Trojans Daniel Bartsch CPSC 420 April 19,2007. What is a Trojan? Trojans are malware Named after...
-
Upload
adele-hampton -
Category
Documents
-
view
215 -
download
0
Transcript of Trojans Daniel Bartsch CPSC 420 April 19,2007. What is a Trojan? Trojans are malware Named after...
Trojans
Daniel BartschCPSC 420
April 19,2007
What is a Trojan? Trojans are malware Named after
Odysseus’s mythical trick
Embedded in a program
Cause a variety of undesired effects
Not simple to define!
©2007 Steve Smith and World of Stock
http://images.worldofstock.com/slides/BTE1174.jpg
Why are Trojans Hard to Define?
Definition creep! Should only refer only to infected
file Term expanded to refer to effects
file has as well Trickery used to prevent program
removal commonly classified as trojan
A Trojan is Not A Virus
Confusion caused by virus scanners Viruses infect other files The goals are different Viruses do not rely on tricking the
user Viruses do require action from the
user
A Trojan is Not a Worm
Worms do not require action from the user
Worms exploit security flaws Worms spread themselves Worms typically make multiple
copies of themselves
What are Some Properties of Trojans?
Use trickery in some form Do not typically spread themselves File they are attached to has to be
put into use at least once Have means to continue running Can be added to virtually anything
What Kinds of Trickery do Trojans Use? Highly desirable files
Exclusive Rare Free Codec Packs Bootlegs
New files No CD cracks Key Generators
What Kinds of Trickery do Trojans Use?
Disguises Fake error messages Lies from the sender Rootkits Encryption Vague process names
What Kinds of Things are Trojans Used for?
Pranks Make some zombies
Denial of service attacks Proxies Servers Spam
Mess with data
What Kinds of Things are Trojans Used for?
Disabling security software - the blended threat
Spying Key logging Drive Access Spyware and Adware Backdoors
What Kinds of Things are Trojans Used for?
Remote Administration
What are Some Common Trojans?
BO2K NetBus SubSeven SpySheriff
BO2K Free program
marketed as a RAT Reputation caused
classification Windows 2000,
NT, XP Actively
Developed Continuation of
Back Orifice
Some Features of BO2K
Key logging Registry Editing Remote upgrade and installation Connection redirection Audio and video capture Remote Reboot
BO2K in Action
NetBus Intended for
pranks Famously used to
put child pornography on Magnus Ericson’s computer
SubSeven Allows attacker to
lock out other attackers
Early versions included a master password
Optix Pro
Fully customizable Can disable security No longer in development
Optix Pro Configuration
Optix Pro Configuration
Optix Pro Configuration
Optix Pro Configuration
SpySheriff
Not a Remote Administration Trojan Masquerades as a spyware scanner Blocks connections, Disables internet
connections, prevents system restores
Can reinstall itself and give itself administrative rights
SpySheriff
One Famous Use of a Trojan
US learned of a Soviet plot to steal turbine control software
Leaked software with a trojan Software used in Trans-Siberian
gas pipeline Caused one of the largest non-
nuclear explosions and fires ever
Dealing with Trojans
Research required to remove any Trojan that a virus scanner can’t remove by itself
Preventative measures are best Multiple firewalls Disconnect computers from
networks if use of a RAT is suspected
Sources http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp http://www.webopedia.com/TERM/T/Trojan_horse.html http://cpsc420.cs.clemson.edu/material/Malware/Trojan%20Horses.jnt – authentication
required http://computer.howstuffworks.com/virus.htm http://pcworld.about.com/news/Jul122005id121793.htm http://www.bleepingcomputer.com/forums/topic22402.html http://hackpr.net/~sub7/faq.shtml#CA.1 http://www.symantec.com/avcenter/warn/backorifice.html http://bo2k.sourceforge.net/docs/bo2k_pressrelease.html http://bo2k.sourceforge.net/featurelist.html http://radsoft.net/resources/rants/20041128,00.shtml http://www.windowsecurity.com/articles/Student-Teacher-Optix-Pro-Part2.html http://www.taipeitimes.com/News/editorials/archives/2004/02/04/2003097438/print http://en.wikipedia.org/wiki/Zombie_computer http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29 http://en.wikipedia.org/wiki/Pest_Trap http://en.wikipedia.org/wiki/SubSeven http://en.wikipedia.org/wiki/Back_Orifice_2000 http://en.wikipedia.org/wiki/NetBus http://en.wikipedia.org/wiki/Optix_Pro http://en.wikipedia.org/wiki/List_of_trojan_horses
Any Questions?
Trojan Rabbit from Monty Python and the Holy Grail