Trojan horse or Trojan horse, or better known as Trojan in security computer refers to a form of suspicious software (malicious software / malware) that can damage a system or network. The purpose of the Trojan was to obtain information from the target (passwords, user habits recorded in the system log, data, etc.), and control target (gain privileges on the target).
How it Works
Trojan different from other types of suspicious software such as computer viruses or worms because two of the following:
* Trojan is "stealth" (invisible and not seen) in its operations and are often shaped as if the program is a good program, while a computer virus or worm to act more aggressively by destroying the system or create a system crash.
* Trojans controlled from another computer (computer attacker).
How to Spread
use of the term Trojan or Trojan horses intended for insertion of malicious code and damage in a good program and useful, as on the Trojan War, the Spartan soldiers hiding inside the Trojan Horse that is intended as a dedication to Poseidon. Trojan Horse Trojan according to officials considered harmless, and allowed to enter the fort Trojan that can not be penetrated by Greek soldiers for more than 10 years of turbulent Trojan war.
Most Trojans now in the form of an executable file (*. EXE or *. COM in Windows and DOS operating system or program with a name that is often executed in the UNIX operating system, such as ls, cat, etc.) are included penetrated into the system by a cracker to steal important data for the user (Passwords, credit card data, etc.). Trojans can also infect the system when users download the application (often a computer game) from a source that can not be trusted in Internet network. These applications to have Trojan horse code that is integrated within itself and allow a cracker to be able to mess up the system in question.
The types of Trojan
Several types of Trojans in circulation include:
* Thieves password: Type Trojan can find passwords that are stored in the operating system (/ etc / passwd or / etc / shadow in the UNIX family of operating systems or file Security Account Manager (SAM) in Windows NT family of operating systems) and will send them to the attacker of the original. In addition, this type of Trojan is also able to fool the user to make an appearance as if he is a login screen (/ sbin / login in or Winlogon.exe UNIX operating system in Windows NT operating system) and wait for the user to enter a password and send it to attackers. Examples of this type is Passfilt Trojan that acts as if he is Passfilt.dll file originally used to add security passwords in the Windows NT operating system, but the abused becomes a password stealing program.
* Recording keystrokes (keystroke logger / keylogger): Type this Trojan will monitor all typed by the user and will send it to the attacker. This species differs with spyware, even though these two things do similar things (to spy on users).
* Remote Administration Tool (Remote Administration Tools / RAT): This type of Trojan allows attackers to take over full control to the system and do whatever they want from a distance, such as formatting a hard disk, steal or delete data and others. Examples of this are the Back Orifice Trojan, Back Orifice 2000, and SubSeven.
* DDoS Trojan or Zombie Trojans: This type of trojan is used to make for infected systems can perform a distributed denial of service attacks against target hosts.
* There is again a kind of Trojan that mengimbuhkan itself to a program to modify the workings of the program that diimbuhinya. Types of Trojan is called a Trojan virus.
Detection and Cleanup
Trojan different from other types of suspicious software such as computer viruses or worms because two of the following:
* Trojan is "stealth" (invisible and not seen) in its operations and are often shaped as if the program is a good program, while a computer virus or worm to act more aggressively by destroying the system or create a system crash.
* Trojans controlled from another computer (computer attacker).
How to Spread
use of the term Trojan or Trojan horses intended for insertion of malicious code and damage in a good program and useful, as on the Trojan War, the Spartan soldiers hiding inside the Trojan Horse that is intended as a dedication to Poseidon. Trojan Horse Trojan according to officials considered harmless, and allowed to enter the fort Trojan that can not be penetrated by Greek soldiers for more than 10 years of turbulent Trojan war.
Most Trojans now in the form of an executable file (*. EXE or *. COM in Windows and DOS operating system or program with a name that is often executed in the UNIX operating system, such as ls, cat, etc.) are included penetrated into the system by a cracker to steal important data for the user (Passwords, credit card data, etc.). Trojans can also infect the system when users download the application (often a computer game) from a source that can not be trusted in Internet network. These applications to have Trojan horse code that is integrated within itself and allow a cracker to be able to mess up the system in question.
