Ethical Hacking - Trojan Attacks

Trojans

Trojans are malicious files which are used by the attacker to create a backdoor without the knowledge of the user. It usually deletes or replaces operating system critical files, steal data, send notifications to remote attacker, and remotely control the target. Trojans usually hide behind a genuine code or program or file to avoid getting noted by the user. Behind the original program, it establishes a backdoor connection with the remote attacker.

Trojans

It has 3 parts

Dropper: This is the code which installs malicious code into the target.

Malicious code: This is the code which exploits the system and gives the attacker control over the target.

Wrapper: Wrapper wraps dropper, malicious code, genuine code into one exe package.

Parts of Trojans

When victims try to download an infected file, dropper installs the malicious code first and then the genuine program.

Purpose of Trojans

  • Steal information such as passwords, security codes, credit card information using keyloggers.
  • Use victim´s PC as a botnet to perform DDoS attacks.
  • Delete or replace OS critical files.
  • Generate fake traffic to create DoS.
  • Download spyware, adware and malware.
  • Record screenshots, audio and video of victim´s PC.
  • Disable fw and av.
  • Infect victim´s PC as a proxy server for relaying attacks.
  • Use victim´s PC as a botnet to perform DoS, spamming and blasting email messages.

Types of Trojans

  • Hypervisior Trojan.
  • HTTP/HTTPS Trojan.
  • Remote access Trojan.
  • FTP Trojans.
  • VNC Trojans.
  • Banking Trojans.
  • DOM based Trojan.
  • Destructive Trojan.
  • Botnet Trojan.
  • Proxy Trojan.
  • Data hiding Trojan.
Types of Trojans

Countermeasures:

  • Avoid opening emails from unknown users.
  • Do not download free software’s from untrusted sites.
  • Always upgrade and keep firewalls, IDS and anti-virus updated with latest patches and signatures.
  • Block all unnecessary ports.
  • Periodically check startup programs and processes running to find any malicious files running.