Click here

Monday, 16 July 2012

THE TROJAN “HORSE”

I found it necessary to devote a chapter to Trojans.  Trojan’s are 
probably the most compromising of all types of attacks.   Trojans 
are being released by the hundreds every week, each more 
cleverly designed that the other.   We all know the story of the 
Trojan horse probably the greatest strategic move ever made. 
In my studies I have found that Trojans are primarily responsible 
for almost all Windows Based machines being compromised. 
For those of you who do not know what Trojans are I’ll briefly 
explain.  Trojans are small programs that effectively give 
“hackers” remote control over your entire Computer.  



Some common features with Trojans are as follows: 

•  Open your CD-Rom drive 
•  Capture a screenshot of your computer 
•  Record your key strokes and send them to the “Hacker” 
•  Full Access to all your drives and files 
•  Ability to use your computer as a bridge to do other 
hacking related activities. 
•  Disable your keyboard 
•  Disable your mouse…and more! 

Let’s take a closer look at a couple of more popular 
Trojans: 
•  Netbus 
•  SubSeven 

The Netbus Trojan has two parts to it as almost all Trojans do.  
There is a Client and a Server.   The server is the file that 
would have to get installed on your system in order to have 
your system compromised.  Here’s how the hack would go. 

The Hack
Objective:  Getting the potential victim to install the server 
onto his/her system.   


Method 1


Send the server file (for explanation purposes we’ll call the file 
netbusserver.exe) to you via E-Mail.  This was how it was 
originally done.   
The hacker would claim the file to be a game of some sort.  
When you then double click on the file, the result is nothing.  
You don’t see anything.  (Very Suspicious)  


Note: (How many times have you double clicked on a 
file someone has sent you and it apparently did 
nothing)


At this point what has happened is the server has now been 
installed on your system.  All the “hacker” has to do is use the 
Netbus Client to connect to your system and everything you 
have on your system is now accessible to this “hacker.”

With increasing awareness of the use of Trojans, “hackers” 
became smarter, hence method 2. 


Method 2


Objective: Getting you to install the server on your system. 
 Let’s see, how many of you receive games from friends?  
Games like hit gates in the face with a pie.  Perhaps the game 
shoot Saddam?  There are lots of funny little files like that.  
Now I’ll show you how someone intent on getting access to 
your computer can use that against you. 
There are utility programs available that can combine the 
(“server” (a.k.a. Trojan)) file with a legitimate “executable 
file.”  (An executable file is any file ending in .exe).  It will 
then output another (.exe) file of some kind.  Think of this 
process as mixing poison in a drink. 


For Example: 
Tomato Juice + Poison = something 
Now the result is not really Tomato Juice anymore but you can 
call it whatever you want.  Same procedure goes for 
combining the Trojan with another file. 
For Example: 


The “Hacker” in question would do this: (for demonstration 
purposes we’ll use a chess game) 
Name: chess.exe (name of file that starts the chess 
game) 


Trojan: netbusserver.exe (The Trojan) 
 (Again for explanation purposes we’ll call it that) 

The joiner utility will combine the two files together and output 
1 executable file called: 


<insert name here>.exe 


This file can then be renamed back to chess.exe.  It’s not 
exactly the same Chess Game.  It’s like the Tomato Juice, it’s 
just slightly different. 
The difference in these files will be noticed in their size. 
The original file:  chess.exe  size: 50,000 bytes 
The new file (with Trojan):  chess.exe  size: 65,000 bytes 


(Note: These numbers and figures are just for explanation 
purposes only) 


The process of joining the two files, takes about 10 seconds to 
get done.  Now the “hacker” has a new chess file to send out 
with the Trojan in it. 
Q. What happens when you click on the new chess.exe file? 
Answer: The chess program starts like normal.  No more 
suspicion because the file did something.   The only difference 
is while the chess program starts the Trojan also gets installed 
on your system. 
Now you receive an email with the attachment except in the 
format of chess.exe. 
The unsuspecting will execute the file and see a chess game.  
Meanwhile in the background the “Trojan” gets silently 
installed on your computer.  

If that’s not scary enough, after the Trojan installs itself on 
your computer, it will then send a message from your 
computer to the hacker telling him the following information. 


Username: (A name they call you) 
IP Address: (Your IP address) 
Online: (Your victim is online) 


So it doesn’t matter if you are on dial up.  The potential 
hacker will automatically be notified when you log on to your 
computer. 
You’re probably asking yourself “how likely is it that this has 
happened to me?”  Well think about this.  Take into 
consideration the second chapter of this manual.  Used in 
conjunction with the above mentioned methods can make for 
a deadly combination. 
These methods are just but a few ways that “hackers” can 
gain access to your machine.  





0 comments:

Post a Comment