Understanding Trojan Viruses and Types
In general, our lives have largely depended on various programs available on computers. Starting from office applications to entertainment provider software, we can easily and easily enjoy the gadgets that we have. Not to mention, the presence of an android system that offers hundreds to thousands of applications that we can install for free on our smartphones. Unfortunately, not a few of them in the form of malicious programs scattered on the access network that we usually use. We know this kind of program as a virus.
The virus in question is not a virus that can cause our bodies sick but human creation programs to infiltrate and attack a computer system. For those of you who are familiar with the use of gadgets, computers or other devices, viruses are not new. In one scan, you might find a series of different virus names from various groups as well. These viruses come from each type and class which have potential threats that are not equal to each other. One of the most deadly computer viruses in the world is the Trojan virus. However, not many people know the origin of this virus without studying it first. For that, we will peel some things attached to it so that the process of identifying the Trojan is easier.
Trojan horse or horses Trojan or better known as a Trojan in the computer security refers to a malicious software that can damage a system or network . The purpose of the Trojan is to obtain information from the target (passwords, user habits recorded in the system log, data, etc.), and control the target ( obtain access rights to the target).
What is a Trojan virus?
Trojan virus , or often referred to as Trojan horse, is a form of program disguised as a benign application. Unlike other viruses , Trojan horses do not replicate themselves but they can damage and reduce the performance of your computer like other viruses. One of the most dangerous types of Trojan horses is a program that claims to clean your computer of viruses, but instead instead cleans but instead introduces viruses to your computer.
Types of Trojan Horses
What are the advantages of Trojans compared to other computer viruses? Trojan viruses can give remote hackers access to the target computer system. Operations that can be carried out by a hacker on a targeted computer system include damaging a computer system, for example by the “blue screen of death”, formatting the disk, destroying all the contents of your computer data, using automatic systems such as botnets for example automated spamming, theft of electronic money, Infect other connected devices, data theft and banking network information, including confidential files, sometimes for industrial espionage, and information with financial implications such as passwords and credit card payments and file modification or deletion. that’s some of the greatness of the Trojan, the actual effect depends on the types of infected trojans on your computer.
The History of Trojan Horses
Trojan Horse statue
The history of naming the Trojan horse comes from the Trojan war story, Trojan horse is a strategy of the Greeks used to enter the city of Troy in a cunning way. The Greeks built large wooden horse statues by hiding their great armies in horse statues. The Greeks pretended to sail towards Troy with the wooden horse statue, the Greeks pulled the horse up to the fortress of the city of Troy as a prize for the victory of the war.
At night when all were gone, the Greek troops inside the horse came out and opened the main gate so that the Greek troops who had been aboard the ship could enter and attack the city of Troy. In short, Trojan horses also have a trick like that to get into a computer system, one of which is participating in software downloaded from websites on the internet. So for those of you who like downloading need to be careful who knows there is a Trojan malware that is installed.
- Trojans are ” stealth ” (stealth and invisible) in their operations and are often shaped as if they were good programs, while computer viruses or worms acted more aggressively by damaging the system or crashing the system .
- Trojans are controlled from other computers ( attacker computers ).
How to spread
The use of the term Trojan or Trojan horse is intended to infiltrate suspicious and destructive code in a good and useful program; as in the Trojan War , the Spartan soldiers hid in the Trojan Horse intended as devotion to Poseidon . The Trojan horse, according to the Trojans, was deemed not dangerous, and was allowed into the Trojan fortress which the Greek soldiers could not penetrate for about 10 years of turbulent Trojan war .
Most Trojans now are executable files (*. EXE or *. COM in Windows and DOS operating systems or programs with names that are often executed in UNIX operating systems, such as ls , cat , etc.) that are included in a system that is cracked by a cracker to steal data that is important to the user ( passwords , credit card data , etc.). Trojans can also infect the system when users download applications (often in the form of computer games) from sources that cannot be trusted on the Internet network . These applications can have Trojan code integrated in themselves and allow a cracker to be able to ruffle the system in question.
