Computer Trojan

Table of Contents

-----------------

01.What Is This Paper About

02.What Is A Trojan Horse

03.How Do Trojans Work

04.Trojans Variations

-Remote Access Trojans

-Password Sending Trojans

-Keylogging Trojans

-Destructive Trojans

-Denial Of Service (DoS) Attack Trojans

-Proxy/Wingate Trojans

-FTP Trojans

-Detection Software Killers

05.The Future Of Windows Trojans

06.How Can I Get Infected

-Via ICQ

-Via IRC

-Via Attachments

-Via Physical Access

-Via Browser And E-mail Software Bugs

-Via Netbios(File Sharing)

07.Fake Programs

08.Untrusted Sites And FreeWare Software

09.How Are They Detecting My Internet Presence

10.What Is The Attacker Looking For

11.Intelligence With Trojans

12.Trojan Ports

13.How Do I Know I'm Infected

14.Anti-Virus (AV) Scanners

15.Anti-Trojan Software

16.After You Clean Yourself

17.Online Scanning Services

18.Advice

19.Links Section

20.Final Words

-------------------------------------------------------------------------------

1.What is this paper about?

-------------------------

The Complete Trojans Text is a paper about Windows Trojans, how they work,

their variations and, of course, strategies to minimise the risk of infection.

Links to special detection software are included as well as many other topics

never discussed before. This paper is not only intended to be for the average

Internet/Windows user who wants to know how to protect his/her machine from

Trojan Horses or just want to know about their usage, variations, prevention

and future, but will also be interesting for the advanced user, to read

another point of view.

Windows Trojans are just a small aspect of Windows Security but you will soon

realise how dangerous and destructive they could be while reading the paper.

2.What Is A Trojan Horse?

-----------------------

A Trojan horse is:

- An unauthorised program contained within a legitimate program. This

unauthorised program performs functions unknown (and probably unwanted) by

the user.

- A legitimate program that has been altered by the placement of unauthorised

code within it; this code performs functions unknown (and probably unwanted)

by the user.

- Any program that appears to perform a desirable and necessary function but

that (because of unauthorised code within it that is unknown to the user)

performs functions unknown (and definitely unwanted) by the user.

The Trojan Horse got its name from the old mythical story about how the

Greeks gave their enemy a huge wooden horse as a gift during the war. The

enemy accepted this gift and they brought it into their kingdom, and during

the night, Greek soldiers crept out of the horse and attacked the city,

completely overcoming it.

3.How Do Trojans Work?

--------------------

Trojans come in two parts, a Client part and a Server part. When the victim

(unknowingly) runs the server on its machine, the attacker will then use the

Client to connect to the Server and start using the trojan. TCP/IP protocol

is the usual protocol type used for communications, but some functions of the

trojans use the UDP protocol as well. When the Server is being run on the

victim's computer, it will (usually) try to hide somewhere on the computer,

start listening on some port(s) for incoming connections from the attacker,

modify the registry and/or use some other autostarting method.

It's necessary for the attacker to know the victim's IP address to connect to

his/her machine. Many trojans have features like mailing the victim's IP, as

well as messaging the attacker via ICQ or IRC. This is used when the victim

has dynamic IP which means every time you connect to the Internet you get a

different IP (most of the dial-up users have this). ADSL users have