A Comprehensive Analysis of Trojan Virus Pertaining To Its Effects

A Thesis Presented to the Faculty of Computer Science InfoTech Institute of Arts & Sciences Crossing Shaw Boulevard, Mandaluyong

In Partial Fulfillment of the Requirements for CST

by Bolilia, Soberano, Malabuyoc, Rosario, Briol

Chapter I THE PROBLEM AND ITS BACKGROUND

Introduction Bradley Mitchell define viruses as a malicious software programs that exist on local disk drives and spread from computer to another through sharing infected files Once installed on a computer, a virus may modify or remove application and system files. Some viruses render a computer inoperable; others merely display startling screen messages to unsuspecting users.

Trojan horse or Trojan virus is one of the common types of computer virus. It is a network software application designed to remain hidden on an installed computer. Like viruses, Trojan generally serves malicious purposes and therefore a form of malware.

A Trojan is separated into two parts a server and a client. The client is positioned in peer-to-peer file sharing network, or unauthorized download websites. Once the client Trojan executes on the computer, the server has a high level of control over your computer which can lead to destructive effects depending on the attackers purpose.

A virus can be control by antivirus software which exists to combat viruses. Antivirus software examines the content of local disk drives to identify the viruses. In a computer virus like Trojans, the best way to keep your system from receiving any type

of this is to never open files sent to you by the people you do not know because it may contain some sort of link or file that will create a Trojan on the machine. It is fine to use an antivirus but the fact is that Trojans are created so often and theres a possibility that the antivirus that you used may not recognized the newest Trojans that have been created.

Background of the Study The study aims to gather information about the Trojan Virus and analyze its effect as one of the most common type of malware that can harm the computer system. The computer users must be aware about this virus because it may not only damage the system but it can also take over on your privacy. Once it is installed on your system, it can do several things. First, it has the ability to completely take over your system and not give any you access to any of your files. Next, it could possibly search your computer and monitor your usernames and passwords to various sites and even has the chances of getting your credit card numbers and sending all the information back to the creator. In that way, the attacker can access your private accounts and emails and they can steal money from you without your knowledge.

To give a solution on this problem, the computer users must inform about it. They should observe some of the symptoms of Trojan Virus. If the computer displays strange messages, operates slower than usual and crashing or re-starts on its own, then the users should think and do some action that can prevent that virus like downloading an antivirus that can kill a Trojan Virus. Other ways to avoid this kind of virus is to be more

careful in opening an email attachment from the people you do not know and with the extensions like exe. , ink. , and vbs.

Conceptual Framework Computer Virus

Trojan horse

Password Sending Trojan Horse Virus

CAUSE: Password Sending Trojan can spread through sending to a particular email addresses. These actions are performed without the awareness of the users. Some use this only for fun or only to track your conversations while others use this for evil with the purpose of stealing your money and credit cards.

EFFECTS:
Once they are installed on your system, they always track keystroke activity and log everything with the purpose of finding your passwords to email/messenger/online banking/forums/etc. Then they hourly or daily send the logged information to the person who installed it, by email or other methods. This way all of your private passwords can be used by others so they can get access to your

accounts and emails.

y y y y

PREVENTION Never execute programs unless they are from a trusted source. Dont open an e-mail attachment unless you know where e are those attachments came from. Choose antivirus software that compatible with your computer system. Update your antivirus software on a regular basis.

A Trojan is a type of computer virus and password sending Trojan is one of its classifications. It can spread through sending to a particular email addresses without the awareness of the users. Some use this only for fun or only to track conversations while others use this for evil with the purpose of stealing money and credit cards. The effects of this virus is, once it is installed on tour computer, it always track keystroke activity and log everything with the purpose of finding passwords to email/messenger/online banking/forums/etc., then it hourly or daily sends the logged information to the person who installed it, by email or other methods. This way all of the private passwords can be used by others so they can get access to accounts and emails. This kind of virus can be prevented by choosing an antivirus that is compatible with your system and can detect and kill Trojans. Never execute programs unless they are from a trusted source. Dont open an e-mail attachment unless you know where those attachments are come from. Choose antivirus software that compatible with your computer system. Update your antivirus software on a regular basis.

Statement of the Problem Objective or Purpose of the Study The main objective of the study is to have a comprehensive analysis about the Trojan virus pertaining to its effects and give some ways on how to prevent it. To share the knowledge and ideas that we can get on this study.

