TROJAN HORSE

URL:
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213221,00.html

DEFINITION:
In computers, a Trojan horse is a program in which malicious or harmful code is contained inside
apparently harmless programming or data in such a way that it can get control and do its chosen
form of damage, such as ruining the file allocation table on your hard disk. In one celebrated
case, a Trojan horse was a program that was supposed to find and destroy computer viruses. A
Trojan horse may be widely redistributed as part of a computer virus.

The term comes from Greek mythology about the Trojan War, as told in the Aeneid by Virgil and
mentioned in the Odyssey by Homer. According to legend, the Greeks presented the citizens of
Troy with a large wooden horse in which they had secretly hidden their warriors. During the
night, the warriors emerged from the wooden horse and overran the city.

URL:
http://www.webopedia.com/TERM/T/Trojan_horse.html

DEFINITION:
A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do
not replicate themselves but they can be just as destructive. One of the most insidious types of
Trojan horse is a program that claims to rid your computer of viruses but instead introduces
viruses onto your computer.

The term comes from the a Greek story of the Trojan War, in which the Greeks give a giant
wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag
the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the
city gates, allowing their compatriots to pour in and capture Troy.

Trojan horses are broken down in classification based on how they breach systems and the
damage they cause. The seven main types of Trojan horses are:

• Remote Access Trojans

• Data Sending Trojans
• Destructive Trojans
• Proxy Trojans
• FTP Trojans
• security software disabler Trojans
• denial-of-service attack (DoS) Trojans

Remote Access Trojans

Abbreviated as RATs, a Remote Access Trojan is one of seven major types of Trojan horse
designed to provide the attacker with complete control of the victim's system. Attackers usually
hide these Trojan horses in games and other small programs that unsuspecting users then execute
on their PCs.
Data Sending Trojans

A type of a Trojan horse that is designed to provide the attacker with sensitive data such as
passwords, credit card information, log files, e-mail address or IM contact lists. These Trojans
can look for specific pre-defined data (e.g., just credit card information or passwords), or they
could install a keylogger and send all recorded keystrokes back to the attacker.

Destructive Trojans

A type of Trojan horse designed to destroy and delete files, and is more like a virus than any
other Trojan. It can often go undetected by antivirus software.

Proxy Trojans

A type of Trojan horse designed to use the victim's computer as a proxy server. This gives the
attacker the opportunity to do everything from your computer, including the possibility of
conducting credit card fraud and other illegal activities, or even to use your system to launch
malicious attacks against other networks

FTP Trojans

A type of Trojan horse designed to open port 21 (the port for FTP transfer) and lets the attacker
connect to your computer using File Transfer Protocol (FTP).

Security software disabler Trojans

A type of Trojan horse designed stop or kill security programs such as an antivirus program or
firewall without the user knowing. This Trojan type is normally combined with another type of
Trojan as a payload.

Denial-of-service attack (DoS) Trojans

Short for denial-of-service attack, a type of attack on a network that is designed to bring the
network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of
Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS
attacks, there are software fixes that system administrators can install to limit the damage caused
by the attacks. But, like viruses, new DoS attacks are constantly being dreamed up by hackers.
URL:
http://en.wikipedia.org/wiki/Trojan_horse_(computing)

HOW TROJANS WORK:

Trojans usually consist of two parts, a Client and a Server. The server is run on the
victim's machine and listens for connections from a Client which is used by the attacker.

When the server is run on a machine it will listen on a specific port or multiple ports for
connections from a Client. In order for an attacker to connect to the server they must have
the IP Address of the computer where the server is being run. Some trojans have the IP
Address of the computer they are running on sent to the attacker via email or another
form or communication.

Once a connection is made to the server, the client can then send commands to the server;
the server will then execute these commands on the victim's machine.

Today, with NAT infrastructure being very common, most computers cannot be reached
by their external ip address. Therefore many trojans now connect to the computer of the
attacker, which has been set up to take the connections, instead of the attacker connecting
to his or her victim. This is called a 'reverse-connect' trojan. Many trojans nowadays also
bypass many personal firewall installed on the victims computer. (eg. Poison-Ivy)

Trojans are extremely simple to create in many programming languages. A simple Trojan
in Visual Basic or C# using Visual Studio can be achieved in 10 lines of code or under.

