This tutorial will include the understanding concept of Trojan, Dangers created by Trojans, how they can come to your computer, how do they destroy you and your data. How many types of Trojans are there, how Trojans are attached behind other applications and finally the most important, Detection of Trojan on your computer and their prevention to safeguard your system and your data.
Knowing the Trojan
A Trojan is a malicious program misguided as some very important application. Trojans comes on the backs of othe programs and are installed on a system without the User’s knowledge. Trojans are malicious pieces of code used to install hacking software on a target system and aid the Hacker in gaining and retaining access to that system. Trojans and their counterparts are important pieces of the Hacker’s tool-kit. Trojans is a program that appears to perform a desirable and necessary function but that, because of hidden and unauthorized code, performs functions unknown and unwanted by the user. These downloads are fake programs which seems to be a original application, it may be a software like monitoring program, system virus scanners, registry cleaners, computer system optimizers, or they may be applications like songs, pictures, screen savers, videos, etc..
You just need to execute that software or application, you will find the application running or you might get an error, but once executed the Trojan will install itself in the system automatically.
Once installed on a system, the program then has system-level access on the target system, where it can be destructive and insidious. They can cause data theft and loss, and system crashes or slowdowns; they can also be used as launching points for other attacks against your system.
Many Trojans are used to manipulate files on the victim computer, manage processes, remotely run commands,intercept keystrokes, watch screen images, and restart or shut down infected hosts.
Different Types of Trojans
1. Remote Administration Trojans: There are Remote Access Trojans which are used to control the Victim’s computer remotely.
2. Data Stealing Trojans: Then there are Data Sending Trojans which compromised the data in the Victim’s computer, then find the data on the computer and send it to the attacker automatically.
3. Security Disabler Trojan: There are Security software disablers Trojans which are used to stop antivirus software running in the Victim’s computer.
In most of the cases the Trojan comes as a Remote Administration Tools which turns the Victim’s computer i nto a server which can controlled remotely. Once the Remote Access Trojan is installed in the system, the attacker can connect to that computer and can control it.
Components of Trojans
Trojan consists of two parts:
1. A Client component
2. A Server component.
One which resides on the Victim’s computer is called the server part of the Trojan and the one which is on the attacker’s computer is called the client Part of the Trojan. For the Trojan to function as a backdoor, the server Component has to be installed on the Victim’s machine.
1. Server component of the Trojan opens a port in the Victim’s computer and invites the Attacker to connect and administrate the computer.
2. Client component of the Trojan tries to connect the Victim’s computer and administrate the computer without the permission of the User.
Wrapper
A Wrapper is a program used to combine two or more executables into a single packaged program. The wrapper attaches a harmless executable, like a game, to a Trojan’s payload, the executable code that does the real damage, so that it appears to be a harmless file.
Hackers use Wrappers to bind the Server part of the Software behind any image or any other file. Wrappers are also known as Binders.
Generally, games or other animated installations are used as wrappers because they entertain the user while the Trojan in being installed. This way, the user doesn’t notice the slower processing that occurs while the Trojan is being installed on the system—the user only sees the legitimate application being installed.
Detection and Removal of Trojans
The unusual behavior of system is usually an indication of a Trojan attack. Actions/symptoms such as,
• Programs starting and running without the User’s initiation.
• CD-ROM drawers Opening or Closing.
• Wallpaper, background, or screen saver settings changing by themselves.
• Screen display flipping upside down.
• Browser program opening strange or unexpected websites
All above are indications of a Trojan attack. Any action that is suspicious or not initiated by the user can be an indication of a Trojan attack.One thing which you can do is to check the applications which are making network connections with other computers.One of those applications will be a process started by the Server Trojan.
You also can use the software named process explorer which monitors the processes executed on the computer with its original name and the file name. As there are some Trojans who themselves change their name as per the system process which runs on the computer and you cannot differentiate between the Trojan and the original system process in the task manager processes tab, so you need PROCESS EXPLORER.
TCP (Transmission Control Protocol) view
• TCP View is a Windows program that will show you detailed listings of all TCP (Transmission Control Protocol) and UDP
(User Datagram Protocol) endpoints on your system, including the local and remote addresses and state of TCP connections.
• On Windows NT, 2000, and XP, TCP View also reports the name of the process that owns the endpoint.
• Active connections will appear in Green Color. You can always Right Click on the check the properties of the application.
• Once you have got hold of the Trojan application, you can Kill the active connection and the running process and then delete the physical application file. This will make you recover from the attack of Trojan.
Countermeasures for Trojan attacks
Most commercial antivirus programs have Anti-Trojan capabilities as well as spy ware detection and removal
functionality. These tools can automatically scan hard drives on startup to detect backdoor and Trojan programs before
they can cause damage. Once a system is infected, it’s more difficult to clean, but you can do so with commercially
available tools. It’s important to use commercial applications to clean a system instead of freeware tools, because many
freeware removal tools can further infect the system. In addition, port monitoring tools can identify ports that have been
opened or files that have changed.
The key to preventing Trojans and backdoors from being installed on a system is to not to install applications downloaded
from the Internet or open Email attachments from parties you don’t know. Many systems administrators don’t give users
the system permissions necessary to install programs on system for the very same reasons
1. Install a Firewall A firewall helps protect your PC by preventing unauthorized users from gaining access to your computer through the Internet or a network. It acts as a barrier that checks any information coming from the Internet or a network, and then either blocks the information or allows it to pass through to your computer. 
Posts
