Trojans - by Mahesh Bheema

Null Humla - Hyderabad

About me !!!

Just a security enthusiast. Working as Security Analyst in

Anthelio.Ex-Trainer in Innobuzz, Hyderabad.

bheemamahesh@gmail.com@0xmahesh

Introduction to Malwares

Malware is just a piece of software that is designed to do something malicious or unwanted.

Malware is a general term that refers to represent a variety of malicious programs.

Malware trend has shifted to money making rather than causing damage.

Types of Malwares

VirusWormTrojanRootkitBotnetSpyware/AdwareList goes on…

Continues…

Malware will also seek to exploit existing vulnerabilities on systems, to make their entry quiet and easy.

Note: One Malware may combine many elements together, and hence it could be categorized in more than one category.

What is a Virus?

Like its living counterpart, a computer virus infects your computer, taking control over some or all of its functions.

Virus requires human interaction.

A virus is a harmful program or code that attaches itself to another piece of software, and then reproduces itself when that software is run.

What is a Worm?

Worms are stand-alone programs that are able to transmit themselves across a network directly. Unlike a computer virus, worms do not need to attach themselves to an existing program.

Worms doesn’t need human interaction.

Worm will replicate itself and eat the system resources.

What is a Trojan?

A Trojan horse, commonly known as a “Trojan,”

The Trojan program is malware that masquerades as a legitimate program. The program may have a legitimate function.

A Trojan can give a malicious party remote access to an infected computer.

What is a Rootkit?

Rootkit can be any malicious file like a virus, trojan etc…

Rootkit prevention, detection, and removal can be difficult due to their stealthy operation.

A rootkit continually hides its presence, typical security products are not effective in detecting and removing rootkits.

What is a Botnet?

Botnet is nothing but a collection of robots in a network. In short botnet is derived from robot and network.

Botnets can be collection of slaves used for financial gains like DDOS.

Botnets are centrally controlled.Botnets may use databases to store

user info. Botnets will collect important info

using form grabbers.

What is Spyware/Adware?

Spyware is software that spies on you, tracking your internet activities without their knowledge in order to send advertising (Adware) back to your system.

Adware is a type of malware that automatically delivers advertisements.

Configuring Trojans

Enter Attackers IP and port specification, which in turn helps for back connection as the victim needs to know the IP and port to which it has to connect.

We can also use DMZ option instead of port forwarding to achieve the connection, which leads your IP to expose publicly.

Importance of Dynamic DNS

Almost everyone has a dynamic IP address which means your IP address can change any moment and you will loose all your slaves/bots.

Dynamic DNS prevents this by telling all bots to resolve your Dynamic DNS host which tells the bots what your IP address is.

Creating a no-ip account

Register a no-ip account.Add a host by choosing a hostname. Download no-ip client and login.

Impacts of RATS

Log your keystrokes to steal private data (like credentials, credit card info, conversation, etc)

Install other malware programsModify files on your machineView your entire screen, monitor and

even control your activityUse your machine to perform DDoS

attacks.Use your machine as Proxy.

Port Fowarding

Trojans require port forwarding because for the packets to reach your computer through the router, the router needs to know which computer on the network to send the packets to; you tell the router to forward any packets sent to specific port to a specific address on the network.

Port forwarding cont…

Majority of routers support port forwarding, might be called with different names like Port forwarding, Virtual Server etc..

In most cases, we can see this option in Security section/ Firewall/Advanced.

Extension spoofing

By using Character Map in windows, One can spoof the extensions of the files by using the Right to left override character.

With this Character, we can swap the file name which in turns spoofing the files

Detecting manually

By checking the following

Network statistics.Startup entries.Registry entries.Running services.Sometimes behavior of the machine.

Any Questions ??

Time to say than’X’

Thank you all for bearing me.

Special Thanks to Magna Quest for the venue.