Trojan horse attacks pose one of the most serious threats to computer security. If you were referred here, you may have not only been attacked but may also be attacking others unknowingly. This page will teach you how to avoid falling prey to them, and how to repair the damage if you already did. According to legend, the Greeks won the Trojan War by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. In today’s computer world, a Trojan horse is defined as a "malicious, security-breaking program that is disguised as something benign". For example, you download what appears to be a movie or music file, but when you click on it, you unleash a dangerous program that erases your disk, sends your credit card numbers and passwords to a stranger, or lets that stranger hijack your computer to commit illegal denial of service attacks like those that have virtually crippled the DALnet IRC network for months on end for example.
Many people use terms like Trojan horse, virus, worm, hacking and cracking all interchangeably, but they really do not mean the same thing. If you are curious, here is a quick primer defining and distinguishing them. Let us just say that once you are "infected", Trojans are just as dangerous as viruses and can spread to hurt others just as easily.
Trojan horse or Virus?
If you are just a regular computer user, you do not really need to know these differences, but we wanted to try to make this confusing subject as clear as possible.
Definitions:-
-Virus
A virus is a program that propagates itself by infecting other programs on the same computer. Viruses can do serious damage, such as erasing your files or your whole disk, or they may just do silly/annoying things like pop up a window that says, "Ha ha you are infected!" True viruses cannot spread to a new computer without human assistance, such as if you trade files with a friend and give him an infected file (such as on a floppy or by an email attachment).
-Worm
Like a virus, a worm is also a program that propagates itself. Unlike a virus, however, a worm can spread itself automatically over the network from one computer to the next. Worms are not clever or evil, they just take advantage of automatic file sending and receiving features found on many computers.
-Trojan horse
This is a very general term, referring to programs that appear desirable, but actually contain something harmful. The harmful contents could be something simple, for example you may download what looks like a free game, but when you run it, it erases every file in that directory. The Trojan’s contents could also be a virus or worm, which then spread the damage.
-Cracker
Crackers are often mistakenly called "hackers". Crackers are the "bad guys" who seek to "crack" or gain unauthorized access to computers, typically to do malicious things e.g. to steal credit card information or crash the computer. Crackers might do this by writing a virus, worm, or Trojan horse. Alternatively, they may just exploit weaknesses in the computer’s operating system in order to gain entry. Many crackers will install a "backdoor" which allows the cracker to "remote control" your computer over the internet, such as to distribute child porn or perform a denial of service attack against somebody else. Most crackers are just bored, anti-social kids who are not particularly smart and just take advantage of well-known, existing exploits or the gullibility of the typical internet user.
-Hacker
When used properly, this term refers to an elite breed of "good guys" who are talented computer programmers. They enjoy solving challenging problems or exploring the capabilities of computers. Like a carpenter wielding an axe to make furniture, the hacker does good things with his skills. True hackers subscribe to a code of ethics and look down upon the illegal and immoral activity of crackers (defined above). When the press uses "hackers" to describe virus authors or computer criminals who commit theft or vandalism, it is not only incorrect but also insulting to true hackers.
Land of Confusion
OK so you think you have got those terms all straight in your head? Prepare to be confused:-
Remember the "Love Bug"? Is it a virus, worm, or Trojan? Answer: all three! It is a Trojan because it pretends to be a love letter when it is really a harmful program. It is a virus because it infects all the image files on your disk, turning them into new Trojans. Finally, it is also a worm because it propagates itself over the internet by hiding in Trojans that it sends out using your email address book, IRC client, etc.
Here is another one. Traditionally you use anti-virus programs to check your computer for viruses and prevent their spread. The problem is traditional viruses do not really exist any more. Nowadays, lame crackers are busy making Trojans and worms, so that is what anti-virus programs try to tackle now. The problem is, with everybody online these days, Trojans and worms are fast to spread and easy to modify, so anti-virus programs are useless in trying to prevent them. If you are lucky, then can remove the infection after the fact, assuming your disk is not so messed up there is nothing left to disinfect.
Oh, that is not all. Firewalls are network barriers designed to keep out crackers. With the recent proliferation of Trojans that install a backdoor program, however, a whole new market has sprung up in "personal firewalls" which are programs that run on your PC and can block communications from some backdoor programs. Since file downloads are a normal part of your internet experience, however, personal firewalls cannot stop you from downloading the Trojan that installs that backdoor in the first place.
How did I get infected?
Trojans are an executable program, which means that when you open the file, it will perform some action(s). In Windows, executable programs have file extensions like "exe", "vbs", "com", "bat", etc. Some actual Trojan filenames include "dmsetup.exe" and "LOVE-LETTER-FOR-YOU.TXT.vbs" (when there are multiple extensions, only the last one counts, be sure to unhide your extensions so that you see it).
Trojans can be spread in the guise of literally ANYTHING people find desirable, such as a free game, movie, song, etc. Victims typically downloaded the Trojan from a WWW or FTP archive, got it via peer-to-peer file exchange using IRC/instant messaging/Kazaa etc., or just carelessly opened some email attachment. Trojans usually do their damage silently. The first sign of trouble is often when others tell you that you are attacking them or trying to infect them!
Unlike viruses and worms, Trojan horse programs do not try spread from machine to machine after they are installed. Instead, the programs run quietly in the background of the systems they infect, providing remote attackers with access to compromised machines.
Lunii Trojan works by halting Windows processes that adware programs use to communicate and by removing known adware programs from systems it infects. The Trojan program also modifies a Windows file called the "hosts" file, inserting its own list of bogus Web sites, which may block access to certain Web pages.
The solution is simple - just unhide the extensions: This file addresses the problem where Windows by default likes to hide the extensions of filenames, such that "Britney. Jpg" is shown as just "Britney". The danger is that "britney.jpg.exe", which is an executable program, would be shown as "Britney. Jpg" which many would mistake for just a picture. This is potentially very dangerous and confusing. It is the basis for many of the recent Trojan horse attacks and other email/IRC viruses.
Unhide Microsoft Windows extensions:
In Windows 95/98:
Open Explorer Under View menu, select Options Check "show all files" Uncheck "hide MSDOS file extensions that are registered" Click OK to finis
ـــــــــــــــــــــــــــــــــــــــــــــــــــــــــ
التصنيفات : غير مصنف |
