4. The Application works same as the story and is the
most powerful application used for attacking
computers.
A new game, an electronic mail or a free software
from unknown person can implant Trojan or a
backdoor.
The first Trojan computer infection is believed to
have appeared in 1986 as a shareware program
called “PC-Write”.
6. TYPES OF TROJANS
Destructive Trojan.
Denial Of Service Trojan.
Remote Access Trojan.
Data sending Trojan.
Proxy Trojan.
FTP Trojan.
Security Software Disabler Trojan.
7. HOW SYSTEMS GET INFECTED BY TROJAN?
Visiting untrusted websites.
Email Attachments.
Pirated Software.
8.
9.
10. TROJAN DETECTION
Manual
With the help of tools
Run key of regedit
ComputerHKey_local_mac
hineSoftwareMicrosoft
WindowsCurrentversion
Run put in it to run
malicious software .
May appear as Malicious
drivers
C:windowsSystem32Driv
ers*.sys
process explorer
Icesword(port
monitoring) .
Driverview.
Srvman.
Sigverif.
TrojanHunter.
11.
12. BACKDOOR CONCEPT
A Backdoor allows a malicious attacker to maintain
privileged access to a compromised host
Unix back doors are typically installed via a Worm
,Root Kit or manually after a system has been
initially compromised.
Windows back doors are typically installed via a
Virus, Worm or Trojan Horse.
15. ROOTKITS
1.
2.
3.
Classical rootkits
Usually attacker
replace the /bin/login
file with the another
version.
He can also save the
password of other
users.
Sometimes Classical
Rootkit hide many
things.
1.
2.
3.
4.
Kernel rootkits
Most powerful rootkit.
It replaces the kernel
of OS.
It can also off
monitoring, antivirus.
It is very hard to
detect.
22. SPREADING MALWARE .
Fake programs (pop up/rogue security).
Internet downloads .
Internet Messenger.
Email attachments, Links.
Browser + email software Bugs.
May contain frame which contain malicious code.
Physical Access through keyloggers ,spywares.
23. PROTECTION FROM MALWARE
New Updates.
Personal Firewall.
Use non-admin account.
Use User Access Control.
24. CASE STUDY.
Back Orifice 2000.(Bo2k)
Oldest and most powerful backdoor used for
training issues in windows machine.
It is Open source and is free available on Sorce
forge website.
25. BACK ORIFICE 2000
It was written by Deldog one of the member of the
„Cult of the dead cow‟ group.
It was introduce in the DefCon Conference in 1999.
It was made for good use for monitoring activity but
many people make the malicious use of it.
26. ABILITIES OF BO2K
BO2K is very small but very complete in abilities.
Its client code is just 100KB can be easily implanted
on the victims computer.
It can use different kinds of Hiding technique.
In recent version it has the reverse client
connection.
As it is open source you can customize according
to your need.
27. MAKING A TROJAN USE BO2K
You can use binder application to bind the B02K
client code with other program.
Elite wrap , Saran Wrap, Silk Rope which are
mostly use to wrap BO2K.
It is seemingly useful program containing malware (rogue software)
visiting website can cause to infect the system.click to install npav but installspyware, keyloggerrootkit remote control
PoisonIVY-botnet command control centerbanker Fox-steals banking-Data-often through "Free" Software MP3 file
Classical Rootkits focus on linux based system.Usually attacker replace the /bin/login file with the another version.He can also save the password of other users.Sometimes Classical Rootkit hide many things.(network infromation(netstat,ifconfig),Disk Usage (du,df),Listing of File(ls),Finding of file(find),process status(ps))PROMISC flag in ifconfig file.(sniffing program)KernelRootkitsMost powerful rootkit.It replaces the kernel of OS.It can show network information, file status ,disk usage, port number, process status and other thing.It can also off monitaring ,antivirus.It is very hard to detect.Reverse Control.If there is a private network and victims system is running on the specific i[ address then it becomes difficult for attacker to communicate with the victim’s system.In this situation the backdoor come into picture.Attacker establish a server with the specific ip address and the backdoor can communicate with it inside the firewallEg :- making use of the HTTP protocol the backdoor can request for the commands for the attacker and the attacker can send it in the HTTTP format.Backdoor timing.The attacker can make use of the service which are used for updating the system.In Linux the cron command and in windows the scheduler .He can time the backdoor in such a way at the time when the system administrator in not in the office.
Rootkit:-take control of a systemBuilt in backdoorOften deployed as a torjangood s\w +bad s\w =trojanVery stealthy(silent)-obsure(hide) registry-folder-processesrun under system privileges mod access torjanvery dangerous
Self replicating malware, attached to a files, often to other computers.Lives forever(unless date term exists).spread mostly through human intervention.
WormsSelf replicating malware ,mem-resident,It spread through self replicating Possible resource-intensiveReplicates over network(shares)Often Bot-nets(to create army of bot-net)Distribute itself to everyoneEg:-COnflickerDeny access to administrative accessristrict access to security sitespayload=-actual code which runs on the system after exploitation.