment FarzadCERTIFIED +2 2 Votes Introduction Trojans and Backdoors are sorts of Bad-wares which their main purpose is to send and receive data and especially commands through a port to another system. This port can be even a well-known port such as 80 or an out of regular ports like 7777. The Trojans are most of the time defaced and shown as a legitimate and harmless application to encourage the user to execute them. The main characteristic of a Trojan is that first it should be executed by the user, second sends or receive data with another system which is the attacker’s system. Sometimes the Trojan is combined with another application. This application can be a flash card, flash game, a patch for OS, or even an antivirus. But actually the file is built of two applications which one of them is the harmless application, and the other one is the Trojan file. Technically defined, a Trojan horse is “a malicious and security-breaking program which is designed as something benign”. Such a program is designed to cause damage, data leakage, or make the victim a medium to attack another system. A Trojan will be executed with the same privilege level as the user who executes it; nevertheless the Trojan may exploit vulnerabilities and increase the privilege. An important point is that not only the connection can be online (so that the commands or data are transmitted immediately between the hacker and victim), but also the communication can be offline and performed using emails, HTTP URL transmits or as the like. Auto Start Methods
  • 2. One of the actions usually Trojans perform is to make themselves Auto-Start to be executed each time the system reboots. Below are some registry keys Trojan Horses modify for this purpose: HKLMSoftwareMicrosoftWindowsCurrent VersionRun HKLMSoftwareMicrosoftWindowsCurrent VersionRunonce HKLMSoftwareMicrosoftWindowsCurrent VersionRunServices HKLMSoftwareMicrosoftWindowsCurrent VersionRunServicesOnce HKLUSoftwareMicrosoftWindowsCurrent VersionRun HKLUSoftwareMicrosoftWindowsCurrent VersionRunOnce Types of Trojans Remote Access Trojans This sort of Trojans provides full or partial access and control over the victim system. The server application will be sent to the victim and a client listens on the hacker’s system. After the server is started, it establishes the connection with the client through a predefined port. Most of the Trojans are of this kind.
  • 3. Data Sending Trojans Using email or a backdoor, this type of Trojan send data such as password, cookies or key strokes to the hacker’s system. Destructive Trojans These Trojans are to make destructions such as deleting files, corrupting OS, or make the system crash. If the Trojan is not for fun, usually the purpose of such Trojans is to inactivate a security system like an antivirus or firewall. DDos Attack Trojans This Trojans make the victim a Zombie to listen for commands sent from a DDos Server in the internet. There will be numerous infected systems standby for a command from the server and when the server sends the command to all or a group of infected systems, since all the systems perform the command simultaneously, a huge amount of legitimate request flood to a target and make the service stop responding. Proxy Trojans In order to avoid leaving tracks on the target, a hacker may send the commands or access the resources via another system so that all the records will show the other system and not the hacker’s identities. This sort of Trojans are to make a system works as a medium for attacking another system and therefore the Trojan transfers all the commands sent to it to the primary target and does not harm the proxy victim. Security Software Disabler Trojan This kind of Trojan disables the security system for further attacks. For instance they inactivate the antivirus or make it malfunction or make the firewall stop functioning. How to find the Trojan activity The best method to find the Trojan is by monitoring the ports transmitting data on the network adapter. Note that as mentioned above there are Trojans which can transmit the commands and data via standard ports such as 80 or SMPT (email) which this method of inspection is not effective on them. The command nbtstat is a very powerful tool to check which ports are used to send and receive data. You can use this command with switch –an for a proper result:
  • 4. netstat –an If you want to check if a particular port is being used by any application, you can add the findstr to the command: netstat –an | findstr 8080 Wireshark is another application which can show all the data transferred on the Network Interface Card and using it you can see what data are being transmitted out the system, and what is the listener of the port. Some Trojan Samples Tini This Trojan listens to port 7777 and provides shell access to the victim’s system for the hacker. ICMD This application provides shell access, but can accept password and preferred port. NetBuss This Trojan has a GUI for controlling the victim’s system. Rather than a serious attack it’s mostly used for fun. Netcat (Known as NC) A very famous Trojan with many options for different methods of command and data transfer. Proxy Server Trojan This Trojan makes the victim a proxy for attacking another system. VNC Although VNC is not a malicious application however since it is not detected by the Antivirus systems it can be used as a means of Trojan horse attack.
  • 5. Remote By Mail This Trojan can send and receive commands and data using series of emails. Although compared to a shell session the commands are very limited, however due to the protocol it uses (SMTP) it can bypass and evade most of the firewall systems. HTTP Rat This Trojan sends and receives commands by exchanging series of URLs with a server. Since it uses the HTTP protocol, it is a very dangerous Trojan and can evade almost all the firewall systems. Shttp Trojan Same as HTTP Rat Wrappers Wrapper is an application which can concatenate two executable files and produce an application containing both. Most of the times, the Wrapper is used to attach a Trojan file to a small harmless application such as a flash card to deceive the targeted user and encourage him to execute it. Some Wrappers are able to make modifications on the Trojan horse such as compressing it or adding blanks to the end of it and hide it to be detected by the Antivirus’. Some Wrappers Samples Wrapper Convert Program One File EXE Maker Yet Another Builder (Known as YAB and is a very powerful and dangerous application) Defacing Applications Defacing application is a very simple and almost harmless application which can be used to change the icon of an executable file.
  • 6. Whereas the icon of the Trojan is usually the default icon of the executable files, the hacker maybe change the Trojan’s icon and fake it as a harmless application or even another application such as a Microsoft Word document or a text file.