Guarding against Trojans

Trojans
Definition: Named after the Trojan Horse of ancient Greek history, a trojan is a network software application designed to remain hidden on an installed computer. Trojans generally serve maliciious purposes and are therefore a form of malware.
Trojans sometimes, for example, access personal information stored locally on home or business computers, then send these data to a remote party via the Internet. Alternatively, trojans may serve merely as a "backdoor" application, opening network ports to allow other network applications access to that computer. Trojans are also capable of launching Denial of Service (DoS) attacks. A combination of firewalls and antivirus software protect networks against trojans.

Trojans are similiar to worms. In contrast to worms, however, trojans do not replicate themselves or seek to infect other systems once installed on a computer.

“The Fall of Troy, the wooden horse and all events thereafter…”

Trojan horses or Remote Administration Trojans (RATs) are a class of backdoors that are used to enable remote control over the compromised machine. They provide apparently useful functions to the user, and at the same time, open a network port on a victim computer. Then, once started, some trojans behave as executable files, interact with certain keys of the registers responsible for starting processes and sometimes create their own system services.

Contrary to common backdoors, Trojan horses hook themselves into the victim operating system and always come packaged with two files – the client file and the server file. The server, as its name implies, is installed in the infected machine while the client is used by the intruder to control the compromised system. Some well known trojan functions include: managing files on the victim computer, managing processes, remote activation of commands, intercepting keystrokes, watching screen images and also restarting and closing down infected hosts - just to name a few of their features. Some are even able to connect themselves to their originator. Of course, these possibilities vary among individual Trojan horses. The following are considered the most popular: NetBus, Back Orifice 2000, SubSeven, Hack’a’tack, and one of Polish origin, named Prosiak.

In most cases, Trojan horses propagate via email. They are usually found within attachments, because their authors exploit vulnerabilities of the email client. Another technique relies on the fact that they bound into other programs. There are many programs in the Web that malts files to create a single executable file.

Trojan horses (also called trojans) typically operate in a somewhat schematic manner. Trojan behavior is quite well defined. They listen in on specific ports (for example, 12345 is the NetBus Trojan default port), setting specific references in start files and registers, thereby being relatively simple to detect and identify. In most cases, problems with Trojan horses can be solved by using an anti-virus (AV) software (updated!) to check for possible infections.