The types of Trojan
Several types of Trojans in circulation include:
* Thieves password: Type Trojan can find passwords that are stored in the operating system (/ etc / passwd or / etc / shadow in the UNIX family of operating systems or file Security Account Manager (SAM) in Windows NT family of operating systems) and will send them to the attacker of the original. In addition, this type of Trojan is also able to fool the user to make an appearance as if he is a login screen (/ sbin / login in or Winlogon.exe UNIX operating system in Windows NT operating system) and wait for the user to enter a password and send it to attackers. Examples of this type is Passfilt Trojan that acts as if he is Passfilt.dll file originally used to add security passwords in the Windows NT operating system, but the abused becomes a password stealing program.
* Recording keystrokes (keystroke logger / keylogger): Type this Trojan will monitor all typed by the user and will send it to the attacker. This species differs with spyware, even though these two things do similar things (to spy on users).
* Remote Administration Tool (Remote Administration Tools / RAT): This type of Trojan allows attackers to take over full control to the system and do whatever they want from a distance, such as formatting a hard disk, steal or delete data and others. Examples of this are the Back Orifice Trojan, Back Orifice 2000, and SubSeven.
* DDoS Trojan or Zombie Trojans: This type of trojan is used to make for infected systems can perform a distributed denial of service attacks against target hosts.
* There is again a kind of Trojan that mengimbuhkan itself to a program to modify the workings of the program that diimbuhinya. Types of Trojan is called a Trojan virus.
Detection and Cleanup
Detecting the presence of a Trojan is an action that is somewhat difficult. The easiest way is to see which ports are open and are in a state of "listening", using such a specific utility Netstat. This is because many of the Trojan runs as a system service, and working in background (background ), so that the Trojan-Trojan is able to receive commands from remote attackers. When a transmission is UDP or TCP, but the transmission from the port (which is in a "listening") or an unknown address, then it can be used as guidelines are concerned that the system has been infected by a Trojan Horse.
Here is an example of using Netstat utility in Windows XP Professional
C: \\> netstat-a-
b Active Connections Proto Local
Address Foreign Address State PID TCP
windows-xp:epmap 0.0.0.0:0 LISTENING 956
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
-- unknown component(s) --
[svchost.exe]
TCP windows-xp:microsoft-ds 0.0.0.0:0 LISTENING 4
[System]
TCP windows-xp:50300 0.0.0.0:0 LISTENING 1908
[oodag.exe]
TCP windows-xp:1025 0.0.0.0:0 LISTENING 496
[alg.exe]
TCP windows-xp:1030 0.0.0.0:0 LISTENING 1252
[ccApp.exe]
UDP windows-xp:microsoft-ds *:* 4
[System]
UDP windows-xp:4500 *:* 724
[lsass.exe]
UDP windows-xp:isakmp *:* 724
[lsass.exe]
UDP windows-xp:1900 *:* 1192
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]
UDP windows-xp:ntp *:* 1036
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C: \\ WINDOWS \\ system32 \\ kernel32.dll
[svchost.exe]
Create Snapshot
Alternatively you can use is to create a "snapshot" of all the program files (*. EXE, *. DLL, *. COM, *. VXD, etc.) and compare it over time with previous versions, under computer is not connected to the network. This can be done by creating a checksum of all files the program (with the CRC or MD5 or other mechanisms). Because often Trojan included in the directory where the operating system is (\\ WINDOWS or \\ WINNT for Windows or / bin, / usr / bin, / sbin, / usr / sbin in the UNIX family), then that is suspect is the files inside that directory. Many files that can be suspected, especially the program files that have names similar to file a "doing good" (like "svch0st.exe", than it should be "svchost.exe", a file that is run by many operating system services Windows) can be suspected as a Trojan Horse.
Antivirus
last way is to use an antivirus software, which features the ability to detect the Trojan, which combined with a firewall that monitors all incoming and outgoing transmissions. This method is more efficient, but more expensive, because the general device antivirus software combined with the firewall has a more expensive price than the above two ways (which tend to be "free"). Indeed, there are several devices for free, but still it takes time, effort and money to get it (download it from the internet).
http://thizan45.blogspot.com/rss.xml 
0 comments:
Post a Comment