Let us take at the different types of Trojan that have been
detected and based on their functionality.
| Attack Methods |
■ Remote Access Trojans
These are the Trojans usually seen referred to in the media
and hence gain high visibility because of their ability to give the attackers
the power to do more things on the victim's machine than the victim itself,
while standing in front of the machine. Most of these Trojans are often a
combination of the other variations discussed
below.
|
| Attack Methods |
■ Password Sending Trojans
These Trojans are directed towards extracting all the cached
passwords and also capture other passwords entered by the victim and email them
across to an attacker specified mail address, without the victim realizing it.
The password harvest may include passwords for ICQ, IRC, FTP, HTTP or any other
application that require a user to enter a login and password. Most of them do
not restart when Windows is loaded, as the objective is to gather as much info
about the victim's machine as passwords, mIRC logs, ICQ conversations and mail
them to the attacker.
|
| Attack Methods |
■ Keyloggers
These Trojans log the keystrokes of the victim and then let
the attacker search for passwords or other sensitive data in the log file. They
usually come with two functions such as online and offline recording. As with
the previous group, these Trojans can be configured to send the log file to a
specific e-mail address on a regular basis.
|
| Attack Methods |
■ Destructive
The only function of these Trojans is to destroy and delete
files. They can deliberately delete core system files (for example: .dll, .ini
or .exe files, possibly others) on the target machine. The Trojan is activated
by the attacker or sometimes works like a logic bomb and starts on a specific
day and at specific hour.
|
| Attack Methods |
■ Denial of Service (DoS) Attack
Trojans
These Trojans used by attackers to issue a denial of service. A
distributed denial of service may also be issued if the attacker has gathered
enough victims. WinTrinoo is a DDoS tool that has become popular recently, and
if the attacker has infected many ADSL users, major Internet sites could be shut
down as a result.
Another variation of a DoS Trojan is the mail-bomb Trojan,
whose main aim is to infect as many machines as possible and simultaneously
attack specific e-mail address/addresses with random subjects and contents which
cannot be filtered.
|
| Attack Methods |
■ Proxy/Wingate Trojans
Underground sites are known to announce freely available
proxy servers. These Trojans turn the victim's computer into a proxy/Wingate
server available to the whole world or to the attacker only. It is used for
anonymous Telnet, ICQ, IRC, etc., and also to register domains with stolen
credit cards and for other illegal activities. This gives the attacker complete
anonymity and the chance to do everything and point the trail to the
victim.
|
| Attack Methods |
■ FTP Trojans
These Trojans open port 21(the port for FTP transfers) and
lets anybody or just the attacker connect to the machine. They may be password
protected so only the attacker is able connect to the
computer.
|
| Attack Methods |
■ Software Detection Killers
There are such functionalities built into some Trojans, but
there are also separate programs that will kill Zone Alarm, Norton Anti-Virus
and many other (popular anti-virus/firewall) programs, that protect the target
machine. When they are disabled, the attacker has full access to the machine to
perform some illegal activity or use the computer to attack others and often
disappear.
Having seen the various types of Trojans, let us take a look at
the means by which they can infect the target.
For more information continue read on : www.oceninfo.co.cc being with us and be a master of computer
|
COMMENTS