Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala. Trojan Horse. Agenda Introduction of Trojan Horse Objectives of Trojan Horse Types of Trojan Horses Trojan Horse Techniques
Implementation and Prevention
A Trojan Horse program is a unique form of computer attack that allows a remote user a means of gaining access to a victim's machine without their knowledge.
Trojan Horse initially appears to be harmless, but later proves to be extremely destructive.
Trojan Horse is not a Virus.
Trojan horses can exploit your system in various and creative ways including:
The EC Council groups Trojan horses into seven main types
Trojan.Gletta.A is a Trojan horse program that steals Internet banking passwords. It logs keystrokes of a victim computer when the user visits certain Web pages and then emails the log to the attacker.
1) Trojan.Gletta.A executable locates the System folder copies itself to the system folder and the Windows installation folder.
2) Creates %System%\Rsasec.dll, which is a key logger and %System%\rsacb.dll, which is actually a text file key logger file.
3) Adds a registry key value "wmiprvse.exe"="%system%\wmiprvse.exe" , to the registry key:
so that the Trojan runs when you start Windows.
4) On Windows NT/2000/XP, it adds the value:
"Run" = "%Windir%\userlogon.exe" to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Windows,
so that the Trojan runs when you start the operating systems.
The program watches for Internet Explorer windows that have any of the following titles:
or one of the following URLs:
5) It also captures all the keystrokes entered into any windows that match those listed above, and writes them into a log file.
6) Later it uses its own SMTP engine to send the log file to an external mail account of the intruder. The mail has the following characteristics: