What is a Trojan?

QQ is a popular instant message in China, which is really similar with Facebook. I started to use it frequently when I was in middle school. Once, I got from my friend a message, which stated that my friend wanted to borrow 300 dollars from me because her mom had car accident, and she needed that money to save her mom. Also, it listed an account number that let me transfer money to there. I was shocked, and called my friend immediately. When my friend knew why I called, she explained me that no car accident happened to her mom; it was a fraud. She had many friends call to ask about her mom that day, so she checked her computer and found that the Trojan intruded into her QQ and sent that message to her friends. In case of this trouble happen to me, I installed an antivirus software to protect my computer. From this case, I was curious about what was Trojan, and how it intruded into computer.

Trojan horse viruses formed very early. It was simple when the Internet based on UNIX, but as the development of Windows, it became more complex. Trojan is a malware program, which can steal account passwords by invading computers. It’s a specific type of computer virus, usually is used by hackers. Different from other computer viruses, it neither can self-replicate, nor can infect other files in the computer. It uses masquerade to attract users to download and execute. It will provide a backdoor for the controller to have unauthorized access to the affected computer (Cole 200). The controller can arbitrarily destroy or steal users’ files, even control the computer from distance. Trojans usually will run automatically. It will record the account name and password when users log in their accounts, such as Facebook or online banking account, and send the stolen information to the controller’s email address. All of these behaviors attack computer’s security and commit computer crime.

Reference: Cole, Eric. Network Security Bible. Second ed. N.p.: John Wiley & Sons, 2009. Print

The characteristics of Trojan

As the popularization of the Internet, the viruses are widespread beyond imaging. Trojan, widely known as one of the viruses, is trying to control another computer by using powerful client-server model, which is a central computer provides information and processes to multiple end-user computers. These computers that completely are invaded by Trojan are servers, and hackers use controller to operate servers. Once controller connects with Trojan, the client will own most power of the server so that the client can issue commands in the computer, such as brows, move, copy, and delete documents.

Although there are thousands types of Trojan, they share some same characteristics. The following four of them are more basic. They’ve made people annoyed because they were hard to deal with.

The first one is its concealment. Trojan is similar to remote control (IT Technical Services) but remote control software like team viewer is friendly. So it doesn’t have concealment. On the opposite side, the goal for Trojan is to arrive stole remote control. If the Trojan cannot be elusive, it is meaningless. Secondly, Trojan has strong fraudulence. Trojan is able to use a skill that named bundle deception; binding an undisclosed document has dangerous resulted program with a normal document (Fraud Awareness).

Besides, every kind of Trojan can open terminal automatically by using the communication means of client-server model. In order to open a door, it will connect with some rarely used terminals in TCP or IP protocol (Technology). Finally, Trojan has the ability of self-repair. If you didn’t kill every Trojan in your computer, it will recovery and attack computer because when Trojan intruded into computer, it would immediately finish duplexing backup sets in some corners.

Reference:

“Trojans.” Trojans. IT Technical Services, 17 May 2007. Web. 19 Apr. 2014.

“Fraud Awareness.” Online. N.p., n.d. Web. 19 Apr. 2014.

“Types of Trojan Horse Viruses.” – Technology. N.p., n.d. Web. 19 Apr. 2014.

“What Are Trojans?” Malwarebytes Unpacked. N.p., n.d. Web. 19 Apr. 2014.

Trojan Horse’s Effects in the Society

I’ve explained characteristics in my last two posts what Trojan virus is and its four basic characteristics. I’ll show in my final post how Trojan affects the society by looking at an actual event. In recent years, programming virus gradually became a new chain for getting huge profits. However, as this black chain prevailed, more computers were attacked and more people suffered damages.

In 2012, Bo Hung, a server in a club, got a message from QQ said there was a new type of Trojan virus called Fuyun, which can unconsciously stole money from e-bank. Then, he joined a QQ group and rented that Trojan for 3000 Yuan per month. By using this Trojan, Bo, who never learnt professional knowledge about computer science, cheated more than 10,000 Yuan just in one month. How did he cheat people and get money?

