Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 58 views

    What Is A Trojan?: Overt Channel

    Uploaded by

    nitin_manj
    A Trojan is a malicious program that masquerades as a legitimate program to gain access to a system. It can use infected machines for botnets, install software to upload/download files, modify or delete files, log keystrokes to monitor users, and waste storage space or crash systems. Trojans infect systems through email attachments, internet downloads, physical access, or software vulnerabilities and use techniques like reverse connections and binders/wrappers to avoid detection. Symptoms of infection include unexpected CD/DVD/printer activity, screen/setting changes, and connections to suspicious ports or IP addresses.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    What Is A Trojan?: Overt Channel

    Uploaded by

    nitin_manj
    58 views5 pages
    A Trojan is a malicious program that masquerades as a legitimate program to gain access to a system. It can use infected machines for botnets, install software to upload/download files, modify or delete files, log keystrokes to monitor users, and waste storage space or crash systems. Trojans infect systems through email attachments, internet downloads, physical access, or software vulnerabilities and use techniques like reverse connections and binders/wrappers to avoid detection. Symptoms of infection include unexpected CD/DVD/printer activity, screen/setting changes, and connections to suspicious ports or IP addresses.

    Original Title

    Network Security

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    A Trojan is a malicious program that masquerades as a legitimate program to gain access to a system. It can use infected machines for botnets, install software to upload/download files, modify or delete files, log keystrokes to monitor users, and waste storage space or crash systems. Trojans infect systems through email attachments, internet downloads, physical access, or software vulnerabilities and use techniques like reverse connections and binders/wrappers to avoid detection. Symptoms of infection include unexpected CD/DVD/printer activity, screen/setting changes, and connections to suspicious ports or IP addresses.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    58 views5 pages

    What Is A Trojan?: Overt Channel

    Uploaded by

    nitin_manj
    A Trojan is a malicious program that masquerades as a legitimate program to gain access to a system. It can use infected machines for botnets, install software to upload/download files, modify or delete files, log keystrokes to monitor users, and waste storage space or crash systems. Trojans infect systems through email attachments, internet downloads, physical access, or software vulnerabilities and use techniques like reverse connections and binders/wrappers to avoid detection. Symptoms of infection include unexpected CD/DVD/printer activity, screen/setting changes, and connections to suspicious ports or IP addresses.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 5

    What is a Trojan?

    A Trojan is a program that pretends to be legitimate program, while It is malicious in nature


    and is infecting the system in background and provides access of that system to the
    Attacker.

    Objectives Of Trojans:
    There can be different type of objective:

    Using the Trojaned machine as part of a Botnet to stage another attack like DDOS
    etc.

    Trojans can install Softwares so that they can upload or download files and data
    directly from your computer.

    Trojans can modify or delete your files.

    Trojans also supports Keystroke logging and they can monitor people without their
    knowledge.

    Wasting computer storage space.

    Crashing the computer.

    Overt Channel & Covert Channel:


    Overt Channel:
    Overt channel simply means that the Data which is being transmitting on the network is a
    legitimate connection which is following the security policy
    An overt channel can be used to create a Tunnel(covert channel) to transmit the data
    carefully on the network, which does raise any alarm .
    Covert Channel:
    Covert channel is simply the connection in which data is being transmitting over the network
    that violates the security policy.
    The simplest form of covert channel is
    1.

    Trojan

    2.

    Backdoors etc.

    3.

    Http tunnelling to access some restricted data.

    Working of Trojans:
    An attacker can get access to the system in multiple way.

    If the Trojan is direct connecting Trojan then attacker can connect to the victim
    directly and can get access to the victim machine, but the scenario is not always that easy.
    Victim can be behind a Firewall, in that case direct connection Trojans will not any provide
    any access to the victim computer even if the victim is infected.

    Here comes the Reverse Connecting Trojans into the scene, In Reverse Connection
    Scenario, attacker need to connect to the victim instead reverse connecting Trojan
    themselves tries to create and maintain the connection between the victim and attacker
    which can bypass firewall if the trojan is using that protocol and port which is allowed from
    inside network.

    Different Types of Trojan

    Remote Access Trojans: Remote Access Trojans provides the whole access of the
    machine.

    Destructive Trojans: Some trojans are created with a purpose that they will destruct
    the normal working or booting procedure of the victim machine.

