how-to block ads
|
|
1.0 Trojan horses·Trojan horse
·what harmfull actions can a trojan horse cause on my PC?
·what is a Logic bomb trojan?
·What is a Time bomb trojan?
·what is a Dropper trojan?
·what is a Botnet trojan?
·Infected Programs
·Websites
·Email
·Open ports
| | | Trojan horses are usually designed to do various harmful things? but could be harmless. Examples: •Erasing or overwriting data on a computer
•Encrypting files in a crypto viral extortion attack
•Corrupting files in a subtle way
•Upload and download files
•Spreading other malware? such asviruses. In this case? the Trojan horse is called a dropper or vector.
•Setting up networks of zombie computers in order to launch Dodos attacks or send spam
•Spying on the user of a computer and covertly reporting data like browsing habits to other people
•Make screenshots
•Logging keystrokes to stealing formation such as passwords and credit card numbers (also known as a key logger)
•Phish for bank or other account details? which can be used for criminal activities.
•Installing a backdoor on a computer system
 feedback form
 feedback form
by uid1307457 
last modified: 2009-04-27 17:59:39 | | | Trojan horses are usually designed to do various harmful things, but could be harmless.
Examples:
•Erasing or overwriting data on a computer
•Encrypting files in a crypto viral extortion attack
•Corrupting files in a subtle way
•Upload and download files
•Spreading other malware, such as viruses. In this case, the Trojan horse is called a dropper or vector.
•Setting up networks of zombie computers in order to launch Dodos attacks or send spam
•Spying on the user of a computer and covertly reporting data like browsing habits to other people
•Make screenshots
•Logging keystrokes to steal information such as passwords and credit card numbers (also known as a key logger)
•Phish for bank or other account details, which can be used for criminal activities.
•Installing a backdoor on a computer system
feedback form
feedback form
by uid1307457
last modified: 2009-04-27 17:59:49 | | | Logic bombs activate on certain conditions met by the computer.
feedback form
feedback form
by uid1307457
last modified: 2009-04-27 18:00:02 | | | Time bombs activate on particular dates and/or times.
feedback form
feedback form
by uid1307457
last modified: 2009-04-27 18:00:12 | | | Droppers perform two tasks at once.
•Performs a legitimate task
•Installs a computer virus or a computer worm on a system at the same time
feedback form
feedback form
by uid1307457
last modified: 2009-04-27 18:00:21 | | | some may say that a botnet is not a Trojan horse, which is almost true. In that case, I quote Robert Lemos and Jim Hu, "A bot is also known as a remote-access Trojan horse program, or RAT."
Botnet is a jargon term for a collection of software robots, or bots, which run autonomously. This can also refer to the network of computers using distributed computing software.
While the term "botnet" can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised machines running programs (usually referred to as worms, Trojan horses, or backdoors) under a common command and control infrastructure. A botnet's originator can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes. Individual programs manifest as IRC "bots.” Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 (IRC) standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. The more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet owner community.
Botnet’s have become a significant part of the Internet, albeit increasingly hidden. Due to most conventional IRC networks taking measures and blocking access to previously hosted botnets, owners must now find their own servers. Often, a botnet will include a variety of connections, ranging from dial-up, ADSL, cable, educational, corporate, military, or even Government. Sometimes, an owner will hide an IRC server installation on an educational or corporate site, where high-speed connections can support a large number of other bots. Exploitation of this method of using a bot to host other bots has proliferated only recently, as most script kiddies do not have the knowledge to take advantage of it.
Several botnets have been found and removed from the Internet. The Dutch police found a 1.5 million node botnet and the Norwegian ISP Telenor disbanded a 10,000 node botnet. Large coordinated international efforts to shutdown botnets have also been initiated.
Botnet’s serve various purposes, including denial-of-service attacks, creation or misuse of SMTP mail relays for spam, click fraud, and the theft of application serial numbers, login IDs, and financial information such as credit card numbers. The botnet owner community features a constant and continuous struggle over who has the most bots, the highest overall bandwidth, and the largest amount of "high-quality" infected machines (commonly university, corporate, and even government machines).
