Trojan
Trojan horse or Trojan horse, or better known as a Trojan in the computer security refers to a form of suspicious software (malicious software /malware) that can damage a system or network. The purpose of the Trojanwas to obtain information from the target (passwords, user habits recorded in the system log, data, etc.), and control target (gain privileges on the target).
Trojan horse or Trojan horse, or better known as a Trojan in the computer security refers to a form of suspicious software (malicious software /malware) that can damage a system or network. The purpose of the Trojanwas to obtain information from the target (passwords, user habits recorded in the system log, data, etc.), and control target (gain privileges on the target).
How it Works
Trojan different from other types of suspicious software such as computer viruses or worms because two of the following:
Trojan is "stealth" (invisible and not seen) in its operations and are oftenshaped as if the program is a good program, while a computer virus orworm to act more aggressively by destroying the system or create a systemcrash.
Trojans are controlled from another computer (computer attacker).
How to Spread
Use of the term Trojan or Trojan horses intended for insertion of malicious code and damage in a good program and useful, as on the Trojan War, theSpartan soldiers hiding inside the Trojan Horse that is intended as adedication to Poseidon. Trojan Horse Trojan according to officialsconsidered harmless, and allowed to enter the fort Trojan that can not bepenetrated by Greek soldiers for more than 10 years of turbulent Trojan war.
Most Trojans now in the form
of an executable file (*. EXE or *. COM inWindows and DOS operating system or program with a name that is oftenexecuted in the UNIX operating system, such as ls, cat, etc.) areincorporated into systems penetrated by a cracker to steal important datafor the user (password, credit card data, etc.). Trojans can also infect the system when users download the application (often a computer game) froma source that can not be trusted in Internet network. These applications tohave Trojan horse code that is integrated within itself and allow a cracker to be able to mess up the system in question.
Types of Trojans
Several types of Trojans in circulation include:
Thieves password: Type Trojan can find passwords that are stored in the operating system (/ etc / passwd or / etc / shadow in the UNIX family of operating systems or file Security Accounts Manager (SAM) in Windows NT family of operating systems) and will send it to the original attacker. In addition, this type of Trojan is also able to fool the user to make an appearance as if he is a login screen (/ sbin / login in or Winlogon.exe UNIX operating system in Windows NT operating system) and wait for the user to enter a password and send it to attackers. Examples of this type is Passfilt Trojan that acts as if he is Passfilt.dll file originally used to add security passwords in the Windows NT operating system, but the abused becomes a password stealing program.Recording keystrokes (keystroke logger / keylogger): This type of Trojan will monitor all typed by the user and will send it to the attacker. This species differs with spyware, even though these two things do similar things (to spy on users).Remote administration tools (Remote Administration Tools / RAT): This type of Trojan allows attackers to take over full control to the system and do whatever they want from a distance, such as formatting a hard disk, steal or erase data and others. Examples of this are the Back Orifice Trojan, Back Orifice 2000, and SubSeven.Trojan or Trojan DDoS Zombie: This type of trojan is used to make an infected system in order to do a distributed denial of service attacks against target hosts.There is again a kind of Trojan that mengimbuhkan itself to a program to modify the workings of the program that diimbuhinya. Types of Trojan is called a Trojan virus.Detection and CleanupChecking Listening Port
Detecting the presence of a Trojan is an action that is somewhat difficult.The easiest way is to see which ports are open and are in a state of "listening", using such a specific utility Netstat. This is because many of the Trojan runs as a system service, and work in the background (background), so that the Trojan-Trojan is able to receive commands from remote attackers. When a transmission is UDP or TCP, but the transmission from the port (which is in a "listening") or an unknown address, then it can be used as guidelines are concerned that the system has been infected by a Trojan Horse.
