trojan horses and other malicious codes
Skip this Video
Download Presentation
"Trojan Horses and Other Malicious Codes"

Loading in 2 Seconds...

play fullscreen
1 / 42

"Trojan Horses and Other Malicious Codes" - PowerPoint PPT Presentation

  • Uploaded on

"Trojan Horses and Other Malicious Codes". by Song Chung and Adrianna Leszczynska. Examples of Malicious Codes. Trojan Horses Viruses Worms Logic Bombs - Time Bombs. What are Trojan horses ?.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '"Trojan Horses and Other Malicious Codes"' - ajaxe

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
trojan horses and other malicious codes

"Trojan Horses and Other Malicious Codes"

by Song Chung and Adrianna Leszczynska

examples of malicious codes
Examples of Malicious Codes
  • Trojan Horses
  • Viruses
  • Worms
  • Logic Bombs - Time Bombs
what are trojan horses
What are Trojan horses ?
  • Trojan Horses are a relatively new and probably the most dangerous strain of viruses that have appeared in recent times
  • They also threaten to overwhelm systems that only run anti-virus applications and firewalls as a means of combating the threat
trojan horse history brief
Trojan Horse History Brief
  • The name "Trojan Horse" derives itself from a page in Greek history when the Greeks had lain siege to the fortified city of Troy for over ten years. Their spy, a Greek called Sinon offered the Trojans a gift in the form of a wooden horse and convinced them that by accepting it, they would become invincible.
history brief cont
History Brief (cont.)
  • The horse though was hollow and was occupied by a contingent of Greek soldiers. When they emerged in the dead of night and opened the city gates, the Greeks swarmed in, slaughtered its citizens and subsequently pillaged, burned and laid waste to the city
in it environment
In IT Environment
  • Trojan Horse acts as a means of entering the victim’s computer undetected and then allowing a remote user unrestricted access to any data stored on the user's hard disk drive whenever he or she goes online
  • In this way, the user gets burned and like the unfortunate citizens of Troy, may only discover that fact when it is too late.
examples of trojan horses
Examples of Trojan Horses
  • “Picture.exe”
  • “RIDBO”
  • “FIX2001“
  • “AOL4FREE“
origin of trojan horses
Origin of Trojan horses
  • These types of viruses were originally designed as a means of self expression by gifted programmers and did little more than to cause the system to lock up, behave abnormally in a specific way or perhaps cause loss of data on the user’s machine
objectives of the horse
Objectives of the Horse
  • allow a remote user a means gaining access to a victim's machine without their knowledge
  • Allows the intruder can do anything with the machine that the user can do
  • browse the user's hard drive in order to determine if there is anything of value stored on it
objectives cont
Objectives ( cont.)
  • things of value are such as valuable research papers, credit card details or passwords to restricted web sites
  • If anything of value is found, then the intruder can copy the data to his own hard drive in exactly the same way that the user can copy a file to a floppy disk
  • cause havoc to the system by deleting (system) files, erasing valuable data or ultimately destroying the hard drive
can passwords provide protection
Can Passwords Provide Protection?
  • Passwords offer no protection at all because today's Trojans are capable of recording the victim’s keystrokes and then transmitting the information back to the intruder
  • Those passwords can subsequently be deciphered by the Trojan and even changed in order to prevent the user getting access to his own files!
how does a trojan affect your computer
How does a Trojan Affect Your Computer?
  • In order to gain access to a user’s computer, the victim has to be induced to install the Trojan himself
  • The usual method is to offer a seemingly useful system enhancement or perhaps a free game that has the Trojan attached to it
  • By installing it, the user also installs the Trojan
common sources
Common Sources
  • Executing any files from suspicious or unknown sources
  • Opening an email attachment from an unknown source
  • Allowing a "friend" access to your computer while you are away
  • By executing files received from any online activity client such as ICQ
main parts of a trojan
Main Parts of a Trojan
  • Virtually every Trojan virus is comprised of two main parts:
    • the "server"
    • the "client”