At first, Bo bought a disused online store and pretended as camera seller. Bo cheated the customer that he would send a file that had pictures of new designed camera, and told the customer that if he paid the bill immediately, Bo would give him a 70% off discount. Actually, that file had Trojan horse. When the e-bank transferred money, the Trojan would intercept the information and secretly changed the amount of money. After that, the money would be transferred to a specific game account, and then the virtual currency in game could be exchanged to cash.

After police received report, they found out the whole chain that used of Trojan virus through the investment of Bo. The two programmers adapted original Trojan to Fuyun, and they totally got 40,000 Yuan in renting it 71 times. Finally, this event caused nearly 100 victims were involved, 41 suspects were prosecuted, 112 computers, 456 debt cards, and 3 million Yuan uncover. (Cyberspace Theft) It became the largest online banking theft broken by the police in 2012. There is no doubt that Trojan horse led to huge impacts in the society. So, it is necessary to protect your computer in different ways.

Reference:

“Cyberspace Theft.” Prezi.com. Dongjun Shin, 11 Nov. 2012. Web. 24 Apr. 2014. (http://prezi.com/kk5dpgypisxy/ccst9029/)

Creating a Trojan Horse Virus

When I first started researching the Trojan horse virus I became interested on how easy it is for hackers to create them.  For somebody like me it might seem like a difficult task, but for somebody who is skilled with computers it is actually quite simple.  First kind of Trojan Horse I looked up how to make was one you could spread onto the Android market.  There are five steps to create this virus:

  1. Download a free app
  2. Decompile the code so it is easier to read.
  3.   Obtain Java source code that does something bad.
  4. Copy the code into your free app and make it run before the app opens
  5. Put your new app onto the android market.

Once Android finds your app they will delete, but by then the damage could be done.  Doing this is completely unethical and not recommended since you can get into serious trouble.

I found this video that shows you how to make a Trojan horse like virus that will not do any harm to who you send it to because it won’t damage any files.  He hides the virus within the internet explorer logo which is a good way to it.  It shows you how quickly this could be done.

I was surprised at how much information is available out there for anyone to look at and try.  I feel like that kind of stuff shouldn’t be so easy to access for people.  There are people out there that will take that information and use it for bad.

Sources:

http://www.pcmag.com/article2/0,2817,2386813,00.asp

 

Simpsons.exe

trojan-horse-virusThis is a Trojan horse that has the capability to delete all files on the user’s computer and create a major headache for the owner of the computer. The virus originated in November of 2000 and is a WinZip file (which is a special type of software that creates and manages Zip files).

The archive icon that the user sees has been amended to appear as an install package in a bid to fool the victim into executing the file. When the user clicks the icon, two dialog boxes come up.

“The first box informs the user that the self-extracting archive was created by a non-licensed WinZIP-Self-Extractor and it is prohibited to distribute that archive. The second box in the background is the standard WinZip copyright screen with the modified icon. The caption of that dialog box is “Win-Zip Self-Extractor [SIMPSONS.EXE] (What).”

Once the user presses this button, simpsons.bat is activated and the Trojan begins erasing the files in the system starting with the C: drive then progresses into the A: drive, B: drive, and finally the D: drive of the user’s computer.

Computer Associates, Inc. warned users that received the Trojan to not press okay. They then should turn off the computer, reboot it, and delete the self-extracting archive to prevent the virus from attacking their computer.

If the user does press “OK” then the archive extracts Simpsons.bat and Simpsons.bmp from the computer. Simpsons.bat automatically begins erasing all the files and directories on the computer. Simpsons.bmp is a regular Zip archive that contains three non- malicious files; ReadMe.txt, file_id.diz and sample.exe (What). This part is not a bitmap file, despite the type ending.

Simon Perry, Computer Associates’ Vice President of security soutions said, “We’ve seen many attacks recently that have used Microsoft’s VBS language, but we cannot forget that danger is packaged in many other ways — in this case a Trojan Horse. It’s very simple. On the heels of the ILOVEYOU and Stages of Life threats, we cannot stress how important it is for eBusinesses and users to protect their valuable data by using extreme caution before opening any unsolicited file (What).”