Thieves password: Type Trojan can find passwords that are stored in the operating system (/ etc / passwd or / etc / shadow in the UNIX family of operating systems or file Security Accounts Manager (SAM) in Windows NT family of operating systems) and will send it to the original attacker. In addition, this type of Trojan is also able to fool the user to make an appearance as if he is a login screen (/ sbin / login in or Winlogon.exe UNIX operating system in Windows NT operating system) and wait for the user to enter a password and send it to attackers. Examples of this type is Passfilt Trojan that acts as if he is Passfilt.dll file originally used to add security passwords in the Windows NT operating system, but the abused becomes a password stealing program.Recording keystrokes (keystroke logger / keylogger): This type of Trojan will monitor all typed by the user and will send it to the attacker. This species differs with spyware, even though these two things do similar things (to spy on users).Remote administration tools (Remote Administration Tools / RAT): This type of Trojan allows attackers to take over full control to the system and do whatever they want from a distance, such as formatting a hard disk, steal or erase data and others. Examples of this are the Back Orifice Trojan, Back Orifice 2000, and SubSeven.Trojan or Trojan DDoS Zombie: This type of trojan is used to make an infected system in order to do a distributed denial of service attacks against target hosts.There is again a kind of Trojan that mengimbuhkan itself to a program to modify the workings of the program that diimbuhinya. Types of Trojan is called a Trojan virus.Detection and CleanupChecking Listening Port
Detecting the presence of a Trojan is an action that is somewhat difficult.The easiest way is to see which ports are open and are in a state of "listening", using such a specific utility Netstat. This is because many of the Trojan runs as a system service, and work in the background (background), so that the Trojan-Trojan is able to receive commands from remote attackers. When a transmission is UDP or TCP, but the transmission from the port (which is in a "listening") or an unknown address, then it can be used as guidelines are concerned that the system has been infected by a Trojan Horse.
Creating a Snapshot
Alternatively you can use is to create a "snapshot" of all the program files (*.EXE, *. DLL, *. COM, *. VXD, etc.) and compare it over time with previousversions, in the computer is not connected to the network. This can be doneby creating a checksum of all files the program (with the CRC or MD5 orother mechanisms). Because often Trojan included in the directory wherethe operating system is (\ WINDOWS or \ WINNT for Windows or / bin, / usr /bin, / sbin, / usr / sbin in the UNIX family), then that is suspect is the files arein that directory. Many files that can be suspected, especially the programfiles that have names similar to file a "doing good " (like "svch0st.exe", than it should be "svchost.exe", a file that is run by many operating system services Windows) can be suspected as a Trojan Horse.
Antivirus
The last way is to use an antivirus software, which features the ability todetect the Trojan, which combined with a firewall that monitors all incomingand outgoing transmissions. This method is more efficient, but moreexpensive, as most antivirus software is integrated with the firewall has amore expensive price than the above two ways (which tend to be "free").Indeed, there are several devices for free, but still it takes time, effort andmoney to get it (download it from the internet).
Alternatively you can use is to create a "snapshot" of all the program files (*.EXE, *. DLL, *. COM, *. VXD, etc.) and compare it over time with previousversions, in the computer is not connected to the network. This can be doneby creating a checksum of all files the program (with the CRC or MD5 orother mechanisms). Because often Trojan included in the directory wherethe operating system is (\ WINDOWS or \ WINNT for Windows or / bin, / usr /bin, / sbin, / usr / sbin in the UNIX family), then that is suspect is the files arein that directory. Many files that can be suspected, especially the programfiles that have names similar to file a "doing good " (like "svch0st.exe", than it should be "svchost.exe", a file that is run by many operating system services Windows) can be suspected as a Trojan Horse.
Antivirus
The last way is to use an antivirus software, which features the ability todetect the Trojan, which combined with a firewall that monitors all incomingand outgoing transmissions. This method is more efficient, but moreexpensive, as most antivirus software is integrated with the firewall has amore expensive price than the above two ways (which tend to be "free").Indeed, there are several devices for free, but still it takes time, effort andmoney to get it (download it from the internet).