The Greek attacked troy in the 13th or 12th century BC. They fought for
10 years but Greeks were not able to enter in the Troy because the entire city
was surrounded by the strong walls made of stones. So they come up with an idea and they constructed big wooden horse. The name Trojan came from Trojan horse used by Greeks
to enter in the city of Troy to win the war, it was a huge wooden horse very big in size
and the Greek army was hidden inside it, the Greek army left that wooden horse
at the main gate of troy and the troy’s army thought it as a gift from Greek so they brought the wooden horse inside the city, In night soldiers came out of the hiding at the night and attacked the troy’s army, at that time Troy's army was sleeping, Greek army killed most of the Troy's army and burnt the city, like this
Greek won the war.
Nowadays attackers use this technique to attack or target
any machine. Once a Trojan horse enters in the machine (computer) it has as
many access as the administrator of machine have and it can open the backdoor to allow
other malware to enter in the machine easily.
Apart from this it can spy on your device, slowdown your device, delete the files
and can do much more than even we could not think.
How to identify a Trojan horse present in your machine?
Method 1. It’s very difficult to identify a Trojan, it may look
like a normal software, application, video, MP3 or image when it get downloaded
or transferred in computer, in background it can do bad activities, if
antivirus has signature for it (Trojan) antivirus will detect it and you can
get details of that Trojan in a pop up notification from the antivirus. So
always update antivirus in your machine.
Method 2. Always check your machine's internet data, if your device
is using data more than expectation it means someone may be using spyware software
in your device to send data out from the machine.
How to check internet
data in Windows:
Step i : Press control + alt + delete, the below window will open then Click on task manager as shown in the below screen
Step ii: Click on task manager below screen will open.
Step iii: Click on "Networking" button you will see all network connection
details, like Adaptor name, Network Utilization, link speed and state
(Connected/ Disconnected). So if you find any extra connection or data use more
than expectation it means someone else connected with your computer so immediately
investigate that, check all process and services running and if required delete
unwanted application and stop unwanted or vulnerable services.
Method 3. Check list of all software used by you and if you find
any unknown software please uninstall or delete it.
How to check
all installed Software list in windows ?
Step i: Open control panel and in the view by category list
click on “uninstall a program” a window will open with list of all software installed
in the machine, check all software installed and if you find any unwanted software uninstall that.
Method 4. Check performance of your machine, if it’s not normal (if
memory utilization or CPU utilization is not normal) then there is something wrong, in such case
check the task war and find all current running application
How to check performance of your device in windows OS
Step i: click control + Alt + Delete
Step ii: Click on process it will show you the CPU and memory utilization used by all process if you find any unknown process is running then please do further investigation, and stop it if not needed
Note: Before stopping any Process you must know about it, because there are some important Process which suppose to run and if you will stop that you may face problem in normal activity.
Step iii: Click task manager, then click on application, it
will show you all current running applications that you are currently using,
Method 5. Click on services it will show you the CPU and memory utilization used by all services if you find any unknown service is running then please do further investigation, and stop it if not needed
Note: Before stopping any services you must know about it, because there are some important services which suppose to run and if you will stop that you may face problem in normal activity.
Note: Before stopping any services you must know about it, because there are some important services which suppose to run and if you will stop that you may face problem in normal activity.
How Trojan horse comes
in device ?
It may come from unauthorized free software, from unknown
website, or while downloading any application, audio, video or from untrusted
sites like porn site, or from unauthorized email we always need to be sure
before opening any attachment in the email.
Example of Trojans:
1. Tiny Banker
Trojan:
This is designed to target finance websites. It works by establishing man-in-the-browser
attacks and network sniffing, when it is detected it had been targeted more than
12 banking institute in USA. It is
designed to steal user’s sensitive data, such as account login information and
banking codes.
2. RAT: (Remote Administration Tool)
This is one type of Trojan horse, which may give administrator
access of a remote device to a bad guy, and a bad guy can install spyware
software in your computer, a key logger, screen recording, attacker can copy
file or install any software.
Ex: Ghost RAT is RAT Trojan that allows attackers to gain
complete, real-time control on a device.
Apart from this few RAT tools used these days are NanoCore,
BlackShades, JSpy.
How a Trojan is made:
Today many tools are available in market to make Trojan and attack;
some of them are free like BEAST, and some of them are paid software. We can
also make Trojan with the help of notepad.
We will take an example here to make a Trojan with the help
of Notepad.
Write a Virus code on notepad.
Open notepad and write the below code
@ECHO off
:top
START
%SystemRoot%\system32\notepad.exe
GOTO top
Note: The above code
will open notepad endlessly, I am giving a very simple example here, you can
write code to delete file, stop services and much more.
After that save file with .bat extension and select all
files from “save as types” option
You will get icon of the bat file like this,
Here the user can easily
understand that the file is not a normal file and target user can delete the
file so here we need to change the icon of the file. To do that we need to
follow the below steps:
Right click on the file and click properties
A window will pop up select shortcut and then change icon
When you will click on change icon a small window will open with few icons select anyone from those (Select any one icon like My PC that user click easily)
User will think it is a normal shortcut and when he/she will click on it
and the code will perform its job.
Apart from the above Technic there is many tools available which can be use for remote access I will try to cover that in my future blogs.