Trojan Horse Program

Presented by :

Lori Agrawal

Agenda What is Trojan Horse program? Who are the targets? How it gets spread? Impact of Trojan Horse Attack Control of hackers over files Ways to avoid this attack

Continue:

Detection of attack How to remove Trojan from system Example: SubSeven Capabilities of SubSeven Program Parts of SubSeven A real Trojan Horse Threat Conclusion

What is Trojan Horse Program?

Trojan Horse is one of the today’s most serious threat to computer security.

A malicious security-breaking program disguised as something benign.

A executable program Once infected, it is controlled totally by a

hacker.

Who are the most targets?

The home computers Reasons

Private Content Availability Defendless status

How it gets spread?

Email attachments Sending files in chat rooms Infected computer can attack other

computer

Impact of Trojan Horse Attack Complete access to victim’s

system Delete and alter files Access to Administrator privileges Other computer get infected An infected computer can be

targeted by any user.

Control of hackers over files Alter user’s private documents

such as bank statement, credit card statement, password file, mortgage payments files.

Access files remotely as they own it

Access of chat history

Ways to avoid this attack Don’t download from unknown source Need to be aware of hidden extension Don’t use automatically get file feature Don’t type a command or go to web site

told by a stranger Remove unnecessary services and file

shares

Detection of attack

Hard to detect whether a computer is infected or not

Not listed under process list of ALT+Ctrl+Delete key

To detect, one can scan his computer for open port

How to remove Trojan from system

By getting clean re-installation

Anti-Trojan Software

Example: SubSeven

Trojan Horse program that attacks computer running on Window 9.x platform.

More popular than other types as it provides more options.

What SubSeven can do? It can restarts Windows of Victim’s computer. It can record sound files from microphone used on victim’s

machine. It can record video images from a video camera attached to the

victim’s computer. It can change desktop color, wallpaper and turn on and off the

victim’s monitor. It can open and close CD-ROM drive. It can capture screen shots of user’s currently activity. A new version of SubSeven also allow hackers to know whether a

victim is presently online, a manager feature that can abort a program running on victim’s machine.

Part of SubSeven:

SubSeven Server: Must run on victim’s computer.

Client Program: Used by hacker on his machine to connect to server(Victim’s computer).

Server Editor: An interface to Hacker to choose option how to get information from victim’s computer.

A real Trojan Horse Threat Targets were customer of Paypal’s

online service Spread using sending emails containing

subject line “PAYPAL.COM NEW YEAR OFFER”

Emails contained information about payment discount

Create a fake Paypal web site and ask for credit card info.

Conclusion

Serious network security problem Once infected, computer is totally

controlled by hacker. Hard to detect whether a computer

is infected or not. Hard to recover.

Any Questions?