Trojan Horses on the WebTrojan Horses on the Web

Definition:Definition:

A Trojan horse a piece of software that allows A Trojan horse a piece of software that allows the user think that it does a certain task, while the user think that it does a certain task, while actually does an entirely different action and actually does an entirely different action and most of the time it would damage either the most of the time it would damage either the person or their computers. person or their computers.

Now-a-days Trojan horse are probably the most Now-a-days Trojan horse are probably the most wide-spread security threat!wide-spread security threat!

The name “Trojan Horse ” was derived from the The name “Trojan Horse ” was derived from the story of how Odysseus of the Greeks tricked the story of how Odysseus of the Greeks tricked the people of Troy with a gift, that actually would people of Troy with a gift, that actually would lead to their demise.lead to their demise.

How Trojan Horses WorkHow Trojan Horses WorkSome one trying to execute a Trojan Horse would begin Some one trying to execute a Trojan Horse would begin by disguising their software as a benign or beneficial by disguising their software as a benign or beneficial software. Then distribute the software via e-mail or links software. Then distribute the software via e-mail or links from given websites. Users are then fooled into from given websites. Users are then fooled into downloading this maliciously disguised software, which downloading this maliciously disguised software, which then corrupts user and or his computer. then corrupts user and or his computer.

The attackers goals during the course of this operation The attackers goals during the course of this operation include: erasing and overwriting data on a computer, include: erasing and overwriting data on a computer, encrypting files, discretely corrupting files, uploading and encrypting files, discretely corrupting files, uploading and downloading corrupt files, taking control of users downloading corrupt files, taking control of users computer, re-installing itself after being disabled, making computer, re-installing itself after being disabled, making screenshots, data harvesting, etc. screenshots, data harvesting, etc.

Security Software DisablersSecurity Software Disablers

Trojans that disable anti-virus or firewalls. This Trojans that disable anti-virus or firewalls. This allows the attacker to penetrate the system with allows the attacker to penetrate the system with ease. ease.

The compromised system is now vulnerable to The compromised system is now vulnerable to attacks from the internet.attacks from the internet.

Denial-of-Services (DOS)Denial-of-Services (DOS)

Denial of Services or DOS is a type Trojan Denial of Services or DOS is a type Trojan horse.horse.

Denial of Services turns the victims computer Denial of Services turns the victims computer into a zombie. Together with other zombie into a zombie. Together with other zombie machines they attack a server over the internet machines they attack a server over the internet to consume all of its resources and bring down to consume all of its resources and bring down the server. the server.

For this to be affective many zombie machines For this to be affective many zombie machines are required overflow the servers capacity level. are required overflow the servers capacity level.

Example of DOSExample of DOS

Keylogger Keylogger This kind of Trojan monitor the key strokes on a This kind of Trojan monitor the key strokes on a keyboard and sends them back to an foreign keyboard and sends them back to an foreign location. location.

Often keyloggers are used in identity theft Often keyloggers are used in identity theft crimes cause they can get strings of information. crimes cause they can get strings of information. For example, bank account numbers, credit For example, bank account numbers, credit cards, account passwords, user names, etc.cards, account passwords, user names, etc.

Here is an example of how to avoid keylogging:Here is an example of how to avoid keylogging:

Remote Access TrojansRemote Access Trojans

Remote access Trojans allows third party users Remote access Trojans allows third party users to take complete control over a victims system. to take complete control over a victims system. This allows an attacker to violate a users This allows an attacker to violate a users computer from another location.computer from another location.

They can hijack keyboard and mouse They can hijack keyboard and mouse movements giving the attacker control of a movements giving the attacker control of a victims system. victims system.

They can do tasks as simple as opening and They can do tasks as simple as opening and closing a CD-Rom tray. closing a CD-Rom tray.

Data destruction of TrojansData destruction of Trojans

The goal of this Trojan is to erase or corrupt data The goal of this Trojan is to erase or corrupt data stored on this computer. This would be done to stored on this computer. This would be done to erase memory or information that would usually erase memory or information that would usually benefit the attacker. For example, corporate benefit the attacker. For example, corporate sabotage or removal of an important machine sabotage or removal of an important machine from service. Also, this can be used for extortion from service. Also, this can be used for extortion when the hacker will corrupt original file and when the hacker will corrupt original file and charge victim for return of impertinent charge victim for return of impertinent information. Attackers main motive for this is information. Attackers main motive for this is profit.profit.