Types of Trojans
Some types of Trojans in circulation include:
- Password stealers : This type of Trojan can search for passwords stored in the operating system (/ etc / passwd or / etc / shadow in the UNIX operating system family or Security Account Manager (SAM) files in the Windows NT operating system family ) and will send them to the the real attacker. In addition, this type of Trojan can also deceive the user by making it appear as if he is the login screen (/ sbin / login in the UNIX or Winlogon.exe operating system in the Windows NT operating system) and wait for the user to enter his password and send it to the attacker. An example of this type is the Passfilt Trojan that acts as if it were a Passfilt.dll file that was originally used to increase password security in the Windows NT operating system, but is misused as a password stealer program .
- Registrar keystrokes ( keystroke logger / keylogger ): Type this Trojan will monitor all typed by the user and will send it to the attacker. This type is different from spyware , although these two things do the same thing (spy on the user).
- Tool remote administration ( Remote Administration Tools / RAT ): types of Trojans allow attackers to take over full control of the system and do whatever they want from a distance, such as formatting the hard disk , steal or delete data and others. Examples of this Trojan are Back Orifice , Back Orifice 2000 , and SubSeven .
- DDoS Trojan or Zombie Trojan: This type of Trojan is used to make an infected system able to carry out distributed denial of service attacks on the target host.
- There is another type of Trojan that affixes itself to a program to modify the workings of the program it enters. This type of Trojan is called a Trojan virus .
- Cookies Stuffing, this is a script included in the blackhat method , the point is to hijack the tracking code for the sale of a product, so that the sales commission is received by the cookie stuffing installer, not by the person who first references the sale of the product on the internet
Detection and cleaning
Checking Listening Port
Detecting the existence of a Trojan is an action that is rather difficult to do. The easiest way is to see which ports are open and are in a ” listening ” state , using certain utilities such as Netstat. This is because many Trojans run as a system service, and work in the background , so they can receive commands from an attacker remotely. When a UDP or TCP transmission is carried out, but the transmission is from a port (which is in a “listening” state) or an address that is not recognized, then it can be used as a guide that the system concerned has been infected by a Trojan Horse.
The following is an example of using the Netstat utility in Windows XP Professional
C: \> netstat -a -b
Proto Local Address Foreign Address State PID
TCP windows-xp: epmap 0.0.0.0-0 LISTENING 956
c: \ windows \ system32 \ WS2_32.dll
C: \ WINDOWS \ system32 \ RPCRT4.dll
c: \ windows \ system32 \ rpcss.dll
C: \ WINDOWS \ system32 \ svchost.exe
– unknown component (s) –
TCP windows-xp: microsoft-ds 0.0.0.0-0 LISTENING 4
TCP windows-xp: 50300 0.0.0.0-0 LISTENING 1908
TCP windows-xp: 1025 0.0.0.0-08 LISTENING 496
TCP windows-xp: 1030 0.0.0.0-08 LISTENING 1252
UDP windows-xp: microsoft-ds *: * 4
UDP windows-xp: 4500 *: * 724
UDP windows-xp: isakmp *: * 724
UDP windows-xp: 1900 *: * 1192
c: \ windows \ system32 \ WS2_32.dll
c: \ windows \ system32 \ ssdpsrv.dll
C: \ WINDOWS \ system32 \ ADVAPI32.dll
C: \ WINDOWS \ system32 \ kernel32.dll
UDP windows-xp: ntp *: * 1036
c: \ windows \ system32 \ WS2_32.dll
c: \ windows \ system32 \ w32time.dll
C: \ WINDOWS \ system32 \ kernel32.dll
Make a Snapshot
Another way that can be used is to make a “snapshot” of all program files (* .EXE, * .DLL, * .COM, * .VXD, etc.) and compare them over time with previous versions, in the condition of the computer is not connected to the network. This can be done by making a checksum of all program files (with CRC or MD5 or other mechanism). Because Trojans are often put into directories where the operating system is (\ WINDOWS or \ WINNT for Windows or / bin, / usr / bin, / sbin, / usr / sbin in the UNIX family), what should be suspected is files that are suspected are in that directory. Many files can be suspected, especially program files that have names that are similar to “good” files (like “svch0st.exe”, instead of “svchost.exe”, a file that is run by many operating system services Windows) can be suspected of being a Trojan Horse.
