Share on social networks
A trojan horse or trojan horse, in computer science, is malicious software that presents itself to the user as a legitimate and harmless program, but when executed, it provides remote access to the attacker.
The term troyano comes from the history of the Horse of Troy, which is mentioned in Homer’s Odyssey.
The trojans allow different tasks, but generally they create a backdoor (back door), which allows the remote administration to an unauthorized user.
Although trojans can be distributed as a computer virus, they are not, the main difference between both is that the trojan has the purpose of providing remote access to the attacker, while viruses are simply malicious programs that cause damage to equipment. A Trojan does not create damage, because it is not its objective.
With the passage of time, the use of trojans has been diversifying, although it is more common to know that they are used to steal bank or personal data.
Trojans have also been used as a sabotage weapon by intelligence services such as the CIA, which used these programs to sabotage the Siberian Gas Pipeline in 1982. The agency installed a Trojan in the software that would handle the operation of the Gas Pipeline, before the USSR compared software in Canada.
According to a study by the security software company BitDefender, from January to June 2009, “The number of Trojans is increasing, representing 83% of the malware detected”.
Currently, the statistics have increased to 85%.
When a hacker manages to gain access to a remote computer through a Trojan, he can perform one of the following actions:
•Use the computer as part of a botnet, for example, to send denial of service attacks, or send spam.
• Installation of programs.
• Collection of personal information, such as passwords, security codes, etc.
• Drilling, modification and transfer of files.
• Monitor keystrokes.
The form in which the connection can be made between the administration program and the resident can be classified into:
Direct connection: In this case the attacker connects directly to the infected computer via its IP address. Then, the attacking team is from the client and the victim is from the server.
Indirect or reverse connection: The host computer or the victim is connected to the attacker by means of an automatic process in which malicious software is installed on his computer, which is not necessary for the attacker to have the IP address of the victim.
To ensure the connection, the attacker can use a fixed IP or a domain name.
The reverse connection has advantages over the indirect one, especially when crossing some firewalls, if they can be used in networks located behind a router without problems, it is not necessary to know the IP address of the server.
The most common forms of infection are:
• Downloading programs in P2P networks.
• Web pages with executable content, such as ActiveX or Java applications.
•Social engineering, in which a pirate or attacker sends a Trojan directly to the victim through instant messaging (very common in the days of MSN Messenger).
• Attached files in electronic mails.
As the trojans are executed and kept hidden, the user could spend months infected without realizing it, so it is very difficult to detect and eliminate them manually, so it is recommended to have an updated antivirus, as well as a firewall.
MOST USED TROJANS
There are some trojans that have been famous among hackers, especially when they want to learn to be “hackers”, some of them are:
•NetBus, created in 1997, by Carl-Fredrik Neikte, programming in Delphi, direct connection type.
•Sub7, created in 1999, for MobMan, programming in Delphi, direct connection type.
•Bifrost, created in 2004, for KSV, programming in Delphi and C++, of direct and reverse connection type.
•Bandook, created in 2005, for Princeali, programming in C++, direct and reverse connection type.
•Poison, created in 2009, for Shapeless, programming in Delphi and AMS, of type connection inversa.
The NetBus programmer stated that the software was intended to be used for pranks, not for illegal intrusions into computer systems. However, this Trojan has been used for serious acts, such as in 1999, when it was used to introduce child pornography in the work team of Magnus Eriksson, a law major, from the University of Lund.
If they discovered 3,500 images for the administrators of the system, for which they accused Eriksson of having downloaded them with all intentions, he hasta poder descover after they were downloaded remotely.
Share on social networks