|
Trojans explained
It is common, amongst computer users to refer to remote access trojans as viruses, this is a misconception fuelled by the media and by various websites on the Internet. Remote access trojans in most cases cannot replicate themselves whereas viruses can.
If it's not a virus is it still dangerous? The answer is yes. Think of it this way, if you go out to work but you forget to lock the back door, anyone who knows where to look for the back door can walk on in and go through all your belongings and possessions, stealing and damaging anything they want to. The same applies to R.A.T's if a "hacker " (I use the term loosely as real hackers don't use trojans, they don't need to) knows where to look for a port that has been opened by a trojan, then he can access that persons computer doing to it what ever he wants.
Most Rats' are made up of two parts, the first part is called the client, and this is the part the hacker uses to control the victim who is infected with the second part called the server. The server, once executed wont show up on ctrl-altdel and in most cases once run, the server file will melt away becoming a hidden file making finding it very difficult in windows, although it may be found in dos mode by removing the hidden flag from it.
There are about 5 main types of Rat's and various subsets of these. The most common type of trojan is the remote administration type, these include Subseven, netbus, back orifice etc. These types of trojans basically give the hacker more power over the victims computer then the victim may have originally had. They include such functions as the ability to steal all passwords cached or not (this is done using key logging technology), modify the victims registry, upload, download, execute (run) files, and various other things like turning on a web cam and spying on a victim.
The second type of trojan is a file server trojan; these trojans create a file server, usually an ftp server on the remote victims computer allowing a hacker to upload or download files, this is commonly used to upload a powerful remote administration trojan. Because some of these file server trojans are small (some are just 8 kbs) they are easily binded to other files making no significant size change. These are most commonly found in games and funny programs that people send around the internet to amuse each other not realising they are infecting them selves and there friends with trojans.
The third type of trojan is the password sending trojans, these trojans have one purpose and that is to steal passwords from the victim's computer and send them back to the hacker, the most common way these trojans communicate with the hacker is by email. Its pretty scary to think that your computer is sending a hacker secret emails with all your passwords.
Fourth on the list is key logger trojans; these trojans log everything the victim types and either sends the info to the hacker by way of email or stores the typed info in a secret file located on the victims computer which the hacker then downloads using the client part of the trojan
The fifth type of trojan is probably one of the most disturbing types to be recently developed; this is the distributed denial of service trojans or DDoS. A hacker infects a large number of victims with a DDoS trojan, then using the client part of the trojan he can connect either to all of them at once or he sends his commands to a drone (a master server) that then sends the commands out to all the victims to attack a single website or persons pc. These types of trojans have been used recently to bring down big sites like yahoo.com.
How do I know I have a trojan?
Well, you may notice weird things happening apparently by themselves, a classic example is when your C.D. ROM drive starts opening and closing by itself.
Other signs include strange files appearing, even directories appearing that weren't on your computer before; and messages appearing on your screen. Your mouse may even seem to be controlled by someone else. Generally, you will feel as though you have lost control of your computer. Things will just be happening, that shouldn't be happening.
To find out for sure if you have a trojan try doing this test
Go to the dos prompt when you are offline and type in netstat -a this will show you the list of current connections and open ports on your computer, check through the open ports with our port list and see if a trojan port is open, if so you most probably have a trojan and should try and remove it.
How do I get a trojan?
I have had many people say to me "How can I have a trojan, I use a virus scanner?" Well, sorry to say this, but most virus scanners are crap when it comes to trojans, and the newer the trojan the more likely it will be unnoticed by a virus scanner.
Trojans are normally hidden in files that end in .exe or .com and .bat
So when you are downloading a file from the internet make sure it's from a reliable source. It's always best to use a trojan scanner to insure that your machine is trojan free. There are a lot of anti trojan scanners and programs available in our Files Archive.
People will sometimes send you a trojan through icq
or other file transferral techniques. Remember; if you don't trust the person don't execute the file. That way you'll be safe if it's a maliciously coded program like a trojan.
How do hackers find me?
People often ask, "How do hackers find me? Why do they target me?"
Well, hackers can find someone, who is infected with a certain trojan, very easily. All they need to know is what port the trojan opens, and they have all the information needed, to find a victim on the internet.
To find a victim, the hacker uses a port scanner that is capable of scanning IP ranges for open ports. Many internet tool kit programs include a port scanner capable of this and these are readily available as shareware or freeware.
Some trojan clients also have built in scanners. These are also very effective in finding infected people. Some trojan clients, like back orifice, and hack'a'tack can do super fast scans, scanning lists of 30 or more IP subnets in a minute or so. With this in mind, if you're infected, then you are very likely to be hacked, unless you do something about it.
Another scary thing about some trojans is that they have the ability to send emails secretly from your computer to the hacker's computer every time you are online, giving the hacker your IP number, so that he can use this information to hack into your computer.
There is also, at least one trojan, that tells the hacker through ICQ, if you are online or not. These hackers can also get your IP from your info in ICQ and hack you as well.
(And if you say that you have hidden your IP number in info, so you wont be hacked, there are cracks for ICQ that allow people to see your IP number in info even if its hidden. They can also add you to their list without your authorization.)
Knowledge is power
The best way to protect yourself from the wannabe hackers that lurk around on the internet is to start to think like them, it isn't very hard to outsmart these losers at there own games and even easier to catch them.
One of the most basic things to remember when using the internet is that it is easy to pretend to be someone who you are not. This means don't accept a file from someone you just met claiming to be a nice 12 yr old girl or an innocent first time net user, how can you be sure these people aren't wolves in sheep's clothing?
Never accept a picture from some one in the form of an .exe file .com file or any other executable file, pictures aren't executables and should never come in this file format, if you do receive a picture from someone in that format then you have been tricked and it is most probably a malicious program, virus or a trojan horse.
Sometimes these losers will send you trojans hidden in greeting cards in your email, it is very easy to spoof (use a fake) email addresses so don't take email addresses at face value and don't execute files that look suspicious. NEVER TRUST HOTMAILS ONLINE VIRUS SCANNER …. It has been shown to be obsolete and doesn't detect some of the most common viruses on the net today. (This has to do with the fact that hotmail runs on Unix servers and not windows servers. Doesn't Microsoft trust their own software? )
A common trick by hackers is to delete the victims netstat.exe file, if you have found this file deleted then you will need to download another copy from a friend and place it into your windows system folder.
Never ever let you computer remember passwords, this results in your passwords being stored in your computers cache memory, it is very very easy for trojan horses to retrieve all these passwords leaving you vulnerable to more and greater hacks. If a hacker gets hold of your dial up account number or RAS then he or she can use it to connect to the internet and hack people with your account possibly getting you in trouble.
Always use a firewall type program, if you do get hacked then you can block the intruder and stop it right away, look in our files archives for programs that will be helpful in securing your pc from the losers out there who think its humorous to pilfer through your personal stuff while your surfing the net.
|
|
