Professional Documents
Culture Documents
A Trojan horse or Trojan, is a type of malware that masquerades as a legitimate file or helpful program with the ultimate purpose of granting a hacker unauthorized access to a computer.
A Trojan gives a hacker remote access to a targeted computer system. Operations that could be performed by a hacker on a targeted computer system may include: Downloading or uploading of files on the user's computer Modification or deletion of files Crashing the computer Data theft (e.g. retrieving passwords or credit card information)
Remote Access Trojans Data Sending Trojans Destructive Trojans Proxy Trojans FTP Trojans Security software disabler Trojans Denial-of-service attack (DoS) Trojans
Netbus (by Carl-Fredrik Neikter) Subseven or Sub7(by Mobman) Back Orifice (Sir Dystic) Beast Zeus Flashback Trojan (Trojan.BackDoor.Flashback)
Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of Trojans and other pests. Even using a secure web browser, such as Mozilla's Firefox, if Java is enabled, your computer has the potential of receiving a Trojan horse. E-mail & I.M: Attachments on e-mail messages may contain Trojans. Many get infected through files sent through various I.M. ,this is due to an extreme lack of security in some instant messengers, such of AOL's instant messenger.
Trojan.Gletta.A is a Trojan horse program that steals Internet banking passwords. It logs keystrokes of a victim computer when the user visits certain Web pages and then emails the log to the attacker.
1) Trojan.Gletta.A executable locates the System folder copies itself to the system folder and the Windows installation folder. %System%\Wmiprvse.exe %System%\Ntsvc.exe %Windir%\Userlogon.exe
2)
Creates %System%\Rsasec.dll, which is a key logger and %System%\rsacb.dll, which is actually a text key logger file. 3) Adds a registry key value "wmiprvse.exe"="%system%\wmiprvse.exe" , to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run, so that the Trojan runs when you start Windows.
4) On Windows NT/2000/XP, it adds the value: "Run" = "%Windir%\userlogon.exe" to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\ WindowsNT\CurrentVersion\Windows, so that the Trojan runs when you start the operating systems. The program watches for Internet Explorer windows that have any of the following titles: National Internet Banking Welcome to Citibank Bank of China HSBC in Hong Kong
Install latest security patches for the operating system. Install Anti-Trojan software. Trojan Hunter A- Squared Install anti-virus software and update it regularly Install a secure firewall Do not give strangers access (remote as well as physical) to your computer. Do not run any unknown or suspicious executable program just to "check it out". Scan all email attachments with an antivirus program before opening it.