20:01
Unknown
Author: jishnu
Trojan Horse/RAT Tools
Many of you may have seen your antivirus software detecting Trojan horses from your PC.What are these things?. Trojans is a program that appears to perform a desirable and necessary function but because of hidden and unauthorized code, performs functions unknown and unwanted by the user.
Type of Trojans
1. Remote Administration Trojans: There are Remote Access Trojans which are used to control or monitor victims computer.
2. Data Stealing Trojans: Then there are Data Sending Trojans which find the data on the computer and send it to the attacker automatically.
3. Security Disabler Trojan: There are Security software disablers Trojans which are used to disable antivirus software
Majority of Trojans have the capability of Remote Administration. Some example of these Trojans are . Beast,Netbus,Pro Rat,Sub Seven etc
How do they work.
A Trojan horse program will contain two parts one is the client part and the second is the server part. Client part is the one which we get while downloading a Trojan horse program.Using this we create a server application which is used to install in the victim's machine.Once the installation is successful the client will communicate with the server and the connection is established. While creating a server program ,we can set many options that the program is intended to perform in the victim's machine. We can define the email id to which the server send the victim's Ip address and port details.We can configure the server so that after succesfull installation it will send all the keystroke,Screenshot,Even webcam videos from the victim's machine to the hacker's email id.Some Trojans allow the hacker to remotely execute commands in the victims machine. Once the hacker get the system details from the server program the rest is simple .They just need to input the ip address into the client program and start hacking. The hacker can gain access to the victim's Desktop and do whatever he wants to do (including file transferring) without the knowledge of the victim.
How to do they get into your system?
For this attackers commonly use 2 methods. 1.Direct Installation 2.Remote installation . The first method is relatively harder.In this method the hacker directly installs Trojan horse in the victim's computers.These kind of attacks usually comes from people who have physical access to the the victim's computer.It can be either a co-worker ,a friend or anyone.Second method is Remote installation by targeting a particular victim.The stages of hacking can be divided into 3 .
1st stage.
Choosing the target.The hacker chooses a target ,Usually the target will be a Facebook friend ,Chat friend, colleagues etc..
2nd stage
2nd stage is collecting maximum information.Here social engineering plays some roles.The hacker collects the maximum amount of information about the target ,which includes his favourite things ,His computer details, Antivirus used etc etc.
3rd Stage
3rd stage is the planning .In this stage the hacker plans the method of deploying the Trojan horse program based on the information he collected . For example if his target is a game lover he will try to deploy the Trojan along with a game installer. So that he can make sure that the target will execute the Trojan in his machine.Also using the security information's collected in the above stage the hacker will plan about bypassing the victim's Computer security. Lets go into little more details ..In this stages some other tools will come in to scene which help the hacker to execute the attack.The most commonly used tools are Crypters and Binders.
What is a Crypter?
Crypter is a software that encrypt/hide the virus program so that they are not detected by the antivirus.The crypters will encrypt your virus code into something unreadable and thus hide the source code .Crypters are of two type ie FUD (Fully undetectable) means no antivirus will be able to detect the crypted file and UD (Undetectable) means a very few antivirus may detect your file .So by collecting the security information of the victim the hacker may use different crypters and test it with AV scan to make sure that it will bypass the antivrus software.Free and paid crypter softwares are easily available in the internet. Eg:Steal Cypter
What is a binder ?
Binder is a program used to bind two executables together.As we said earlier if the Victim is a game lover .Hacker will bind his Trojan server program with a Game installer .So when the victims run the game installer in the background the Trojan will also et installed.. Some binders allow to wrap the Trojan program along with the non executable file like image file . Eg:Easy Binder
Final Stage
So finally hacker have a Trojan server program which has been crypted to by pass AV detection ,which has been binded with some other files.The next step is just the delivery of the file to the victim's computer. The hacker may use the following modes of transmission 1.Chat 2.Web Download 3.Email Attachment 4.Physical Drive 5.Network Share Victim will install the Trojan and the hacking is done.The hacker can now do whatever he wants in the system.
Detection and Removal of Trojan Horse
Symptoms of Trojan attack.
1.Slowness of PC
2.Program starting and intiate without user knowledge.
3.Unwanted sites getting opened in web browsers
4.Any action that is suspicious or not initiated by the user can be an indication of a Trojan attack.
1.Always use an Updated AV and Anti Spyware software.
2.Use firewalls to increase the security.
3.Always update your windows system.
4.Always scan your web and email downloads.
