What is Trojan Horse? Difference between Virus, Worms & Trojans. Purpose and uses. Types of Trojan Horses?

Popular Trojan horses. How can you be infected?

Implementation with an example

How to Prevent? References

A Trojan horse or Trojan, is a type of malware that masquerades as a legitimate file or helpful program with the ultimate purpose of granting a hacker unauthorized access to a computer.

*Computer Virus is a program that when triggered

by an action of the user, causes copies of itself to be created. of itself to be created without any user intervention. Horses is a program that appears to do something useful, but in reality, masks some hidden malicious functionality. It does not make copies of itself.

*Computer Worms is a program that causes copies *Trojan

A Trojan gives a hacker remote access to a targeted computer system. Operations that could be performed by a hacker on a targeted computer system may include: Downloading or uploading of files on the user's computer Modification or deletion of files Crashing the computer Data theft (e.g. retrieving passwords or credit card information)

Remote Access Trojans Data Sending Trojans Destructive Trojans Proxy Trojans FTP Trojans Security software disabler Trojans Denial-of-service attack (DoS) Trojans

Netbus (by Carl-Fredrik Neikter) Subseven or Sub7(by Mobman) Back Orifice (Sir Dystic) Beast Zeus Flashback Trojan (Trojan.BackDoor.Flashback)

Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of Trojans and other pests. Even using a secure web browser, such as Mozilla's Firefox, if Java is enabled, your computer has the potential of receiving a Trojan horse. E-mail & I.M: Attachments on e-mail messages may contain Trojans. Many get infected through files sent through various I.M. ,this is due to an extreme lack of security in some instant messengers, such of AOL's instant messenger.

Trojan.Gletta.A is a Trojan horse program that steals Internet banking passwords. It logs keystrokes of a victim computer when the user visits certain Web pages and then emails the log to the attacker.
1) Trojan.Gletta.A executable locates the System folder copies itself to the system folder and the Windows installation folder. %System%\Wmiprvse.exe %System%\Ntsvc.exe %Windir%\Userlogon.exe

2)

Creates %System%\Rsasec.dll, which is a key logger and %System%\rsacb.dll, which is actually a text key logger file. 3) Adds a registry key value "wmiprvse.exe"="%system%\wmiprvse.exe" , to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run, so that the Trojan runs when you start Windows.

4) On Windows NT/2000/XP, it adds the value: "Run" = "%Windir%\userlogon.exe" to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\ WindowsNT\CurrentVersion\Windows, so that the Trojan runs when you start the operating systems. The program watches for Internet Explorer windows that have any of the following titles: National Internet Banking Welcome to Citibank Bank of China HSBC in Hong Kong

Install latest security patches for the operating system. Install Anti-Trojan software. Trojan Hunter A- Squared Install anti-virus software and update it regularly Install a secure firewall Do not give strangers access (remote as well as physical) to your computer. Do not run any unknown or suspicious executable program just to "check it out". Scan all email attachments with an antivirus program before opening it.

References:Trojan horse:http://www.webopedia.com/TERM/R/Remote_ Access_Trojan.html http://en.wikipedia.org/wiki/Trojan_horse_(co mputing) www.cs.bham.ac.uk/ www.cs.purdue.edu