In the 13th or 12th century BC, the Greeks waged war against
Troy for 10 long years. Despite their efforts, they couldn’t breach the city’s
defenses, as Troy was surrounded by strong stone walls. The Greeks, however,
devised a clever plan—they built a large wooden horse. This horse, known as the
"Trojan Horse," became the key to their victory.
The Trojan Horse was enormous, and inside it, Greek soldiers
lay hidden. The Greeks left the horse at the gates of Troy, leading the Trojans
to believe it was a gift, possibly signifying the end of the war. The
unsuspecting Trojans brought the wooden horse into their city. That night,
while the Trojans were asleep, the Greek soldiers emerged from their hiding
place inside the horse. They opened the city gates, allowing the rest of the
Greek army to enter. The Greeks then attacked, overwhelming the Trojan forces,
destroying the city, and ultimately winning the war.
Today, cyber attackers use a similar strategy to infiltrate
computers, calling their malicious programs "Trojan Horses." Once a
Trojan enters a system, it has the same level of access as the machine’s
administrator. It can open backdoors for other malware to invade, spy on the
device, slow it down, delete files, and cause more harm than one might expect.
How to Identify a Trojan Horse on Your Machine:
Method 1: Antivirus Detection
Trojan horses can be difficult to detect because they often disguise themselves
as harmless files, such as software, applications, videos, MP3s, or images.
While they might seem normal on the surface, they carry out malicious
activities in the background. If your antivirus software has a signature for
the Trojan, it will detect it, and you’ll be notified via a pop-up. To ensure
protection, always keep your antivirus updated.
Method 2: Monitor Internet Data Usage
Another way to detect a Trojan is by monitoring your device’s internet usage.
If you notice unusually high data consumption, it could be a sign that spyware
is running on your system, sending data to an external source. Regularly check
your internet data usage to catch these suspicious activities early.
How to check internet data in Windows:
Step i : Press control + alt + delete, the below window will
open then Click on task manager as shown in the below screen
Step ii: Click on task manager below screen will open.
Method 3. Check list of all software used
by you and if you find any unknown software please uninstall or delete it.
How to check all installed Software list in windows ?
Step i: Open control panel and in the view by category list
click on “uninstall a program” a window will open with list of all software
installed in the machine, check all software installed and if you find any
unwanted software uninstall that.
Method 4. Check performance of your machine, if
it’s not normal (if memory utilization or CPU utilization is not
normal) then there is something wrong, in such case check the task
war and find all current running application
How to check performance of your device in windows OS
Step i: click control + Alt + Delete
Step ii: Click on process it will show you the CPU and memory utilization used by all process if you find any unknown process is running then please do further investigation, and stop it if not needed
Note: Before stopping any Process you must know about it, because there are some important Process which suppose to run and if you will stop that you may face problem in normal activity.
Step iii: Click task manager, then click on application, it
will show you all current running applications that you are currently
using,
Method 5. Click on services it will show you the
CPU and memory utilization used by all services if you find any unknown service
is running then please do further investigation, and stop it if not needed
Note: Before stopping any services you must know about it,
because there are some important services which suppose to run and if you will
stop that you may face problem in normal activity.
How Trojan horse comes in device ?
It may come from unauthorized free software, from unknown
website, or while downloading any application, audio, video or from untrusted
sites like porn site, or from unauthorized email we always need to be sure
before opening any attachment in the email.
Example of Trojans:
1. Tiny Banker Trojan:
This is designed to target finance websites. It
works by establishing man-in-the-browser attacks and network sniffing, when it
is detected it had been targeted more than 12 banking institute in
USA. It is designed to steal user’s sensitive data, such as account
login information and banking codes.
2. RAT: (Remote Administration Tool)
This is one type of Trojan horse, which may give
administrator access of a remote device to a bad guy, and a bad guy can install
spyware software in your computer, a key logger, screen recording, attacker can
copy file or install any software.
Ex: Ghost RAT is RAT Trojan that allows
attackers to gain complete, real-time control on a device.
Apart from this few RAT tools used these days are NanoCore,
BlackShades, JSpy.
How a Trojan is made:
Today many tools are available in market to make Trojan and
attack; some of them are free like BEAST, and some of them are paid software.
We can also make Trojan with the help of notepad.
We will take an example here to make a Trojan with the help
of Notepad.
Write a Virus code on notepad.
Open notepad and write the below code
@ECHO off
:top
START %SystemRoot%\system32\notepad.exe
GOTO top
Note: The above code will open notepad
endlessly, I am giving a very simple example here, you can write code to delete
file, stop services and much more.
After that save file with .bat extension and select all
files from “save as types” option
You will get icon of the bat file like this,
Here the user can easily understand that the file is not a
normal file and target user can delete the file so here we need to change the
icon of the file. To do that we need to follow the below steps:
Right click on the file and click properties
When you will click on change icon a small window will
open with few icons select anyone from those (Select any one icon like My PC
that user click easily)
User will think it is a normal shortcut and when he/she will
click on it and the code will perform its job.
Apart from the above Technic there is many tools available
which can be use for remote access I will try to cover that in my future blogs.
No comments:
Post a Comment