Trojan Horse in the IT world
Trojan Horse (Trojan Horse), a Trojan horse is not a virus, because the Trojan Horse does not have the ability to self-replicate. However, the Trojan Horse is no less dangerous than the virus. Trojan Horse is generally packaged in the form of an attractive software. But behind the appeal of the software, other hidden functions to inflict damage. Suppose Keygen software / software key generators or search the Serial Number (SN) / locks, well of course we are interested in is not to run the software? Because sometimes asking us to register the software by entering SN trialnya weeks to eliminate future. Computer users who get the file that already contains a Trojan Horse are going to come to run it well Since last appeal. As a result of fatal, because then the users have meenjalankan destroyer routines are ready to spread disaster on his computer. Trojans can be a destructive program or program control. Examples of such trojan kaht, Back Orifice and Netbus. If the victim has been exposed to one of these programs then if the victim is connected to a network or the Internet, the sender can control the victim's computer trojan from far, because trojans open certain ports so that the computer can diremote, even impossible to shut down or damage from afar. It is similar to the population of the city of Troy who realize too late that their city has been entered by an enemy army.
The workings of Trojan Horse
Trojans go through two parts, the client and server. So hackers often have to walk embed trojannya on the victim's computer in order to lure the victim or execute / open a file that contains a Trojan, but there is also a direct Trojan infects his victims with only the victim ip kaht example. When the victim (unknowingly) runs the file containing the Trojan on his computer, then the attacker will use the client to connect to the server and start using the trojan. TCP / IP is a common type of protocol used for communication. Trojans can work well with this type of protocol, but some horses can also use UDP protocol properly. When the server is started (on the victim's computer), Trojan generally try to hide somewhere in the computer system, and then began to open some ports to connect, and modify the registry or using other methods, namely the method autostarting a trojan that automatically turn on when the computer turned on. Trojans are very dangerous for the computer user who connects a computer network or the Internet, because it could be hackers can steal sensitive data such as email passwords, dial-up passwords, passwords webservices, e-mail address, work documents, internet banking, paypal, e- gold, credit cards and others.
The types of Trojan? The types of Trojan are:
1. Remote Access Trojan
Remote Access Trojan horses including the most popular today. Many attackers use this Trojan reason many functions and is very easy to use. The process is waiting for someone to run a Trojan that functions as a server and if the attacker already has the IP address of the victim, then the attacker can fully control the victim's computer. Examples of this type of Trojan is Back Orifice (BO), which consists of running BOSERVE.EXE dikomputer BOGUI.EXE victim and run by the attacker to access the victim's computer.
2. Password Sender Trojan
The purpose of this type of Trojan is sending the password that was in the victim's computer or on the Internet to a specific e-mail that has been prepared. Examples of such intercepted passwords for ICQ, IRC, FTP, HTTP or other applications that require a user to enter a login and password. Most of this Trojan uses port 25 to send e-mail. This type of computer is very dangerous if the passwords are very important.
3. Trojan File Transfer Protocol (FTP)
Trojan FTP is the simplest and considered outdated. The only function that is run is to open port 21 on the victim's computer that causes the FTP client makes a person have to enter the password and the victim's computer without downloading or uploading files.
4. Keyloggers
Including the type of Trojan keyloggers are simple, with a recording function or record the victim's keystrokes when typing and keep it in the logfile. If it is between beats fill in your user name and password, then they can be obtained by reading the logfile attacker. This Trojan may be run when the computer is online or offline. This Trojan may know the victim is online and record everything. At the time of the recording process is done offline after Windows starts up and stored in the hard drive and wait while the victim online to transfer or taken by attackers.
5. Trojan Destroyer
The only function of this type is to destroy and delete files. Trojan destruction of the kind that is simple and easy to use, yet very dangerous. Once infected, and then not be able to rescue some or even all of the system files will be lost. The trojan automatically delete all files on the victim's computer system (for example: *. Etc., *. These or *. Exe). Trojan is activated by an attacker or work as a logic bomb and began working with the time specified by the attacker.
6. Trojan Denial of Service (DoS) Attack
DoS Attack Trojans currently includes very popular. This Trojan has the ability to run a Distributed DoS (DDoS) if it has a sufficient sacrifice. The main idea is that if the attacker has the 200 victims of ADSL users who have been infected, then began attacking the victim in unison. The result is that data traffic is very congested due to insistent demand exceeds the capacity of band width and the victim. This is causing Internet access to be closed. Wintrinoo is a popular DDoS tool recently, and if the attacker has infected users of ADSL, then several major Internet sites will collapse. Another variation of a DoS trojan is the mail-bomb trojan, its main purpose is to infect as many computers and attack in unison to address the specific e-mail or other address that is specific to a random target and payload / content can not be filtered .
7. Trojan Proxy / Wingate
Interesting shapes and patterns applied by the trojan makers to trick victims by using a Proxy / Wingate server provided for the whole world or just to the attacker alone. Trojan Proxy / Wingate used on Telnet, anonymous, ICQ, IRC, and to register a domain with a credit card number has been stolen as well as for other illegal activity. This Trojan attacker with complete anonymity and provide an opportunity to do everything to trace the victim's computer and can not be traced.
8. Software Detection Killers
Some Trojan has been equipped with the ability to knock out the function of detection software, but there are also stand-alone program with the same functionality. Examples of detection software which can be disabled function is Zone Alarm, Norton Anti-Virus and other programs that serve to protect anti-virus/firewall computer. When software detection is disabled, an attacker would have full access to the victim's computer, perform some unauthorized activity, using the victim's computer to attack other computers.
how to deal with the dangers Trojan
First do the detection of the presence of a Trojan on the computer. Trojan detection can be done in the following ways
1. Task List
Detect them by looking at the list of running programs in the task list. The list can be displayed by pressing CTRL + ALT + DEL or right click on the toolbar and click task manager. Besides being able to see which program is running, the user can perform a termination of the program are considered strange and suspicious. However, some Trojans still able to hide from the task list. So as to determine the program that runs as a whole need to open System Information Utility (msinfo32.exe) located at C: \ program files \ common files \ microsoft shared \ msinfo. This tool can look at all the processes currently running, well hidden from the task list or not. The things that need to be examined is the path, file name, file properties, and passes the file *. Exe and file *. Etc..
2. Netstat
All Trojan requires communication. If they do not do the mean communication objectives vain. This is a major weakness of the Trojans, with a mean of communication then they leave a trail that can be traced. Netstat command function opens a connection to and from one's computer. If this command is run it will display the IP address of the computer and the computer is connected to him. If you found an unknown IP address then it needs to be investigated further, pursue and arrest him.
3. TCP View
TCPView is a free utility from Sysinternals that has the ability to display the IP address and display programs used by other people to connect to the user's computer. By using this information, so if an attack can be known and can counterattack. Trojan Trojan removal steps can be removed with: Using Anti-Virus Software. Some antivirus can be used to identify and remove the Trojan. Using Trojan Software Scanner, which is in dedicated software to detect and remove the Trojan's most sadistic way yah reinstalled his computer.
Trojan precautionary measures to prevent
Trojans infiltrate your computer, make sure you install antivirus always updated, turn on the Windows Firewall either congenital or from outside. Always beware if your computer is experiencing something irregularities. Avoid the use of illegal software because software often without us knowing it contains a Trojan, download software from sites that can really be trusted.