Botnet servers will often liaise with other botnet servers, such that a group may contain 20 or more individual cracked high-speed connected machines as servers, linked together for purposes of greater redundancy. Actual botnet communities usually consist of one or several owners who consider themselves as having legitimate access (note the irony) to a group of bots. Such owners rarely have highly developed command hierarchies between themselves; they rely on individual friend-to-friend relationships. Often conflicts will occur between the owners as to who owns the individual rights to which machines, and what sorts of actions they may or may not permit.
A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system.
If a machine receives a Distributed Denial of Service attack from a botnet, few choices exist. Given the general geographic dispersal of botnets, it becomes difficult to identify a pattern of offending machines, and the sheer volume of IP addresses does not lend itself to the filtering of individual cases. Passive OS Fingerprinting can identify attacks originating from a botnet: network administrators can configure newer firewall equipment to take action on a botnet attack by using information obtained from Passive OS Fingerprinting. The best solution is to use hardware (ASIC or FPGA) based Rate Based intrusion prevention system. A solution that can act within seconds like a split second circuit breaker is your best bet as an automated solution.
Botnet’s typically use free DNS hosting services such as DynDns.org, No-IP.com, & Afraid.org to point a sub domain towards an IRC server that will harbor the bots. While these free DNS services do not themselves host attacks, they provide reference points, often hard-coded into the botnet executable. Removing such services can cripple an entire botnet. Recently, these companies have undertaken efforts to purge their domains of these sub domains. The botnet community refers to such efforts as null routing, because the DNS hosting services usually direct the offending sub domains to an inaccessible IP address.
The botnet server structure mentioned above has inherent vulnerabilities and problems. For example, if one was to find one server with one botnet channel, often all other servers, as well as other bots themselves, will be revealed. If a botnet server structure lacks redundancy, the disconnection of one server will cause the entire botnet to collapse (at least until the owner(s) decides on a new hosting space). However, recent IRC server software includes features to mask other connected servers and bots, so that a discovery of one channel will not lead to much harm.
News about Botnets :
»Yahoo! Mail getting hammered by hackers via Akami
'Zombie' PCs caused Web outage, Akamai says
feedback form
feedback form
by uid1307457
last modified: 2009-04-27 18:00:36 | | | The majority of Trojan horse infections occur because the user was tricked into running an infected program. This is why you are not supposed to open unexpected attachments on emails -- the program is often a cute animation or a sexy picture, but behind the scenes, it infects the computer with a Trojan or worm. The infected program does not have to arrive via email, though; it can be sent to you in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. (Physical delivery is uncommon, but if you were the specific target of an attack, it would be a reliable way to infect your computer.) Furthermore, an infected program could come from someone who sits down at your computer and loads it manually.
feedback form
feedback form
by uid1307457
last modified: 2009-04-27 18:01:07 | | | You can be infected by visiting a rogue website (Internet Explorer pop-ups). Makers of Trojans and other pests most often target Internet Explorer, because it contains numerous bugs, some of which improperly handle data (such as HTML or images) by executing it as a legitimate program. Attackers who find such vulnerabilities can then specially create a bit of malformed data so that it contains a valid program to do their bidding. The more features a web browser has (for example ActiveX objects and some older versions of Flash or Java), the higher your risk of having security holes that can be exploited by a Trojan horse.
feedback form
feedback form
by uid1307457
last modified: 2009-04-27 18:01:17 | | | If you use Microsoft Outlook, you are vulnerable to many of the same problems that Internet Explorer is vulnerable to. Even if you do not use IE directly. The same vulnerabilities exist since Outlook allows email to contain HTML, images and actually uses much of the same code to process these as Internet Explorer.
Furthermore, an infected file can be included as an attachment. In some cases, an infected email will infect your system the moment it is opened in Microsoft Outlook -- you do not even have to run the infected attachment. For this reason, using Microsoft Outlook lowers your security substantially, which means you should always have the most recent security patch installed.
feedback form
feedback form
by uid1307457
last modified: 2009-04-27 18:02:03 | | | Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide file sharing capabilities such as Instant Messengers (AOL's AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured.
A firewall may be used to limit access to open ports. Firewalls are widely used in practice, and they help to mitigate the problem of remote Trojan insertion via open ports, but they are not a very impenetrable solution, either.
The following tool can be used to identify any open ports: »/scan
feedback form
feedback form
by uid1307457
last modified: 2009-04-27 18:02:13 |
|
