A trojan is a software application that is designed to provide covert access to a victim's system. The malicious code made in such a way that it appears harmless and thus get around both the scrutiny of the user, and the antivirus software. Using wrappers, attackers can take their intended payload and merge it with a harmless executable to create a single executable from the two. Once on a system, its goals are similar to those of a virus or worm: to get and maintain control of the system or perform some other task.
Trojan horses can be used to install backdoors on a target system, allowing an attacker to freely access the target computer. Using the backdoor, a malicious hacker can send files to the target system or use the infected machine to access illegal websites, while hiding the intruder's identity. Infected machines can be used for storing files without the knowledge and consent of the owner of the system.
An infection may be indicated by some of the following behaviors
Operations that could be performed by a hacker on a target system may include
An attacker might wish to use a trojan instead of a virus because a trojan is more stealthy, coupled with the fact that it opens a covert channel that is used to transmit information.
The data transmitted can be a number of things, such as identity information.
Types of trojans include...
Remote Access Trojans (RATs)
RATs are designed to give an attacker remote control over a target system. Two well-known members of this class are the SubSeven and the Back Orifice, although very old.
Data Sending Trojans
To fit this category, a trojan must capture some sort of data from the victim's system, including files and keystrokes. Once captured, this data can be transmitted via e-mail or other means if the trojan is so enabled. Keyloggers are common trojans of this type.
Destructive Trojans
This type of trojan seeks to corrupt, erase, or destroy data outright on the target system. In more extreme cases, the trojan may affect hardware in such a way that it becomes unusable.
Proxy
Malware of this type causes the target system to be used as a proxy by the attacking party. The attacker uses the victim's system to scan or access another system or location. The end result is that the actual attacker becomes harder to identify.
FTP
Software of this type is designed to set up the infected system as a FTP server. An infected system becomes a server hosting all sorts of information and tools, which may include illegal content of all types.
Security Software Disablers
A trojan can be used in further attacks and escalations if the trojan is first used to disable security software such as antivirus software or local firewalls.
Trojan horses can be used to install backdoors on a target system, allowing an attacker to freely access the target computer. Using the backdoor, a malicious hacker can send files to the target system or use the infected machine to access illegal websites, while hiding the intruder's identity. Infected machines can be used for storing files without the knowledge and consent of the owner of the system.
An infection may be indicated by some of the following behaviors
- The CD drawer of a computer opens and closes
- The computer screen changes, either flipping or inverting
- Screen settings change
- Documents print with no explanation
- The browser is redirected to a strange or unknown web page
- The Windows color settings change
- Screen saver settings change
- The right and left mouse buttons reverse their functions
- The mouse pointer disappears
- The mouse pointer moves in unexplained ways
- The start button disappears
- Chat boxes appear
- The Internet Service Provider (ISP) reports that the victim's computer is running port scans
- People chatting with you appear to know detailed personal information
- The system shuts down by itself
- The task bar disappears
- Account passwords are changed
- Legitimate accounts are accessed without authorization
- Unknown purchase statements appear in credit card bills
- Modems dial and connect to the Internet by themselves
- CTRL+ALT+DEL stops working
- When the computer is rebooted, a message states that other users are still connected.
Operations that could be performed by a hacker on a target system may include
- Stealing data
- Installing software such as keyloggers etc.
- Downloading or uploading files
- Modifying files
- Viewing the system user's screen
- Consuming computer storage space
- Crashing the victim's system
An attacker might wish to use a trojan instead of a virus because a trojan is more stealthy, coupled with the fact that it opens a covert channel that is used to transmit information.
The data transmitted can be a number of things, such as identity information.
Types of trojans include...
Remote Access Trojans (RATs)
RATs are designed to give an attacker remote control over a target system. Two well-known members of this class are the SubSeven and the Back Orifice, although very old.
Data Sending Trojans
To fit this category, a trojan must capture some sort of data from the victim's system, including files and keystrokes. Once captured, this data can be transmitted via e-mail or other means if the trojan is so enabled. Keyloggers are common trojans of this type.
Destructive Trojans
This type of trojan seeks to corrupt, erase, or destroy data outright on the target system. In more extreme cases, the trojan may affect hardware in such a way that it becomes unusable.
Proxy
Malware of this type causes the target system to be used as a proxy by the attacking party. The attacker uses the victim's system to scan or access another system or location. The end result is that the actual attacker becomes harder to identify.
FTP
Software of this type is designed to set up the infected system as a FTP server. An infected system becomes a server hosting all sorts of information and tools, which may include illegal content of all types.
Security Software Disablers
A trojan can be used in further attacks and escalations if the trojan is first used to disable security software such as antivirus software or local firewalls.