Research Questions Specially, the study aims to seek answers to the following subproblems: 1. What is Trojan and how does it really affect the computers? 2. How do Trojan horse viruses threaten the computer users like us and what can we do to prevent those viruses?

A Trojan horse or Trojan comes from the Trojan horse story in Greek mythology and was built by the Greeks just like the original Trojan horse. It is a form of malware, like viruses it can attack computer system by deleting all data that has saved on the computers and also corrupt the entire hard drives. Trojan can spread from one computer to another in some form of executable files or zip format files or when using Universal Serial Bus (USB) that is infected by virus. It slows down computer operation.

Computer users are threatening by a virus that spreads on computers because it may harm computer systems data or performance. Trojan has the ability to destroy system files of the computer automatically and all computer users must be ready whenever they will encounter this kind of virus.

First, search an antivirus that is compatible to the computer. Once you have downloaded antivirus, know the features of antivirus if it can kill a virus like Trojan horses if unexpected, we need to update antivirus regularly if there are new viruses come.

Other ways can be done to prevent a Trojan virus .Install patches and security updates for your operating system and software as they become available. Another is beware of homemade CDs and floppy disks. If you plan to use these disks in your computer, scan them with your anti-virus software first.

Scope and Limitations This study of Computer Virus will just focus in the Trojan Virus which is one of the most common and harmful types of malware. However, there are many types of virus that can harm and infects the computer but it will limit on the effects of Trojan virus on a computer system and some ways to prevent that kind of virus. Trojan virus has different classifications which are almost similar to each other. The Remote Access Trojans are the most frequently available Trojans. These give an attacker absolute control over the victims computer because they can go through the files and access any information about the user that may be stored in the files such as credit card, numbers, passwords and vital financial documents. Password Sending Trojan is a kind of Trojan that intends to look for password as key them into the computer through sending on a particular email addresses. This kind of Trojan is the same as Key Logging Trojan that searches for passwords or other sensitive data in the log files through sending the log files to a specific email address on a daily basis. Those three Trojans have a similar purpose which is to steal the password and to have a control over the victims computers but they differ on how they will attack their victims. Other types of Trojan are the Destructive Trojan, Denial of Service (DoS) Attack Trojan, Proxy/Wingate Trojan and the FTP (File transfer) Trojan. Destructive Trojan has

the purpose to destroy and automatically delete files from the victims computers. DOS Attack Trojan intends to produce a lot of internet traffic on the victims computer or server, to the point that the internet connection becomes too congested to let anyone visit a website or download something. Proxy/Wingate is a Trojan in which the attacker can register domains or access pornographic websites with stolen credit cards or do related illegal activities without being traced. FTP Trojans are possibly the most simple and are outdated. The only action they perform is, open a port numbered 21- the port for FTP transfers- and let anyone connect to the computer via FTP Protocol. Some might also come on USB drives, usually as Autorun.inf viruses.

Significance of the Study This study of Trojan horse is important because it can give information about its effect and some ways on how the victims can come out on this kind of virus. Trojan is one of the most common and harmful viruses. According to a survey conducted by BitDefender from January to June 2009, "Trojan-type malware is on the rise, accounting for 83-percent of the global malware detected in the world. Thats the reason why the computer users must be inform about it. Trojan can attack the computer without the users knowledge. It can infect the system depending on the attackers purposes so, to avoid Trojans, the users must observe some of its symptoms. If the files appear to be moving, changing size or doing other suspicious things, its worth getting antivirus software that compatible to your computer and can detect and check from Trojans.

Definitions of terms a. Antivirus software-used to prevent, detect and remove malware, including but not limited to computer viruses, computer worm, Trojan horse, spyware and adware. b. Computer Virus-a computer program that can copy itself and infect a computer. The term virus also commonly used to refer to other types of malware including but not limited to adware. c. Denial of Service (DOS) - is an attempt to make a computer resource unavailable to its intended users. d. Executable Code- Software in a form that can be run in the computer. It typically refers to machine language, which is comprised of native instructions the computer carries out in hardware. Executable files in the DOS/Windows world use .EXE and .COM file extensions. e. File Transfer Protocol (FTP) - is a standard network protocol used to copy a file from one host to another over a TCP-based network, such as the Internet. f. Keystroke - A stroke of a key, as on a computer keyboard. key stroke. g. Malware (malicious software)-is a software designed to harm or secretly access a computer system. h. Password Sending Trojan- a network software application designed to remain hidden on an installed computer. i. Pornographic Websites- Site Shelter is an automated online backup utility that backs up, mirrors, and repairs web sites and FTP sites. It logs into FTP servers, scans directories, and downloads files changed since the last backup. j. ProMail-a free e-mail program that stealing users names and passwords.

