1 / 28

Trojans

Trojans. Daniel Bartsch CPSC 420 April 19,2007. What is a Trojan?. Trojans are malware Named after Odysseus’s mythical trick Embedded in a program Cause a variety of undesired effects Not simple to define!. ©2007 Steve Smith and World of Stock

kyle
Télécharger la présentation

Trojans

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trojans Daniel Bartsch CPSC 420 April 19,2007

  2. What is a Trojan? • Trojans are malware • Named after Odysseus’s mythical trick • Embedded in a program • Cause a variety of undesired effects • Not simple to define! ©2007 Steve Smith and World of Stock http://images.worldofstock.com/slides/BTE1174.jpg

  3. Why are Trojans Hard to Define? • Definition creep! • Should only refer only to infected file • Term expanded to refer to effects file has as well • Trickery used to prevent program removal commonly classified as trojan

  4. A Trojan is Not A Virus • Confusion caused by virus scanners • Viruses infect other files • The goals are different • Viruses do not rely on tricking the user • Viruses do require action from the user

  5. A Trojan is Not a Worm • Worms do not require action from the user • Worms exploit security flaws • Worms spread themselves • Worms typically make multiple copies of themselves

  6. What are Some Properties of Trojans? • Use trickery in some form • Do not typically spread themselves • File they are attached to has to be put into use at least once • Have means to continue running • Can be added to virtually anything

  7. What Kinds of Trickery do Trojans Use? • Highly desirable files • Exclusive • Rare • Free • Codec Packs • Bootlegs • New files • No CD cracks • Key Generators

  8. What Kinds of Trickery do Trojans Use? • Disguises • Fake error messages • Lies from the sender • Rootkits • Encryption • Vague process names

  9. What Kinds of Things are Trojans Used for? • Pranks • Make some zombies • Denial of service attacks • Proxies • Servers • Spam • Mess with data

  10. What Kinds of Things are Trojans Used for? • Disabling security software - the blended threat • Spying • Key logging • Drive Access • Spyware and Adware • Backdoors

  11. What Kinds of Things are Trojans Used for? • Remote Administration

  12. What are Some Common Trojans? • BO2K • NetBus • SubSeven • SpySheriff

  13. BO2K • Free program marketed as a RAT • Reputation caused classification • Windows 2000, NT, XP • Actively Developed • Continuation of Back Orifice

  14. Some Features of BO2K • Key logging • Registry Editing • Remote upgrade and installation • Connection redirection • Audio and video capture • Remote Reboot

  15. BO2K in Action

  16. NetBus • Intended for pranks • Famously used to put child pornography on Magnus Ericson’s computer

  17. SubSeven • Allows attacker to lock out other attackers • Early versions included a master password

  18. Optix Pro • Fully customizable • Can disable security • No longer in development

  19. Optix Pro Configuration

  20. Optix Pro Configuration

  21. Optix Pro Configuration

  22. Optix Pro Configuration

  23. SpySheriff • Not a Remote Administration Trojan • Masquerades as a spyware scanner • Blocks connections, Disables internet connections, prevents system restores • Can reinstall itself and give itself administrative rights

  24. SpySheriff

  25. One Famous Use of a Trojan • US learned of a Soviet plot to steal turbine control software • Leaked software with a trojan • Software used in Trans-Siberian gas pipeline • Caused one of the largest non-nuclear explosions and fires ever

  26. Dealing with Trojans • Research required to remove any Trojan that a virus scanner can’t remove by itself • Preventative measures are best • Multiple firewalls • Disconnect computers from networks if use of a RAT is suspected

  27. Sources • http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp • http://www.webopedia.com/TERM/T/Trojan_horse.html • http://cpsc420.cs.clemson.edu/material/Malware/Trojan%20Horses.jnt – authentication required • http://computer.howstuffworks.com/virus.htm • http://pcworld.about.com/news/Jul122005id121793.htm • http://www.bleepingcomputer.com/forums/topic22402.html • http://hackpr.net/~sub7/faq.shtml#CA.1 • http://www.symantec.com/avcenter/warn/backorifice.html • http://bo2k.sourceforge.net/docs/bo2k_pressrelease.html • http://bo2k.sourceforge.net/featurelist.html • http://radsoft.net/resources/rants/20041128,00.shtml • http://www.windowsecurity.com/articles/Student-Teacher-Optix-Pro-Part2.html • http://www.taipeitimes.com/News/editorials/archives/2004/02/04/2003097438/print • http://en.wikipedia.org/wiki/Zombie_computer • http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29 • http://en.wikipedia.org/wiki/Pest_Trap • http://en.wikipedia.org/wiki/SubSeven • http://en.wikipedia.org/wiki/Back_Orifice_2000 • http://en.wikipedia.org/wiki/NetBus • http://en.wikipedia.org/wiki/Optix_Pro • http://en.wikipedia.org/wiki/List_of_trojan_horses

  28. Any Questions? Trojan Rabbit from Monty Python and the Holy Grail

More Related