Hacker

Trojan horse

In the context of computing and software, a Trojan horse, also known as a trojan, is a form of malware that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine. As such, a computer worm or virus may also be classed as a Trojan horse if they display these characteristics.

The term is derived from the classical story of the Trojan Horse.

 

Example

A program named "waterfalls.scr" serves as a simple example of a Trojan horse. The author claims it is a free waterfall screen saver. When running, it instead unloads hidden programs, scripts, or any number of commands without the user's knowledge or consent. Malicious Trojan horse programs are used to circumvent protection systems, in effect creating a vulnerable system to allow unauthorized access to the user's computer.

 

Types of  Trojan horse payloads

Trojan horse payloads are almost always designed to cause harm, but can also be harmless. They are classified based on how they breach and damage systems. The six main types of Trojan horse payloads are:

Remote Accessing

Data Destruction

Downloader

Server Trojan(Proxy, FTP , IRC, Email, HTTP/HTTPS, etc.)

Security software disabler

Denial-of-service attack (DoS)

Some examples of damage are:

Erasing or overwriting data on a computer

Re-installing itself after being disabled

Encrypting files in a cryptoviral extortion attack

Corrupting files in a subtle way

Upload and download of files

Copying fake links, which lead to false websites, chats, or other account based websites, showing any local account name on the computer falsely engaging in untrue context

Falsifying records of downloading software, movies, or games from websites never visited by the victim.

Allowing remote access to the victim's computer. This is called a RAT (remote access trojan)

Spreading other malware, such as viruses (this type of trojan horse is called a 'dropper' or 'vector')

Setting up networks of zombie computers in order to launch DDoS attacks or send spam.

Spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware)

Making screenshots

Logging keystrokes to steal information such as passwords and credit card numbers

Phishing for bank or other account details, which can be used for criminal activities

Installing a backdoor on a computer system

Opening and closing CD-ROM tray

Playing sounds, videos or displaying images

Calling using the modem to expensive numbers, thus causing massive phone bills

Harvesting e-mail addresses and using them for spam

Restarting the computer whenever the infected program is started

Deactivating or interfering with anti-virus and firewall programs

Deactivating or interfering with other competing forms of malware

Randomly shutting off the computer

Installing a virus

Slowing down your computer

Displaying pornographic sites

 

Methods of deletion

Since Trojan horses have a variety of forms, there is no single method to delete them. The simplest responses involve clearing the temporary internet files file and deleting it manually. Normally, antivirus software is able to detect and remove the trojan automatically. If the antivirus cannot find it, booting the computer from alternate media, such as a live CD, may allow an antivirus program to find a trojan and delete it. Updated anti-spyware programs are also efficient against this threat. Most trojans also hide in registries, and processes.

 

 

http://en.wikipedia.org/wiki/Trojan_horse_(computing)

edit @ 26 Jan 2009 19:28:51 by victimsoul 

edit @ 26 Jan 2009 19:30:04 by victimsoul