k. Wingate Proxy Server - is a complete internet management solution. Restrict web access, scan web surfing and email. l. Trojan Horse Virus- is software that appears to perform a desirable function for the user prior to run or install, but (perhaps in addition to the expected function) steals information or harms the system. m. USB (Universal Serial Bus)- is a computer standard designed to eliminate the guesswork in connecting peripherals to your PC.

Chapter 2 REVIEW OF RELATED LITERATURE AND STUDIES Foreign and Local Studies http://www.anti-forensics.com/the-trojan-defense (The Trojan Defense, By Max on March 5, 2009) andhttp://www.computerbytesman.com/lovebug/thesis.htm (Onel de Guzman's rejected thesis proposal at AMA Computer College) The two studies have differences on the definition of Trojan Virus. Max said that Trojan is a self replicating programs that can copy itself and replicate itself but Onels contradict on it, on his study he said that They are not virus and do not replicate like virus. They are complete application, are not attached themselves. This is the main idea and function of the Trojan horse program.Both studies deals with the effects of trojan virus but when they define it, it is contradicting. Foreign and Local Literature Trojan horse program steals passwords (BBC News) A free e-mail program called ProMail is stealing users' names and passwords and sending them to an unknown person. The information allows simple access to the victims' messages. The recipient is presumably the creator of what is termed a "Trojan horse" virus. A teenager called "David" has claimed responsibility in an e-mail to Ken Williams, who runs Packet Storm Security, a Web security site. The message was sent from an anonymous address and so cannot be verified. "I just wanted to increase the public's awareness on the problem of Internet privacy," the "David" character said. "If a program written by a teenager can be spread SO EASILY over the Net, unchecked, and even be used by the Armed Forces, then something must be wrong.

"But let me assure all you people using ProMail, I did not use, store, sell or do anything with your passwords or other data. And I did not download your mail."

This article is related to this study because it has something to do with the effects of Trojan Horse Virus in computer system.

Chapter 3 Research Methodology Method of Research to Be Used The study intends to investigate regarding the type of virus called Trojan Virus. This will give an idea about the negative effects of that certain virus on a computer. In this study, secondary research will be used (summary, collation and/or synthesis of existing research). Moreover, a constructive research, which develops solutions to a problem, will be observed. Based from its definitions from Wikipedia, it is the most common computer science research method. This type of approach demands a form of validation that didnt need to be quite as empirically based as in other types of research like exploratory research. Population, Sample size, Sampling Techniques The population of this study composed of the students and instructors that using the computer in InfoTech computer laboratory. Basically the respondents are asked about the problem that can give by the computer viruses on their computers. Description of Respondents The research will aim to gather information about the problem which is the negative effects of Trojan virus. Having a constructive research method it will also discuss the prevention of viruses or how can they protect their computer from Trojans and that will be the solution to the problem. The respondents of this study are the students and instructors of InfoTech. We constructed a questionnaire and conducted an interview or survey to twenty students

and instructors. They shared some of the effects of Trojan virus that they have encountered and told us what they have done to kill the virus and some other prevention that will help us on our study. Their answers gave us more idea about Trojans because we not just rely on what we read it is based from their experienced. Research Instrument The instrument that is used in this research is the computer itself which has the problem to solve. Observing in the computers that has viruses gave an idea about its effects. To gather more information, we also used the internet to visit the different website that talks about viruses. Another instrument that we used is the questionnaires that we used in conducting the interview. Data-gathering Procedure First, we plan on how we will do the study about computer virus and it comes to an idea to sight a specific type of virus called Trojan Horse or Trojan. Then, we set our objectives and create a question to be use as our guide. We observed some of the computers in our computer laboratory that has viruses and that gave an idea about some of its effects. We also conducted an interview to some of the students and instructors of InfoTech. The instructed interview is mostly a question and answer session. To gather more information and idea about this topic, we browse the internet and visit the different websites that discuss viruses. We search the effects of Trojan and the solution to the problem. After we gather the data, we study and understand its concept and that we came out on this study.