Computer Associates’ anti-virus software InoculateIT automatically detects the presence of the Simpsons Trojan horse. InoculateIT is unmatched management and virus protection. InoculateIT is certified by the International Computer Security Association (ICSA) to detect 100% of viruses “in the wild” and ensures a network is protected against potentially damaging and costly virus incidents (What).

The Simpsons Trojan horse virus can be very damaging to the user’s computer. It is capable of erasing all the files, documents, directories, etc. which would be devastating to the user. I could not find the number of people affected by this virus, but I’m sure it had devestating effects.

SOURCES:

  • “New Trojan Horse Virus Discovered.” Internet Business News (2000): 1. ProQuest. Web. 3 Apr. 2014.
  • “What Is “The Simpsons” Virus?” Animated TV. About.com Animated TV, n.d. Web. 03 Apr. 2014.

Beast

So far we have discussed Trojan horse viruses’ characteristics and how to protect your computer from contracting a Trojan horse virus, I’d like to discuss another example of a Trojan horse virus named Beast.

beast-trojan-horse

In 2002, Beast was created. It was a Windows-based backdoor Trojan horse, more commonly known in the underground hacking community as a Remote Administration Tool or RAT.

It can affect Windows versions 95 to XP, and was created by Tataye in 2002. It became very popular due to its unique features that used the typical client-server model (where the client would be under operation by the attacker and the server is what would infect the victim).

Beast was one of the first Trojans to feature a reverse connection to its victims; that is once it was established, the hacker was able to completely control the infected computer. It mainly attacked these three sites:

  • C:\Windows\msagent\ms****.com (Size ranging from 30KB to 49KB)
  • C:\Windows\System32\ms****.com (Size ranging from 30KB to 49KB)
  • C:\Windows\dxdgns.dll or C:\Windows\System32\dxdgns.dll (Location dependent on attacker’s choice)

It was using the injection method to inject viruses into specific process, commonly “explorer.exe” (Windows Explorer), “iexplore.exe” (Internet Explorer), or “msnmsgr.exe” (MSN Messenger) to steal information and give control to its author of your computer (K).

With Windows XP, you could remove the three files listed above in safe mode with system restore turned off and then you could disinfect the system.

Beast came in with a built in firewall by passer and had the ability to end anti- virus or firewall processes.

Another feature of Beast was that it had a binder feature that could be used to join two or more files together and then change the icon. Once connected to the victim Beast could manipulate files, terminate or execute services, applications, and processes managers; get access to stored passwords, power options (turn on/off, crash, reboot), and even chat with the client they were attacking (Beast).

Sources:

“Beast (Trojan Horse).” Wikipedia. Wikimedia Foundation, 21 Apr. 2014. Web. 22 Apr. 2014.

K, Rajnish. “Top 10 Most Dangerous Computer Viruses of the Decade Updated 2012.” Tech Twisted Technology Blogging. N.p., 20f Feb. 2012. Web. 22 Apr. 2014.

 

Koobface

My final post will discuss a third example of a Trojan horse virus that could infect your computer if you aren’t careful. Most of us would be highly susceptible to this virus due to the fact that we are social media obsessed and are on it 24/7.

Koobface was a Trojan Horse that originally targeted users of the networking websites like FacebookSkypeYahoo Messenger and email websites such as Google MailYahoo Mail, and AOL MailMySpacehi5BeboFriendster and Twitter.

Koobface is designed to infect Microsoft Windows and Mac OS X, but also can infect Linux.

This Trojan logs into your Facebook profile, and gains access to your entire friends list. Then it posts links to malicious sites that the vulnerable user clicks on then becomes infected. Once it is contracted, Koobface looks for evidence of social media networks and will then post on the users’ behalf links that install the virus. I believe this is similar to what Siyu discussed in her first post about her friend’s Facebook saying that their mother was in an accident and needed money.

We’ve all seen them. “I can’t believe you did this!” “Didn’t you know they were filming you?” The victim clicks on the link and most times the link asks them to download Adobe Flash Player to play the video BUT it is actually downloading Koobface, and soon they too will be posting these links.

In the later versions the virus has stopped using those websites because they improved their protection against Trojan viruses using techniques like Dustin has suggested.

