Trojan Horse
This presentation is the property of its rightful owner.
Sponsored Links
1 / 13

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala PowerPoint PPT Presentation


  • 121 Views
  • Uploaded on
  • Presentation posted in: General

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala. Trojan Horse. Agenda Introduction of Trojan Horse Objectives of Trojan Horse Types of Trojan Horses Trojan Horse Techniques

Download Presentation

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Trojan horse implementation and prevention by pallavi dharmadhikari sirisha bollineni vijayalakshmi jot

Trojan Horse

Implementation and Prevention

By

Pallavi Dharmadhikari

Sirisha Bollineni

VijayaLakshmi Jothiram

Vasanthi Madala


Trojan horse

Trojan Horse

  • Agenda

    • Introduction of Trojan Horse

    • Objectives of Trojan Horse

    • Types of Trojan Horses

    • Trojan Horse Techniques

    • Implementation with an example

    • Prevention Methods

    • Q&A


Trojan horse introduction

Trojan Horse : Introduction

A Trojan Horse program is a unique form of computer attack that allows a remote user a means of gaining access to a victim's machine without their knowledge.

Trojan Horse initially appears to be harmless, but later proves to be extremely destructive.

Trojan Horse is not a Virus.


Objectives of trojan horse programs

Objectives of Trojan Horse Programs

Trojan horses can exploit your system in various and creative ways including:

  • Creating a "backdoor" that allows remote access to control your machine

  • Recording keystrokes to steal credit card or password information

  • Commandeering your system to distribute malware or spam to other computers

  • Spying on your activities by sending screenshots of your monitor to a remote location

  • Uploading or downloading files

  • Erasing or overwriting data


Types of trojan horses

Types of Trojan Horses

The EC Council groups Trojan horses into seven main types

  • Remote Access Trojans

    • Subseven

  • Data Sending Trojans

    • Eblaster

  • Destructive Trojans

    • Hard Disk Killer

  • Proxy Trojans

    • Troj/Proxy-GG

  • FTP Trojans

    • Trojan.Win32.FTP Attack

  • security software disabler Trojans

    • Trojan.Win32.Disabler.b

  • denial-of-service attack (DoS) Trojans

    • PC Cyborg Trojan


Trojan horse techniques

Trojan Horse Techniques

  • Alter name of malicious code on system.

  • Create a file name to obscure the file's type.

    • just_text.txt.exe

  • abcd.shs where by default the shs file will not be displayed in the system"


Trojan horse techniques1

Trojan Horse Techniques

  • Create another file and process with same name eg. UNIX init process.

  • Combine malicious code with an innocuous program


Implementation of a trojan horse program

Implementation of a Trojan Horse Program

Trojan.Gletta.A is a Trojan horse program that steals Internet banking passwords. It logs keystrokes of a victim computer when the user visits certain Web pages and then emails the log to the attacker.

1) Trojan.Gletta.A executable locates the System folder copies itself to the system folder and the Windows installation folder.

  • %System%\Wmiprvse.exe

  • %System%\Ntsvc.exe

  • %Windir%\Userlogon.exe

    2) Creates %System%\Rsasec.dll, which is a key logger and %System%\rsacb.dll, which is actually a text file key logger file.

    3) Adds a registry key value "wmiprvse.exe"="%system%\wmiprvse.exe" , to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run,

    so that the Trojan runs when you start Windows.


Implementation of a trojan horse program1

Implementation of a Trojan Horse Program

4) On Windows NT/2000/XP, it adds the value:

"Run" = "%Windir%\userlogon.exe" to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Windows,

so that the Trojan runs when you start the operating systems.

The program watches for Internet Explorer windows that have any of the following titles:

  • National Internet Banking

  • Welcome to Citibank

  • Bank of China

  • HSBC in Hong Kong

    or one of the following URLs:

  • https:/ /olb.westpac.com.au/ib/asp/

  • https:/ /olb.westpac.com.au/ib/

    5) It also captures all the keystrokes entered into any windows that match those listed above, and writes them into a log file.

    6) Later it uses its own SMTP engine to send the log file to an external mail account of the intruder. The mail has the following characteristics:

  • Both the FROM and TO addresses have the domain "mail.ru"

  • The subject starts with "Business News from"


  • Prevention of trojan horse programs

    Prevention of Trojan Horse Programs

    • Install latest security patches for the operating system.

    • Install Anti-Trojan software.

      • Trojan Hunter

      • A- Squared

    • Install anti-virus software and update it regularly

    • Install a secure firewall

    • Do not give strangers access (remote as well as physical) to your computer.

    • Do not run any unknown or suspicious executable program just to "check it out".

    • Scan all email attachments with an antivirus program before opening it.


    Prevention of trojan horse programs1

    Prevention of Trojan Horse Programs

    • Do regular backup of your system.

    • Do not use the features in programs that can automatically get or preview files.

    • Do not type commands that others tell you to type, or go to web addresses mentioned by strangers.

    • Never open instant message (IM) attachments from unknown people.

    • Do not use peer-to-peer or P2P sharing networks, such as Kazaa, Limewire, Gnutella, etc. as they do not filter out malicious programs hidden in shared files.

    • Educate your coworkers, employees, and family members about the effects of Trojan Horse.

    • Finally, protection from Trojans involves simple common sense


    References

    References

    • [1] Trojan horse, http://www.webopedia.com/TERM/R/Remote_Access_Trojan.html

    • [2] The corporate threat posed by email Trojans, http://www.gfi.com/whitepapers/network-protection-against-trojans.pdf

    • [3] Trojan.Gletta.A, June 09, 2004 http://www.sarc.com/avcenter/venc/data/trojan.gletta.a.html

    • [4] What You Click May Not Always Be What You Get!, Robert B. Fried,

      http://www.crime-scene-investigator.net/TrojanHorse.pdf

    • [5] Trojan Programs, http://www.viruslist.com/en/virusesdescribed?chapter=152540521

    • [6]. Lo, Joseph, "Trojan Horse or Virus?", Feb 5, 2006

      http://www.irchelp.org/irchelp/security/trojanterms.html

    • [7]. Delio, Michelle, "Viruses? Feh! Fear the Trojan". May 24, 2001.

      http://www.wired.com/news/infostructure/0,1377,43981,00.html

    • [8] Trojan horse, http://www.cybertraveler.org/trojan_horse.html

    • [9]Microsoft CRM Implementation Guide - Planning the Security of your Microsoft CRM System,

      http://www.microsoft.com/technet/prodtechnol/mscrm/mscrm1/plan/13_secur.mspx

    • [10] Trojan horse, http://en.wikipedia.org/wiki/Trojan_horse_(computing)

    • [11] Safari Online, ProQuest Information and Learning, http://proquest.safaribooksonline.com.


    Trojan horse implementation and prevention by pallavi dharmadhikari sirisha bollineni vijayalakshmi jot

    Q & A?


  • Login