Malwares are programs written for the intention of being malicious. They cause damage to the systems, by giving the programmer limited or full access to the target system. These malware can be introduced into the system through various means; removable devices, fake programs, downloading or opening unsecured sites, instant messenger etc. Some of the known malware are rootkit, Trojan, botnet, adware, virus and worms.
Trojans can be used to damage an organizations system, and can be slipped in without being noticed. This is because Trojans usually disable antiviruses or firewalls. The purpose of the Trojan horse once it is in the system is dependent on the attackers’ goals. Some have been known to delete important files from target systems; others have been known to cover reconnaissance on the target system, by gaining information on videos, audios e.t.c on the victims’ computer.
The Trojan horse could also be used to perform DDoS attacks, implement backdoors to switch or divert the operating system’s activities without the target systems administrators’ knowledge. The Trojan horse could also be used to wreck even more havoc on the Victim’s system, as the attacker could use this as a means to download other malicious programs; spyware, adware, e.t.c
These are methods used to keep a Trojan horse from being noticed by a host system. Wrappers attach the Trojan to a seemingly harmless .EXE application such as games. The wrapper installs the Trojan in the background, before it installs the main application. Other things an attacker use for implementing Trojans is through birthday messages.
Exploit kits are used by malicious attackers to transfer viruses, spyware, adware, botnot and other malicious codes to a target system. This is done when a victim tries to access a site. The attacker redirects the victim to a different site, and uses the exploit kit to extract sensitive information.
Firewalls are increasingly advancing with growing technology. Hence, it is important to figure out different ways to slip Trojans past an anti-virus without it being detected.
There are various types of Trojans, which work according to specific goals and objectives. These Trojans range from mild to destructive. These Trojans are Destructive Trojan, HTTP Trojan, Botnet Trojan, Notification Trojan, Mobile Trojan, FTP Trojan, VNC Trojan.
These types of Trojans are used to gain sensitive information from victims before it is encoded. This information is sent to the attackers command center.
ZeuS and SpyEye are types of e-banking Trojans that are used to steal credit card details and other confidential information for infected computers. SpyEye is used to implement an online transaction. Information such as credit card details is being stolen. The Trojan can work in three different ways -
TAN grabber: The Trojan attack works by interrupting and swapping the transaction authentication number with a random number that the bank rejects. The malicious attacker can use the TAN number to gain information on the victim’s login details.
Injection: Malicious attackers use this means to extract credit card details from target systems, by creating forms on banking pages. Once this information is gleaned, the attacker uses this to impersonate the victim’s account.
Form Grabber: Trojan attackers interrupts the scramble pad input when the victim inputs their numbers and access code. The attackers do this by examining and investigating the POST responses and requests transmitted to the victim’s phone.
This allows the attacker have access to a command shell on the target systems computer. The Trojan is installed and opens a port for the attacker to control the victim’s system.
This is used by attackers to tamper with strings, logos and bitmaps, on window programs. This means the attackers have the opportunity to deface applications on windows operating systems, using user-styled custom applications.
This is used by attackers to cover a lot of ground with systems in the same geographical location. Attackers work by targeting a number of systems, and creating what is termed a network of bots. This collection is controlled in the command and control center. The botnet Trojan is special, in the sense that it allows for varying types of attacks; click fraud, spamming, DOS attacks and credit card information theft.
This is used by attackers to gain access to the internet, through a victim’s system. This works with a lot of systems on the internet today without being detected by the machine’s defense system. This is because, once the Trojan is introduced into the system, a hidden proxy server is initiated on the target system.
These are used by attackers to gain unlimited access to files existing on the target system’s machine. This is done by implementing and FTP server to the host system, which in turn opens an FTP port.
This Trojan is difficult to discover, and can be well hidden in the target system for a while, without the system’s defense system noticing. This works by initiating a VNC server daemon in the target system, after it has been implemented with the VNC Trojan.
Published with the express permission of the author.