trojans, Backdoors, Viruses, and Worms

Leave a Comment / Cyber Security

Trojans and Backdoors:-

Trojans and backdoors are types of malware used to infect and compromise computer systems. A Trojan is a malicious program disguised as something benign. In many cases, the Trojan appears to perform a desirable function for the user but actually allows a hacker access to the user’s computer system. Trojans are often downloaded along with another program or software package.

Once installed on a system, they can cause data theft and loss, as well as system crashes or slowdowns. Trojans can also be use as launching points for other attacks, such as a distributed denial of service (DDoS). Many Trojans are use to manipulate files on the victim computer, manage processes, remotely run commands, intercept keystrokes, watch screen images, and restart or shut down infected hosts. 

Trojans ride on the backs of other programs and are usually install on a system without the user’s knowledge. A Trojan can be send to a victim system in many ways, such as the following: 

  1. An instant messenger (IM) attachment 
  2. IRC 
  3. An email attachment  
  4. NetBIOS file sharing 
  5. A downloaded Internet program

Types of Trojans

 Trojans can be created and use to perform different attacks. Here are some of the most common types of Trojans:

  1. Remote Access Trojans (RATs)  Used to gain remote access to a system. 
  2. Destructive Trojans  Used to delete or corrupt files on a system. 
  3. Denial-of-Service Trojans  Used to launch a denial-of-service attack. 
  4. Security Software Disabler Trojans  Used to stop antivirus software.

How the Netcat Trojan Works? 

Netcat is a Trojan that uses a command-line interface to open TCP or UDP ports on a target system. A hacker can then telnet to those open ports and gain shell access to the target system. Exercise 5.1 shows you how to use Netcat.

Trojan Construction Kit and Trojan Makers:

Several Trojan-generator tools enable hackers to create their own Trojans. Such toolkits help hackers construct Trojans that can be customized. These tools can be dangerous and can backfire if not executed properly. New Trojans created by hackers usually have the added benefit of passing undetected through virus-scanning and Trojan-scanning tools because they don’t match any known signatures. Some of the Trojan kits available in the wild are Senna Spy Generator, the Trojan Horse Construction Kit v2.0, Progenic Mail Trojan Construction Kit, and Pandora’s Box.

Viruses and Worms 

Viruses and worms can be use to infect a system and modify a system to allow a hacker to gain access. Many viruses and worms carry Trojans and backdoors. In this way, a virus or worm is a carrier and allows malicious code such as Trojans and backdoors to be transfer from system to system much in the way that contact between people allows germs to spread.

 A virus and a worm are similar in that they’re both forms of malicious software (malware). A virus infects another executable and uses this carrier program to spread itself. The virus code is injected into the previously benign program and is spread when the program is run. Examples of virus carrier programs are macros, games, email attachments, Visual Basic scripts, and animations.

A worm is similar to a virus in many ways but does not need a carrier program. A worm can self-replicate and move from an infected host to another host. 

Types of Viruses 

Viruses are classified according to two factors: what they infect and how they infect. A virus can infect the following components of a system:

  1. System sectors 
  2. Files  
  3. Macros (such as Microsoft Word macros)  
  4. Companion files (supporting system files like DLL and INI files) 
  5. Disk clusters 
  6. Batch files (BAT files)  
  7. Source code

Viruses are categorize according to their infection technique, as follows:

1. Polymorphic Viruses 

These viruses encrypt the code in a different way with each infection and can change to different forms to try to evade detection.

2. Stealth Viruses 

These viruses hide the normal virus characteristics, such as modifying the original time and date stamp of the file so as to prevent the virus from being noticed as a new file on the system.

3. Armored Viruses 

These viruses are encrypted to prevent detection.

4. Multipartite Viruses 

These advanced viruses create multiple infections. 

5. NTFS and Active Directory Viruses 

These viruses specifically attack the NT file system or Active Directory on Windows systems.

Virus Detection Methods:-

The following techniques are use to detect viruses: 

  1. Scanning  
  2. Integrity checking with checksums 
  3. Interception based on a virus signature

The process of virus detection and removal is as follows:

  1.  Detect the attack as a virus. Not all anomalous behavior can be attribute to a virus.
  2.  Trace processes using utilities such as handle.exe, listdlls.exe, fport.exe, netstat.exe, and pslist.exe, and map commonalities between affected systems.
  3.  3. Detect the virus payload by looking for altered, replaced, or deleted files. New files, changed file attributes, or share library files should be check. 
  4. Acquire the infection vector and isolate it. Then, update your antivirus definitions and rescan all systems.

Article By: Sayan Chatterjee

If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs

Leave a Comment

Your email address will not be published. Required fields are marked *