Trojan Horse Program Presented by : Lori Agrawal Agenda What is Trojan Horse program? Who are the targets? How it gets spread? Impact of Trojan Horse Attack Control of hackers over files Ways to avoid this attack Continue: Detection of attack How to remove Trojan from system Example: SubSeven Capabilities of SubSeven Program Parts of SubSeven A real Trojan Horse Threat Conclusion What is Trojan Horse Program? Trojan Horse is one of the today’s most serious threat to computer security. A malicious security-breaking program disguised as something benign. A executable program Once infected, it is controlled totally by a hacker. Who are the most targets? The home computers Reasons Private Content Availability Defendless status How it gets spread? Email attachments Sending files in chat rooms Infected computer can attack other computer Impact of Trojan Horse Attack Complete access to victim’s system Delete and alter files Access to Administrator privileges Other computer get infected An infected computer can be targeted by any user. Control of hackers over files Alter user’s private documents such as bank statement, credit card statement, password file, mortgage payments files. Access files remotely as they own it Access of chat history Ways to avoid this attack Don’t download from unknown source Need to be aware of hidden extension Don’t use automatically get file feature Don’t type a command or go to web site told by a stranger Remove unnecessary services and file shares Detection of attack Hard to detect whether a computer is infected or not Not listed under process list of ALT+Ctrl+Delete key To detect, one can scan his computer for open port How to remove Trojan from system By getting clean re-installation Anti-Trojan Software Example: SubSeven Trojan Horse program that attacks computer running on Window 9.x platform. More popular than other types as it provides more options. What SubSeven can do? It can restarts Windows of Victim’s computer. It can record sound files from microphone used on victim’s machine. It can record video images from a video camera attached to the victim’s computer. It can change desktop color, wallpaper and turn on and off the victim’s monitor. It can open and close CD-ROM drive. It can capture screen shots of user’s currently activity. A new version of SubSeven also allow hackers to know whether a victim is presently online, a manager feature that can abort a program running on victim’s machine. Part of SubSeven: SubSeven Server: Must run on victim’s computer. Client Program: Used by hacker on his machine to connect to server(Victim’s computer). Server Editor: An interface to Hacker to choose option how to get information from victim’s computer. A real Trojan Horse Threat Targets were customer of Paypal’s online service Spread using sending emails containing subject line “PAYPAL.COM NEW YEAR OFFER” Emails contained information about payment discount Create a fake Paypal web site and ask for credit card info. Conclusion Serious network security problem Once infected, computer is totally controlled by hacker. Hard to detect whether a computer is infected or not. Hard to recover. Any Questions?