Home Securitate Services Resources Security Links Feedback Search T Network
Trojans
Trojans | Viruses | Sharing | Web Sites | Windows Update | MS Office

EN RO

Home
Up
Firewalls

Figure 2: A scan for Trojans (back doors).

Figure 2 shows another type of weakness a scan may uncover: a possible Trojan.

      I was studying how icq [a chat service] sends and receives messages, and I found something on one of those dark, creepy hacker sites which was called "icqrevenge", so I grabbed it to take a look. Winds up that this program copies itself as system32.exe into the windows/system dir and updates the registry to auto-execute it every reboot. This program would log your machine into an Undernet [Internet Relay Chat] channel, and keep you there (with hundreds of others!) waiting for the author to pick his victim.

How does a Trojan get into your computer? Even if a virus or worm has never infected your computer, one could have sneaked in with some other program. Tens of thousands of hackers have spent the last few years inserting Trojans into enticing programs. They infect screen savers, games, chat programs, web browser plugins, animated greeting cards. These programs are free from countless web sites. Or friend my give you a program not knowing it is infected.

You only download from respectable sites? You still aren’t safe.

      Electronic Arts' Origin gaming division launched a splashy new marketing campaign Thursday, offering free Web downloads of a much-anticipated sequel to its Wing Commander series.

      Problem was, the first copies of the game posted were infected with a virus.

      Users who downloaded the game and tried to install it infected their computers… with one of the most damaging viruses… the W95.CIH virus activates on the 26th of the month, wiping out some computers' flash memory.

      – "Online Game Spreads PC Virus," by John Borland. http://www.techweb.com/infoseek/wire/story/TWB19980827S0011

Usually Trojans spread at random. Most hackers also attack at random, scouring the Internet for victims. Is yours is the first one that comes up? Party time!

Let’s say a hacker probes your computer and finds a Trojan port. All she has to do is run an attack program designed to access your Trojan.

If a scanner reports a Trojan on port 1234, an attacker might run "Bus Driver." This connects to the "Net Bus" Trojan which uses port 1234. If Net Bus really is there, voila! The bad guy now controls your computer.

If the attacker finds port 31337 open, he or she will run the Back Orifice 2000 remote administration client against it. That’s because Back Orifice usually opens a port on 31337.

Google

 

Tip-Top-Hot Web Sites

 

Firewalls
Home Up Next

 

Privacy Policy | Terms of Service
© 1999 - 2008, MultiMedia SRL
Send articles and materials to be published on this website to: Publishing
If you see unauthorized or illegal materials on this website, please send an e-mail to: Abuse