A Trojan horse is an unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.
- It is a legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.
- Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.
Working of Trojans
- Attacker gets access to the trojaned system as the system goes online
- By way of the access provided by the trojan attacker can stage attacks of different types.
Various Trojan Types
- Remote Access Trojans
- Password Sending Trojans
- Keyloggers
- Destructive
- Denial Of Service (DoS) Attack Trojans
- Proxy/Wingate Trojans
- FTP Trojans
- Software Detection Killers
Modes of Transmission
- Attachments
- Physical Access
- Browser And E-mail Software Bugs
- NetBIOS (File Sharing)
- Fake Programs
- Un-trusted Sites And Freeware Software
Backdoor Countermeasures
- Most commercial ant-virus products can automatically scan and detect backdoor programs before they can cause damage (Eg. before accessing a floppy, running exe or downloading mail)
- An inexpensive tool called Cleaner (http://www.moosoft.com/cleanet.html) can identify and eradicate 1000 types of backdoor programs and trojans.
- Educate your users not to install applications downloaded from the internet and e-mail attachments.