The last way is to use an antivirus software , which is equipped with the ability to detect Trojans combined with a firewall that monitors every incoming and outgoing transmission. This method is more efficient, but more expensive, because generally antivirus software combined with a firewall is more expensive than the two methods above (which tend to be “free”). Indeed, there are some free tools, but still it takes time, energy and money to get it (download it from the Internet).
Types of Trojan horse viruses
1. Remote Access Trojan
Abbreviated as RAT , is one of the seven main types of Trojan horses designed to provide attackers with complete control of the victim’s system. Attackers usually hide this Trojan horse virus in games and other small programs that unsuspecting users then run on their PCs.
2. Data Sending Trojan
This type of Trojan horse is a program designed to get important data from the target of important data attacks such as accounts, passwords, credit card information, files, e-mail address logs or others.
This type of Trojan can find and send data on your PC and computer, or they can install a keylogger and send all the keystrokes recorded and then send the information back to the attacker or often called hacker / cybercrime who designed the virus.
3. Destruktive trojan / trojan destroyer
Trojan destroyer is a type of Trojan horse that is designed to destroy and delete files, and is more like a virus than other Trojans. This is often not detected by the antivirus software you use, especially if the antivirus you are using is not up to date.
4. Proxy trojan
A type of Trojan horse designed to use the victim’s computer as a proxy server . This gives an attacker the opportunity to do everything from your computer, including the possibility of committing credit card fraud and other illegal activities, or even using your system to launch malicious attacks on other networks.
5. File Transfer Protocol (FTP)
A type of Trojan horse is designed to open port 21 (file transfer protocol) and allows an attacker to connect to your computer using File Transfer Protocol (FTP).
6. Security disabler Trojan software
A type of Trojan horse stops designed or kills security programs such as antivirus or firewall programs without the user knowing. This type of Trojan is usually combined with other types of Trojans as a payload
7. DoS attack
Denial of Service attack or DoS Attack, is a type of attack on the network that is designed to bring the network down by flooding traffic. Many DoS attacks, such as Ping of Death and Teardrop attacks, take advantage of limitations in the TCP / IP protocol. For all known DoS attacks, there is a repair software the system administrator can install to limit the damage caused by the attack. But, like a virus, new DoS attacks are constantly being hacked.
Remove Trojan Horse
The only way to 100% guarantee that your computer is free from infection is to completely reformat the hard drive and reinstall a clean operating system. This is a tiring and detrimental process because it can delete important files that you have. Another possible solution is to use anti-virus and anti-Trojan software. It’s just that Trojan variations sometimes exceed the speed of the antivirus program up-date.
Trojan Horse Attack
Trojan horse attacks are of various types, but all of which are intended for crime. As a result of the most numerous and easily found is the increasingly slow computer performance and increasingly slow computer network access. In addition, you need to always be vigilant because Trojan horses also target sensitive data on a computer that can be easily stolen through malware that has been embedded on a computer.
Taken from the Kaspersky website, Trojans are grouped according to the type of action taken such as:
- Backdoor , Trojan backdoor lets them do anything just to computers already infected as send, receive, upload, delete, reboot the computer and other actions without the consent of the owner.
- Exploit , a Trojan that contains data or code that enters through installed software application vulnerabilities.
- Rootkit, a rootkit is a type of Trojan designed to hide certain activities on the system so that it becomes heavy and slow.
- Trojan banker, Trojan banker is one of the malware that attacks online banking accounts, electronic payments, credit cards, debit cards and other digital money.
- Trojan DDoS, this Trojan has a duty to attack the website address that has been targeted.
- Trojan Downloader, Trojans that come in together with the software you install including adware and obscure advertisements.
In addition there are still other types of Trojans that have almost the same function with each other, namely Trojan Dropper, FakeAV Trojan, GameThief Trojan, IM Trojan, Ransom Trojan, SMS Trojan, Spy Spy and Mailfinder Trojan.