Consequences to UserConsequences to User

Loss of identityLoss of identity

Permanent damage to hardwarePermanent damage to hardware

Corruption of files in an operating systemCorruption of files in an operating system

Financial loss to corporations or userFinancial loss to corporations or user

Increase in spamIncrease in spam

Reduction of system performanceReduction of system performance

Difference between Trojan Horse and Difference between Trojan Horse and other computer Attacksother computer Attacks

Viruses attached themselves to legitimate Viruses attached themselves to legitimate previously installed software. Require a human previously installed software. Require a human action to infect the system. action to infect the system.

A worm have the ability to self replicate and A worm have the ability to self replicate and spread from machine to machine without the spread from machine to machine without the need form human interaction. need form human interaction.

Trojan Horses have none of these attributes. Trojan Horses have none of these attributes.

How Trojan Horses have evolvedHow Trojan Horses have evolved

Recent shifts in hacker focus on how Recent shifts in hacker focus on how compromised web servers are now becoming an compromised web servers are now becoming an important in attacks against users and the threat important in attacks against users and the threat of automated web attacks. The attackers are of automated web attacks. The attackers are focusing on the vulnerable servers to get their focusing on the vulnerable servers to get their victims easier.victims easier.

DemographicsDemographics

Current Research shows that they are:Current Research shows that they are: CauasianCauasian MaleMale 12-28 years old12-28 years old Middle classMiddle class Limited Social Skills Limited Social Skills Perform poorly in school: aptitude for Perform poorly in school: aptitude for

computers and technologycomputers and technology Dysfunctional families.Dysfunctional families.

Types of HackersTypes of Hackers

NOVICE - Limited computer skills.NOVICE - Limited computer skills.

CYBER-PUNKS – Better understanding of how CYBER-PUNKS – Better understanding of how the attack works.the attack works.

INSIDERS – Disgruntled employee or ex-INSIDERS – Disgruntled employee or ex-employee able to carry out the attack due to employee able to carry out the attack due to inherent privelegs.inherent privelegs.

CODERS – Technically skilled, writes the scripts CODERS – Technically skilled, writes the scripts and automated tools.and automated tools.

PROFESSIONAL – Criminals, thieves, highly PROFESSIONAL – Criminals, thieves, highly trained in state of the art equipment and very trained in state of the art equipment and very motivated.motivated.

CYBER-TERRORISTS – well funded, political CYBER-TERRORISTS – well funded, political motives with criminal intent.motives with criminal intent.

Major AttacksMajor AttacksIn 2000 Bill Gates’ Microsoft operating systems In 2000 Bill Gates’ Microsoft operating systems suffered a major attack from Trojans horses suffered a major attack from Trojans horses when they discovered a security error in the when they discovered a security error in the Microsoft operating system. The notepad Microsoft operating system. The notepad application was infected and the Trojan spread application was infected and the Trojan spread itself through the network to affect other itself through the network to affect other computers that were connected. This allowed computers that were connected. This allowed access to source codes for the hackers. Even access to source codes for the hackers. Even worse the Trojans also rewrote the system worse the Trojans also rewrote the system registry so that whenever the system rebooted registry so that whenever the system rebooted the Trojans is reloaded back into the system. the Trojans is reloaded back into the system.

Examples of Trojan HorsesExamples of Trojan Horses

Prevention of Trojan Horse AttacksPrevention of Trojan Horse Attacks

Anti-Virus/ Anti-Trojan softwareAnti-Virus/ Anti-Trojan software

Be aware of what you upload and download to Be aware of what you upload and download to your operating system.your operating system.

Monitor the sites and files your visit and use.Monitor the sites and files your visit and use.

ConclusionConclusion

Trojan HorsesTrojan Horses is a piece of software that allows is a piece of software that allows the user think that it does a certain task, while the user think that it does a certain task, while actually does an entirely different task and actually does an entirely different task and damages an vulnerable system.damages an vulnerable system.

Trojan HorsesTrojan Horses can be used to steal an can be used to steal an individuals identity, corrupt data, and permanent individuals identity, corrupt data, and permanent hardware damage.hardware damage.

Questions??Questions??