    Denial-of-Service (DoS) Attack: Some trojans works a dump zombies and they wait
    for the attacker to give commands and usually they are being used for DDOS attacks.

    Proxy Trojans: Proxy Trojans are provides the access of the victim machine in the
    same way as the Remote access trojan does , but it gives the additional functionality that
    attacker can use the victims machine as a proxy server which will hide the attacker from
    being logged.

    FTP Trojans: FTP trojans are those which open the ftp port 21 on the victim machine
    and allows attackers to access it through ftp client

    Security Software Disablers: Some trojans are designed to check and disable the anti
    virus, internet security tools on the victim machine thus making them vulnerable to attacks
    and prevent themselves from being detected.

    Target Data Types of Trojans


    Trojans are not restricted to target only the following contents but this what they
    actually look for:

    Login credentials like Username-password combination and information like credit


    card details which may be used by the victim.

    Trojans looks for Confidential documents, official documents and personal


    documents.

    Trojans can also retrieve data like bank account numbers, social security numbers,
    insurance information etc.

    Trojans can also access calendar information like important meetings and other
    notes concerning the victims presence or activity.

    Trojans can also stage the victim machine to hack further for some illegal cause and
    leave the victim for consequences.

    Different Modes of Trojan Infection


    Trojans can be spread by any means, some of them are listed here:

    Through Internet Relay Chats and messengers like gtalk and yahoo.

    Through mail attachments

    Trojans can also infect the system through a physical access of the system

    Browser and email software security bugs can allow attackers to compromise
    machine and then infect it with trojans for future access.

    Trojans can also replicate while sharing data within a domain network.
    Untrusted sites and freeware software site also transmits the trojans in an affective
    manner.

    Auto Run Trojan

    The AUTORUN.INF file must start with the following line:

    [autorun]

    For example to create a CD or pen drive that will autorun the program server.exe
    would require an AUTORUN.INF file similar to:

    [autorun] open=server.exe icon=setup.exe to create a CD that will autorun to open


    the html file index.htm would require:

    [autorun] ShellExecute=index.htm icon=index.htm However, since some older


    versions of Windows do not support ShellExecute a less elegant alternative would be:

    [autorun] open=command /c start index.htm icon=index.htm Be aware that the use of


    command and start restrict this to machines running Windows.
    So, By using Auto run feature you can spread your trojan very easily

    Symptoms of a Trojan Infection


    Common symptoms of a trojan infected machines:

    CD-ROM drawer opens and closes by itself

    Computer screen flips upside down or inverts

    Wallpaper or background settings change by themselves

    Documents or messages print from the printer by themselves

    Computer browser goes to a strange or unknown web page by itself

    Windows color settings change by themselves

    Screensaver settings change by themselves


    These are common effects that user experience after infected by a trojans like beast and
    prorat.

    Ports Used by Trojans


    Trojan

    Ports

    ==================
    Deepthroat

    6670

    Netbus

    6666

    Prorat

    5110

    Secret agent

    11223

    Asylum

    23456

    Binder and wrappers:

    Wrapper or binder is an application which combines a trojans application with a non


    malicious file like an image or any other executable file.

    This reduces the suspicion level of the victim over attacker and it also helps in
    convincing the victim to execute that wrapped file

    Using wrappers, we have combined two different applications as a single file, now
    when victim executes that file single wrapped file, it first installs the trojan in the
    background and then run the legitimate application after it.

    Victim only see the later legitimate application on the foreground.

    How to Detect Trojans?


    There are several method by which we can scan the presence of a trojan which are as
    follows:

    By scanning the system for suspicious open ports using tools such as netstat &
    TCPview
    By scanning for suspicious running processes using process Viewer.

    By scanning for suspicious registry entries using the following tools such as
    MSConfig.

    By scanning what type network connection are being established by using wireshark
    and save that data packets capture and analysis them to see to which IP address they are
    connecting to.

    Avoiding Trojan Infection:

    Do not download blindly from any websites that you are visiting.

    Do not trust the file even if the file coming from a friend, there may be a possibility
    that your friends system is also infected and it might also your system as well, so be sure
    what the file is before opening it.

    Disable the autopreview or autoplay option from the media that you are connecting to
    your computer.

    Do not type commands that you have received in a mail from someone or not type
    anything in the browser that can a malicious script that may further infect your computer.

    Prorat:

    You might also like