So far we have discussed Trojan horse viruses’ characteristics and how to protect your computer from contracting a Trojan horse virus, I’d like to discuss another example of a Trojan horse virus named Beast.
It can affect Windows versions 95 to XP, and was created by Tataye in 2002. It became very popular due to its unique features that used the typical client-server model (where the client would be under operation by the attacker and the server is what would infect the victim).
Beast was one of the first Trojans to feature a reverse connection to its victims; that is once it was established, the hacker was able to completely control the infected computer. It mainly attacked these three sites:
- C:\Windows\msagent\ms****.com (Size ranging from 30KB to 49KB)
- C:\Windows\System32\ms****.com (Size ranging from 30KB to 49KB)
- C:\Windows\dxdgns.dll or C:\Windows\System32\dxdgns.dll (Location dependent on attacker’s choice)
It was using the injection method to inject viruses into specific process, commonly “explorer.exe” (Windows Explorer), “iexplore.exe” (Internet Explorer), or “msnmsgr.exe” (MSN Messenger) to steal information and give control to its author of your computer (K).
With Windows XP, you could remove the three files listed above in safe mode with system restore turned off and then you could disinfect the system.
Beast came in with a built in firewall by passer and had the ability to end anti- virus or firewall processes.
Another feature of Beast was that it had a binder feature that could be used to join two or more files together and then change the icon. Once connected to the victim Beast could manipulate files, terminate or execute services, applications, and processes managers; get access to stored passwords, power options (turn on/off, crash, reboot), and even chat with the client they were attacking (Beast).
“Beast (Trojan Horse).” Wikipedia. Wikimedia Foundation, 21 Apr. 2014. Web. 22 Apr. 2014.
K, Rajnish. “Top 10 Most Dangerous Computer Viruses of the Decade Updated 2012.” Tech Twisted Technology Blogging. N.p., 20f Feb. 2012. Web. 22 Apr. 2014.