It is the server part that infects a user’s system

what problems can trojans cause
What Problems can Trojans Cause?
  • The server part is the part of the program that infects a victim's computer
  • The client part is the one that allows a hacker to manipulate data on the infected machine
  • Let's suppose that you have already been infected. How do intruders attack and get a full control of your computer?
problems cont
Problems (cont.)
  • Intruders scan the Internet for an infected user (technically speaking, an attacker sends request packets to all users of a specific Internet provider) using the client part of the virus
  • Once an infected computer has been found (the server part of the virus that is located on infected machine replies to client part's request)
  • the attacker connects to that user's computer and creates a "link" between the two just like the one in an ordinary telephone conversation
problems cont1
Problems (cont.)
  • Once that has happened (this procedure may only take a few seconds), the intruder will be able to get unrestricted access to the user's computer and can do anything he likes with it
  • The intruder becomes the master and the user the slave because short of disconnecting from the Internet, the user is helpless and has no means at his disposal to ward off an attack
  • Intruders can monitor, administer and perform any action on your machine just as if they were sitting right in front of it
analogy of a trojan horse
Analogy of a Trojan Horse
  • A Trojan Horse works a bit like the backdoor to your house. If you leave it unlocked, anybody can come in and take whatever they want while you're not looking
  • The main difference with a backdoor installed on your computer is that anybody can come in and steal your data, delete your files or format your hard drive even if you are looking
  • There are no visible outward signs that anything untoward is happening other than perhaps unusual hard disk activity for no apparent reason
how do you protect yourself from a trojan horse
How do you protect yourself from a Trojan Horse ?
  • You can try manual deletion, however, they are both time-consuming and monotonous. In addition, the user can never be absolutely certain that he has covered every option.
  • Even if he is successful in removing the Trojan from his system, he may unwittingly reinstall it with the very next command he enters
how to protect cont
How to Protect? (cont. )
  • There’s many trojan horse protection programs available for download which perform various tasks
  • An example of an program is Tauscan, it is a universal Trojan Horse scanner that detects and removes practically every type of Trojan virus that may have infected your system
  • Another example is Jammer, it is a network analyser designed primarily to warn you if your system is under attack, but it also has a secondary feature. That is to remove all known versions of Back Orifice and Netbus from your system if detected
other forms of malicious codes
Other Forms of Malicious Codes
  • Viruses
  • Worms
  • Logic Bombs
  • Time Bombs
what is a virus
What is a virus?
  • A virus is a type of malicious code that will attach itself to a file and then replicate in order to spread to other files.
  • A virus is usually attached to an executable file so that it will spread rapidly.
  • Viruses are restricted to personal computers.
characteristics of a virus
Characteristics of a virus
  • replication
  • requires a host program
  • activated by an external action
  • replication limited to one system
virus history
Virus History
  • Viruses are increasing at a fast rate
  • 1986 – 1 known virus
  • 1989 – 6 known viruses
  • 1990 – 80 known viruses
  • Today – between 10-15 new viruses discovered every day.
  • Between 1998 and 1999 total virus count increased from 20,500 to 42,000.
virus examples
Virus Examples

- spread via email with an attachment

WTC.EXE. Email includes Subject: Fwd:Peace

BeTweeN AmeriCa And IsLaM !" and asks to

vote about the war issue by opening the

WTC.EXE attachment.

  • “W97/Prilissa”

- 10 Fortune 500 companies on three continents

have been hit with this virus

A worm is a program that replicates itself and causes execution of new copies of itself.

A worm enters an Internet host computer and mails itself to other hosts.

The purpose of a worm attack is to fill storage space and slow down operations

characteristics of worms
Characteristics of Worms
  • replication
  • must be self-contained; does not require a host
  • needs a multi-tasking system
examples of worms
Examples of worms
  • “I Love You”

– aka LoveLetter or LoveBug, sends itself to

everyone in the Microsoft Outlook address

  • “W32/Navidad”

- spread using Outlook email. Usually sent from

a familiar source, including an attachment

NAVIDAD.EXE. The virus affects the system

tray and will attach itself to other messages.

i love you worm
“I Love You” Worm

1. Open email attachment “LOVE-LETTER-FOR-YOU.TXT.VBS”

2. The virus scans for certain files, replaces the content of these files with virus code,

and adds extention .vbs to the end of files.

3. Virus sends itself to everyone in the Outlook address book

4. Infected files cannot be retrieved and must be restored by a backup copy.

difference between worms and viruses
Difference Between Worms and Viruses
  • A worm is similar to a virus but does not need to attach itself to an executable file to replicate itself.
  • Also, unlike a virus, it attacks only multi-user systems.
logic bomb
Logic bombs are malicious codes that cause some destructive activity when a specified condition is met

Unlike viruses, logic bombs do their damage right away, then stop.

Logic Bomb
what can trigger a logic bomb
What can trigger a logic bomb?
  • The trigger can be a specific date
  • Number of times the program is executed
  • A random number
  • Or a predefined event such as a deletion of a certain record.
damage by logic bombs
Damage by Logic Bombs
  • The damage done by logic bombs can range from changing a random byte of data somewhere on the disk to making the entire disk unreadable.
time bomb
A time bomb is a logic bomb but unlike a logic bomb it may exist in the system for weeks or even months before it is detected.

The damage is not caused, until a specified date or until the system has been booted a certain number of times.

Time Bomb
examples of time bombs
Examples of Time Bombs
  • "Friday the 13th"

- 1980s, it duplicated itself every Friday the 13th, caused system slowdown and corrupted all available disks

  • “Michelangelo “

- 1990s, tried to damage hard disk directories

  • “Win32.Kriz.3862”

- written in 1999, damage included overwriting of data on all data storage units

virus preventions tactics
Virus Preventions Tactics
  • Install a virus scanner
    • Update it often
    • Program it to run automatically
    • Examples of virus scanners include:
      • VirusScan
      • AntiVirus
      • F-Prot
virus preventions tactics cont
Virus Preventions Tactics Cont.
  • Do not run unknown programs from the Internet
  • Don’t open unknown mail attachments
    • If an unknown mail attachment is received delete it immediately
virus symptoms
Virus Symptoms
  • Virus scanner detects a virus
  • Programs stop working as expected
  • Computer crashes more frequently
  • Unknown files appear
  • Disk space gets smaller for no reason
what if a virus is detected
What if a virus is detected?
  • On a network system:

- contact the network administrator

  • On a personal computer:

- Use the disinfect function of the virus

detection software, so it can try to

restore the program to it’s original state

- Erase the infected program and reinstall from

the original disk after virus scan confirms that

no viruses have been found

  • 5 types of malicious codes:

- Trojan Horses

- Viruses

- Worm

- Logic–Time Bombs

Destructive codes hidden inside other programs

Both replicate and attach themselves to files, but unlike viruses, worms attack multi-user systems

Set-off when a specified condition is met