CHAPTER 4 Presentation, Analysis and Interpretation of Data The questionnaires were prepared for conducting a survey or interview to some of the students and instructors of InfoTech to know what types of Trojan Virus is the most affecting their computer system. Through this survey we found out that the Destructive Trojan that delete or corrupt their files in their computer got the highest. It was being followed by the FTP Trojan that infects the files on their USB drives. The type of Trojan that got the least is the Proxy Wingate.

The Most Common Types of Trojan Virus That can Affect the Computer System Of the Students and Instructors in Infotech

Remote Access/Password Sending/key Logging Trojans Unable to control of your email accounts. -Stealing of your password. Destructive Trojans - Corrupting or deleting the files on your computer system automatically. 6% 35% 53% 6% Denial of Services (Dos) Attack Trojan - Internet connection becomes too congested.

0%

Proxy/Wingate Trojans - Stealing of your credit cards without your awareness.

FTP Trojan - There s an Autorun.inf virus appear on your USB drives.

Chapter 5 Summary, Conclusion and Recommendation Summary: The Problem Trojan Horse Virus is one of the most common and harmful type of computer virus that can threaten a computer users. It is a form of malware that designed to remain hidden on an installed computer. This virus can spread through sending log files into particular email attachments. Another method uses is via chat softwares such as Yahoo Messenger and Skype. These actions are done without the awareness of the users. Once this virus is installed in your computer system, it can damage or infect your files and can have the ability to completely take over your privacy. It can steal some of your information just like usernames and passwords to email/messenger/online banking/forum etc. Trojan Virus has several types. The Remote Access Trojan, Password Sending Trojan, Key Logging Trojan, Destructive Trojan Denial of Service (DoS) Attack Trojan, Proxy Wingate Trojan and FTP Trojan those Trojans are almost similar to each other. Their main purpose is to steal some of the information from their victims such s usernames and passwords and completely control on their accounts. Trojan Virus can be controlled by using antivirus software and can be avoided by being more careful in opening an email attachment or message from the people you do not know. METHOD The method that we used in this study is a Constructive Research Method which develops a solution to a problem. A secondary research will also observe (summary, collation and /or synthesis of existing research. To start our study about Trojan Horse Virus, we browse and visit the different website that talks about Trojan Virus and its effect. To gather more information, we prepared a questionnaire for our respondents. We interviewed one of our classmates that have already encountered that virus, and one of our professors who is teaching SU (software utility) about computer virus and antivirus software. After the gathering of information, we study, analyze its concept and write it in its proper format, and that we came out on this study. Findings

An interview was conducted on the two computer users. One is the student of InfoTech who is being threatened by a Trojan Virus and an instructor in InfoTech who is teaching SU, about computer virus and antivirus. They are almost having a similar experience about this kind of virus. Some of the effects of this virus that they gave are , COMODO Internet Security and AVG 9.0 Antivirus are some of the antivirus software used by the respondents. They also gave some tips to avoid this kind of virus, like updating your antivirus regularly to detect the new viruses come and never open an email attachments and messages coming from entrusted source. Conclusion We therefore conclude that Trojan Virus can really threaten the computer users especially to those who doesnt have enough knowledge about this kind of virus because of its negative effects. Trojan Virus attacks their victims without the awareness of the users and designed to remain hidden when installed on a computer. Some of its effects given by our respondents are, it can delete, infect and corrupt files on the computer system, hacked their email accounts and damaged their USB. Some of the preventions they did was downloading an antivirus software that are compatible to their computer system. when they already know how is that virus being installed to their computer they become more careful in opening some of their email attachments and messages that they are receiving from the people they do not know. They are always updating their antivirus software regularly to detect the new Trojan Viruses. Recommendations (Trojan horse Virus) As we all know, Trojan horse is one of the common types of computer virus, theres a several things that we encountered. The effects to this virus to the computer users were really threatening. The researchers and our respondents recommend downloading the best antivirus that can kill and protect our computer system. Also update the antivirus software regularly to detect the new Trojan Horse Virus that comes to our computers. A computer user needs to be careful in using in opening all of our devices. Through their recommendations, computer users are now have the knowledge about the Trojan Virus, its effects and how to protect all our files on the computer system and also to prevent that kind of virus and to make our computer operation faster.