Professional Documents
Culture Documents
Complete Details About The Trojon Horse
Complete Details About The Trojon Horse
What is a Trojan ?
"A Trojan Horse, or Trojan, is a term used to describe malware that appears, to the user, to
perform a desirable function but, in fact, facilitates unauthorized access to the user's computer
system". - Wikipedia
"A Trojan horse is an apparently useful program containing hidden functions that can exploit the
privileges of the user [running the program], with a resulting security threat.". - CERT Advisory
Types of Trojan :-
The different types of Trojan Horses are as follows-
3) Destructive Trojans :- Once this Trojan is installed on your computer, it will begin to
systematically or completely randomly delete information from your computer. This can include
files, folders, registry entries, and important system files, which likely to cause the failure of your
operating system.
4) Proxy Trojans :- A type of Trojan horse designed to use the victim's computer as a proxy
server. This gives the attacker the opportunity to conduct illegal activities, or even to use your
system to launch malicious attacks against other networks.
5) FTP Trojans :- A type of Trojan horse designed to open port 21 (FTP) and acts like an FTP
server. Once installed, the attacker not only could download/upload files/programs to victim's
computer but also install futher malware on your computer.
6) Security Software Disabler Trojan :- A type of Trojan horse designed stop or kill security
programs such as an antivirus program or firewall without the user knowing. This Trojan type is
normally combined with another type of Trojan as a payload.
7) DoS Attack Trojans :- These trojans are used by the attacker to launch a DoS/DDoS attack
against some website or network or any individual. In this case they are well known as "Zombies".
It is necessary for the attacker to know the victim’s IP address to connect to his/her machine.
Many Trojans include the ability to mail the victim’s IP and/or message the attacker via ICQ or
IRC. This system is used when the victim has a dynamic IP, that is, every time he connects to the
Internet, he is assigned a different IP (most dial-up users have this). ADSL users have static IPs,
meaning that in this case, the infected IP is always known to the attacker; this makes it
considerably easier for an attacker to connect to your machine.
Most Trojans use an auto-starting method that allows them to restart and grant an attacker
access to your machine even when you shut down your computer.
Software Downloads
Websites containing executable content (ActiveX control)
Email Attachments
Application Exploits (Flaws in a web applications)
Social Engineering Attacks
The Removal :-
Antivirus software is designed to detect and delete Trojan horses ideally preventing them from
ever being install
1) NetBus :-
Latest Version: NetBus 2.10 Pro
Developer: Carl-Fredrik Neikter
Default Port: 20034 (variable)
Language: Delphi
Operating System: Windows 95/98, NT4 or
later
Type: Remote Access
Download: NB2ProBeta.zip
2) Back Orifice XP :-
Latest Version: BOXP Beta 7
Developer: Javier Aroche
Default Port: 15380
Language: Microsoft Visual C++ 6.0
Operating System: Windows 95/98/ME/NT/2000/XP
Type: Remote Access
Download: boxp_beta7_bin.zip
3) SubSeven / Sub7 :-
Latest Version: SubSeven 2.2
Developer: Mobman
Default Port: 1080, 1369, 5873, 27374
(variable)
Language: Delphi
Operating System: Windows
95/98/ME/NT/2000
Type: Remote Access, Keylogger, Eavesdropper, Sniffer, Proxy server, FTP server
Download: Subseven.2.2.zip
4) Beast :-
Latest Version: Beast 2.07
Developer: Tataye
Default Port: 6666
Language: Delphi
Operating System: Windows
95/98/ME/NT/2000/XP
Type: Remote Access,
Keylogger
Download:
Beast_2.07.rar