|Forget Viruses-- Heard of
Trojan Horse??? New menace on the NET!
by Kaushal Mehta
There have been a recent spate of trojans /
exploits, where someone is able to control your computer over the internet. Even worse,
they're able to read any files on your hard drive, get your internet password, or any
other sensitive information, and even format your hard drive.
So what is a Trojan Horse?
A Trojan horse is defined by FOLDOC as a "malicious, security-breaking program that is disguised as something
benign" such as a screen saver, game, hack, nuke, etc. Instead, running the file
gives control of your computer over to somebody else, who can now takeover your IRC
channels, steal account passwords, modify/erase files on your disk, use your computer to
perform felonious denial of service attacks on others, or worse! Trojans are not the same
as viruses, but once you're
"infected", the effects are just as dangerous, and you can spread the trojan to
others without even being aware of it!
Is your computer infected?
Trojans are typically files with
suffices like "ini", "exe", or "com", such as
"dmsetup.exe". These days nearly all trojans are spread in the guise of a free
game or other software. You probably downloaded one from a WWW or FTP archive, ICQ file
exchange, or through IRC's DCC file transfer (by manual /dcc get or, worst yet, an
"auto DCC get" feature which allows anybody to send you anything,
including not only trojans but also viruses, child porn, etc.). Typically the trojan needs
to be run manually, and installs hacked files all over your disk silently.
You may say I never download files from people or
sites, which I am not 100% sure about. But the most common way to get the trojan is from
your friend and known people on icq or email, yes these are the people whom you cant
say no to a file transfer. Just for fun, or invading your privacy they send you a trojan
file saying it is a nice joke or a game, you accept the file run it and along with that
joke or the game the trojan gets installed. YES any picture file or exe file nowadays can
be attached with a trojan with the help of softwares like joiner or silkrope etc. So along
with file the trojan is merged.
Signs to watch
While you are surfing the net your cd-rom opens and
closes on its own, sound files start playing on your computer, your background on your
desktop has changed on its own. Worse your computer restarts on its own (giving the hacker
the opportunity to see your internet password). Your keyboard hangs etc. See the image
below to see what all can be done by the attacker. This is a screen dump of netbus trojan.
most common Trojans.
- Back Orifice
This sophisticated backdoor program is not specific
to IRC at all. Once downloaded and run, it allows attackers to remote control your
computer almost as if they were sitting right in front of it. They can change or steal
your passwords, run or delete files, reboot the computer, format your disk, etc. all
without your knowledge or consent.
Downloaded as a relatively large .exe or .zip file,
typically 125 kB. creates " .exe" in c:\windows\system which will appear to be
nameless. creates a Windows registry key under
To remove follow this link
Like Back Orifice (BO) above, NetBus is a backdoor
program that allows others access to your computer remotely. One thing that sets it apart
from BO is the ability to open/close your CD-ROM door. In addition, like BO it allows
others to change/steal your passwords, run or delete files, reboot your computer, format
drives, and even make your computer unable to be started up.
Your machine listens for TCP connections on port
12345 or 20034, although this can be changed with more recent versions. Telneting to those
ports gives a string like "NetBus [version number]".
creates a Windows registry key under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run or for version 2 or later
- SubSeven the latest and the deadliest.
Similar to back orifice but many advanced features
including web cam support.
The sub seven screen
Backdoor.BO (aka Backorifice)
Backdoor.DeepThroat Backdoor.Executor Backdoor.Netbus Backdoor.Phase aka Phase Server
Backdoor.TheThing Backdoor.Choleepa Crackers On4ever (Trojan) PKZIP300 Trojan
Trojan.AOL.Buddy Trojan.BuggyHidp Trojan.Durell Trojan.FlashKiller
Trojan.Macro.Excel.Taiwanes Trojan.Macro.Word.Format Trojan.Macro.Word.Nikita
Macro.Word97.Trojan.Thief Trojan.NetPatch Trojan.PSW family Trojan.Stdout Trojan.Telefoon
Trojan.Win.BadSector Trojan.Win.BuggyShell Trojan.Win.Heckler Trojan.Win32.AntiBTC
Trojan.Win32.Antigen Trojan.Win32.Coke Trojan.Win32.DiskAdmin Trojan.Win32.LoveYou etc.
How do I get rid
Always use a good anti-virus like avp, norton anti-virus
etc. These and other anti-viruses can detect and warn you of any possible attacks by
viruses as well as trojans. Always update your anti-virus once in 14 days. You never now
when a latest trojan can attack you. You can download small and very good trojan removing
softwares and run it on your computer like lockdown2000, cleaner etc.
For eg lockdown2000 and cleaner can
detect more than 50 types of trojans including new ones.
Just download lockdown2000 or cleaner and run it on
your computer and then sleep with peace of mind.
links and more info