URL:
http://www.tech-faq.com/trojan-horse-virus.shtml

HISTORY OF THE TERM TROJAN HORSE:

The original trojan horse was built by Odysseus, the King of Ithica, during the legendary Trojan
Wars. The Greeks were losing the siege of the city of Troy. Odysseus had a large wooden horse
built and left as a "gift" outside the walls of the city of Troy. He then ordered the Greek army to
sail away.

The Trojans believed the horse to be a peace offering from Odysseus. Instead, the horse was
filled with Greek warriors, including Odysseus and Menelaus. As the Trojans slept, the Greek
army sailed back to Troy and the soldiers hiding in the wooden horse snuck out and opened the
gates of the city for them.
THE COMPUTER TROJAN HORSE:

A computer trojan horse is a program which appears to be something good, but actually conceals
something bad.

One way to spread a trojan horse is to hide it inside a distribution of normal software. In 2002, the
sendmail and OpenSSH packages were both used to hide trojan horses. This was done by an
attacker who broke into the distribution sites for these software packages and replaced the
original distributions with his own packages.

A more common method of spreading a trojan horse is to send it via e-mail. The attacker will
send the victim an e-mail with an attachment called something like "prettygirls.exe." When the
victim opens the attachment to see the pretty girls, the trojan horse will infect his system.

A similar technique for spreading trojan horses is to send files to unsuspecting users over chat
systems like IRC, AIM, ICQ, MSN, or Yahoo Messenger.

THE TROJAN HORSE VIRUS:

Unlike viruses, trojan horses do not normally spread themselves. Trojan horses must be
spread by other mechanisms.

A trojan horse virus is a virus which spreads by fooling an unsuspecting user into executing it.

An example of a trojan horse virus would be a virus which required a user to open an e-mail
attachment in Microsoft Outlook to activate. Once activated, the trojan horse virus would send
copies of itself to people in the Microsoft Outlook address book.

The trojan horse virus infects like a trojan horse, but spreads like a virus.

EFFECTS OF TROJAN HORSE:

The victim running the trojan horse will usually give the attacker some degree of control over the
victim's machine. This control may allow the attacker to remotely access the victim's
machine, or to run commands with all of the victim's privileges.

The trojan horse could make the victim's machine part of a Distributed Denial of Service (DDoS)
network, where the victims machine is used to attack other victims.

Alternatively, the trojan horse could just send data to the attacker. Data commonly targeted by
trojan horses includes usernames and passwords, but a sophisticated trojan horse could also be
programmed to look for items such as credit card numbers.
PROTECTING AGAINST A TROJAN HORSE:

Anti-virus programs detect known trojan horses. However, trojan horse programs are
easier to create than viruses and many are created in small volumes. These trojan horse
programs will not be detected by anti-virus software.

The best defense against a trojan horse is to never run a program that is sent to you. E-
mail and chat systems are not safe methods of software distribution.
COMPUTER VIRUS

URL: http://www.microsoft.com/protect/computer/basics/virus.mspx

WHAT IS COMPUTER VIRUS:

Computer viruses are small software programs that are designed to spread from one computer to
another and to interfere with computer operation.
A virus might corrupt or delete data on your computer, use your e-mail program to spread itself to
other computers, or even erase everything on your hard disk.
Viruses are most easily spread by attachments in e-mail messages or instant messaging messages.
That is why it is essential that you never open e-mail attachments unless you know who it's from
and you are expecting it.
Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files.
Viruses also spread through downloads on the Internet. They can be hidden in illicit software or
other files or programs you might download.

TYPE OF VIRUSES:

1. macro viruses
2. network viruses
3. logic bombs
4. companion viruses
5. boot sector viruses
6. multipartite viruses
SALAMI ATTACK

URL:
http://en.wikipedia.org/wiki/Salami_slicing#Salami_slicing_attacks

DEFINITION
a salami attack is a series of minor attacks that together results in a larger attack. Computers are
ideally suited to automating this type of attack.

URL:
http://www.all.net/CID/Attack/papers/Salami.html

DEFINITION:
The origin of the terminology has a double meaning and both definitions accurately
describe the methodology of a salami attack. The idea of 'salami slicing' where a small
piece is cut off the end with no noticeable difference in the overall length of the original
is one way of looking at it. [5] Another definition states is the creation of a larger entity
comprised of many smaller scraps similar to the contents of salami. [6] Either way,
salami attacks are looked at as when negligible amounts are removed and accumulated
into something larger.