We can also use a process monitoring software to find unwanted process in the system.se
Trojan Horse/RAT Tools
Many of you may have seen your antivirus software detecting Trojan horses from your PC.What are these things?. Trojans is a program that appears to perform a desirable and necessary function but because of hidden and unauthorized code, performs functions unknown and unwanted by the user.
Type of Trojans
1. Remote Administration Trojans: There are Remote Access Trojans which are used to control or monitor victims computer.
2. Data Stealing Trojans: Then there are Data Sending Trojans which find the data on the computer and send it to the attacker automatically.
3. Security Disabler Trojan: There are Security software disablers Trojans which are used to disable antivirus software
Majority of Trojans have the capability of Remote Administration. Some example of these Trojans are . Beast,Netbus,Pro Rat,Sub Seven etc
How do they work.
A Trojan horse program will contain two parts one is the client part and the second is the server part. Client part is the one which we get while downloading a Trojan horse program.Using this we create a server application which is used to install in the victim's machine.Once the installation is successful the client will communicate with the server and the connection is established. While creating a server program ,we can set many options that the program is intended to perform in the victim's machine. We can define the email id to which the server send the victim's Ip address and port details.We can configure the server so that after succesfull installation it will send all the keystroke,Screenshot,Even webcam videos from the victim's machine to the hacker's email id.Some Trojans allow the hacker to remotely execute commands in the victims machine. Once the hacker get the system details from the server program the rest is simple .They just need to input the ip address into the client program and start hacking. The hacker can gain access to the victim's Desktop and do whatever he wants to do (including file transferring) without the knowledge of the victim.
How to do they get into your system?
For this attackers commonly use 2 methods. 1.Direct Installation 2.Remote installation . The first method is relatively harder.In this method the hacker directly installs Trojan horse in the victim's computers.These kind of attacks usually comes from people who have physical access to the the victim's computer.It can be either a co-worker ,a friend or anyone.Second method is Remote installation by targeting a particular victim.The stages of hacking can be divided into 3 .
1st stage.
Choosing the target.The hacker chooses a target ,Usually the target will be a Facebook friend ,Chat friend, colleagues etc..
2nd stage
2nd stage is collecting maximum information.Here social engineering plays some roles.The hacker collects the maximum amount of information about the target ,which includes his favourite things ,His computer details, Antivirus used etc etc.
3rd Stage
3rd stage is the planning .In this stage the hacker plans the method of deploying the Trojan horse program based on the information he collected . For example if his target is a game lover he will try to deploy the Trojan along with a game installer. So that he can make sure that the target will execute the Trojan in his machine.Also using the security information's collected in the above stage the hacker will plan about bypassing the victim's Computer security. Lets go into little more details ..In this stages some other tools will come in to scene which help the hacker to execute the attack.The most commonly used tools are Crypters and Binders.
What is a Crypter?
Crypter is a software that encrypt/hide the virus program so that they are not detected by the antivirus.The crypters will encrypt your virus code into something unreadable and thus hide the source code .Crypters are of two type ie FUD (Fully undetectable) means no antivirus will be able to detect the crypted file and UD (Undetectable) means a very few antivirus may detect your file .So by collecting the security information of the victim the hacker may use different crypters and test it with AV scan to make sure that it will bypass the antivrus software.Free and paid crypter softwares are easily available in the internet. Eg:Steal Cypter
What is a binder ?
Binder is a program used to bind two executables together.As we said earlier if the Victim is a game lover .Hacker will bind his Trojan server program with a Game installer .So when the victims run the game installer in the background the Trojan will also et installed.. Some binders allow to wrap the Trojan program along with the non executable file like image file . Eg:Easy Binder
Final Stage
So finally hacker have a Trojan server program which has been crypted to by pass AV detection ,which has been binded with some other files.The next step is just the delivery of the file to the victim's computer. The hacker may use the following modes of transmission 1.Chat 2.Web Download 3.Email Attachment 4.Physical Drive 5.Network Share Victim will install the Trojan and the hacking is done.The hacker can now do whatever he wants in the system.
Detection and Removal of Trojan Horse
Symptoms of Trojan attack.
1.Slowness of PC
2.Program starting and intiate without user knowledge.
3.Unwanted sites getting opened in web browsers
4.Any action that is suspicious or not initiated by the user can be an indication of a Trojan attack.
1.Always use an Updated AV and Anti Spyware software.
2.Use firewalls to increase the security.
3.Always update your windows system.
4.Always scan your web and email downloads.
We can also use a process monitoring software to find unwanted process in the system.se
Posted in: Security
0 comments:
Post a Comment