I found a great video that discusses this Trojan and I suggest you watch How Koobface Works

Sources:  Haley, Craig C. “Koobface – What Is It Really?” ThatsNonsense.com. N.p., n.d. Web. 22 Apr. 2014.

 

Personal Protection Against the Trojan Horse

One of the best ways to protect yourself or your company against the virus is to educate your employees or yourself.  Viruses can be harmful to a business for many reasons.  A recent estimate states the worldwide impact of viruses on businesses to be at 17.1 billion dollars.  An average virus attack to a business costs them $10,000.  There is also an estimate that a business can lose up to 50 hours of productivity while trying to fix it. So educating employees is very important.

One of the biggest ways a Trojan Horse can attack is through email.  Knowing what to look is paramount to protection.  Trojan Horse virus will look like an ordinary email.  They usually attack through an attachment in the email.  It is important to teach your employees not to open any unknown attachments.  The picture below shows an example of what a Trojan Horse email might look for.

trojan

Hackers will make the email seem that it is very important that you open it.  This message says urgent court notice.  Other email attachments I have seen are bill notices, ecards, or bank notices.  It is vital that you not open the attachment without letting your virus protection software to check it first.

Hackers are finding new and creative ways to hide the virus.  One such example is using Facebook.  A Trojan Horse virus named ZeuS recently made its way onto Facebook.  It would post a video on your wall or into a message to you.  Once you click to view the video the virus would download onto your computer.  It will find your bank information and steal it.  This virus can be protected through any antivirus software.

Businesses are starting to be proactive when it comes to educating their employees.  Some things they are doing include training employees many times to stay up to date with the newest threats.   Businesses are also trying to make the process easier by creating applications that tell the user when to change their password.

Sources:

“Avast! Blog » Phishing.” Avast! Blog » Phishing. N.p., n.d. Web. 22 Apr. 2014. <https://blog.avast.com/tag/phishing/>.

“Malicious Software: Viruses, Worms, and Trojan Horses.” Home. N.p., n.d. Web. 22 Apr. 2014. <http://www.npdn.org/infosec_sw_malware>.

 

Ways to Protect: Antivirus Software

Viruses started to take off in the early to mid 1980s.  As viruses started to expand and become more complex so did the need to protect users from them.  The first antivirus software to be developed was by Bernie Fix in 1987.  In 1988 a virus was sent through an email listing.  John McAfee and Eugene Kaspersky were part of the mailing list and later decided to start their own antivirus software companies.  Today they are two of the most popular software available.

Trojan horse viruses can be harmful to a user.  When on a computer it can steal your passwords, user names, personal information, and your computer files.  Antivirus software can help protect yourself from the Trojan horse virus.

The antivirus software will monitor all of your online activity including your email and web browsing.  It preforms regular scans to make sure that your computer is safe.  Keeping your software updated is a must though.  Without all current updates, the software might be useless against new versions of the virus.  Most new antivirus software’s will automatically update themselves so there is nothing for the user to worry about.

There are some problems that can be caused by the software.  One problem is that it can run down the speed at which your computer runs.  There has also been complaints of false positive results.  The software will say that a file is corrupt when really it is not.   Other problems include new viruses not being detected, the effectiveness of deleting the virus, and  unexpected renewal costs.

All and all the antivirus software is considered to be a must for all users in the protection of the Trojan horse virus and other viruses in general.

Sources:

“Antivirus Software.” Wikipedia. Wikimedia Foundation, 04 Mar. 2014. Web. 03 Apr. 2014. <http://en.wikipedia.org/wiki/Antivirus_software>.

“Cybercrime – Cybercrime Prevention Tips | Norton.” Cybercrime – Cybercrime Prevention Tips | Norton. N.p., n.d. Web. 03 Apr. 2014. <http://us.norton.com/cybercrime-prevention/promo>.

“NetSafe.” NetSafe Cybersafety and Security Advice for New Zealand What Does Antivirus and Antispyware Software Do Comments. N.p., n.d. Web. 04 Apr. 2014. <http://www.netsafe.org.nz/what-does-anti-virus-and-anti-spyware-software-do/>.