A Trojan will usually appear as a game, utility, or some other innocuous file in order to gain access to a computer system. When the user launches the program, it first installs the Trojan before continuing to work in the way the user expects. In this way, the user becomes responsible for infecting his own machine.
Like viruses, Trojans are able to alter files, delete data, and display messages. However, Trojans tend to be designed for two main purposes: gathering information and taking control of an infected system. Once active, a Trojan will scan the user’s hard disk for sensitive information, such as passwords, credit card details, and anything else of value. Once this information has been gathered, the Trojan will wait for an opportunity to phone home. Usually, the Trojan waits until the user is online and then sends the information it has collected in an e-mail. By waiting until there is some Internet activity, the Trojan often escapes the user’s notice.
Some Trojans install a key logger to monitor all activity on the infected computer. A key logger records every key pressed by the user and stores the data in a file on the computer’s hard disk. By monitoring a computer over a period of time, the key logger is able to collect a wide variety of information, including all passwords and user names typed by the user, the contents of any outgoing e-mail messages, the contents of word-processing documents, and any information entered into any forms displayed on Web pages. Even a single online transaction may provide enough information to defraud the computer’s owner. For instance, if a user makes a purchase from an online store, such as Amazon.com, the key logger will have an opportunity to record his account details and credit card information.
From time to time, the key logger will need to send the information it has collected to its owner. It is at this time that the user may notice an unusual surge in Internet traffi c caused when the key logger sends its data by e-mail. Some of the most sophisticated key loggers try to reduce the risk of detection by minimizing the amount of data transmitted by e-mail. This is achieved by compressing the data file after deleting any data that has been sent before. It is also possible for a key logger to transmit the data file at regular intervals or when it reaches a certain size. This prevents the program from attempting to send large files that may cause increased Internet traffic for hours at a time. Some programs are even capable of splitting a large data fi le into several parts so that it can be sent a little at a time.
Some Trojans are used to establish control over the computers they infect. Sometimes, only partial control is needed and users may be unaware that a Trojan is sending out e-mail or taking part in a denial of service attack. However, some Trojans allow a third party to take complete control over the infected computer, just as if they were sitting in front of it. The Trojan acts as a remote-control application, allowing its owner access to all of the computer’s resources including programs, data files, printers, disk drives, webcams, and network services, such as Internet access. Once control has been taken over the machine, users are virtually powerless to interfere except by switching the power off. The best-known example of this kind of Trojan is Back Orifice, which was produced by a hacking group known as the Cult of the Dead Cow.
No comments:
Post a Comment