Trojan Horse Program
Presented by :
Lori Agrawal
Agenda






What is Trojan Horse program?
Who are the targets?
How it gets spread?
Impact of Trojan Horse Attack
Control of hackers over files
Ways to avoid this attack
Continue:







Detection of attack
How to remove Trojan from system
Example: SubSeven
Capabilities of SubSeven Program
Parts of SubSeven
A real Trojan Horse Threat
Conclusion
What is Trojan Horse
Program?




Trojan Horse is one of the today’s most
serious threat to computer security.
A malicious security-breaking program
disguised as something benign.
A executable program
Once infected, it is controlled totally by a
hacker.
Who are the most
targets?


The home computers
Reasons



Private Content
Availability
Defendless status
How it gets spread?



Email attachments
Sending files in chat rooms
Infected computer can attack other
computer
Impact of Trojan Horse
Attack





Complete access to victim’s
system
Delete and alter files
Access to Administrator privileges
Other computer get infected
An infected computer can be
targeted by any user.
Control of hackers over
files



Alter user’s private documents
such as bank statement, credit
card statement, password file,
mortgage payments files.
Access files remotely as they own
it
Access of chat history
Ways to avoid this
attack





Don’t download from unknown source
Need to be aware of hidden extension
Don’t use automatically get file feature
Don’t type a command or go to web site
told by a stranger
Remove unnecessary services and file
shares
Detection of attack



Hard to detect whether a computer
is infected or not
Not listed under process list of
ALT+Ctrl+Delete key
To detect, one can scan his
computer for open port
How to remove Trojan
from system

By getting clean re-installation

Anti-Trojan Software
Example: SubSeven


Trojan Horse program that attacks
computer running on Window 9.x
platform.
More popular than other types as it
provides more options.
What SubSeven can do?







It can restarts Windows of Victim’s computer.
It can record sound files from microphone used on victim’s
machine.
It can record video images from a video camera attached to the
victim’s computer.
It can change desktop color, wallpaper and turn on and off the
victim’s monitor.
It can open and close CD-ROM drive.
It can capture screen shots of user’s currently activity.
A new version of SubSeven also allow hackers to know whether a
victim is presently online, a manager feature that can abort a
program running on victim’s machine.
Part of SubSeven:



SubSeven Server: Must run on victim’s
computer.
Client Program: Used by hacker on his
machine to connect to server(Victim’s
computer).
Server Editor: An interface to Hacker to
choose option how to get information
from victim’s computer.
A real Trojan Horse
Threat




Targets were customer of Paypal’s online
service
Spread using sending emails containing
subject line “PAYPAL.COM NEW YEAR
OFFER”
Emails contained information about
payment discount
Create a fake Paypal web site and ask
for credit card info.
Conclusion




Serious network security problem
Once infected, computer is totally
controlled by hacker.
Hard to detect whether a computer
is infected or not.
Hard to recover.
Any Questions?