Google
 
Web www.ykta.com
Trojan Horses


A Trojan horse is not considered a computer virus or worm because it does not
propagate itself. However, a virus or worm may be used to copy a Trojan horse on to
a target system as part of the attack payload, a process referred to as dropping. The
typical intent of a Trojan horse is to disrupt the user’s work or the normal operations
of the system. For example, the Trojan horse may provide a backdoor into the
system for a hacker to steal data or change configuration settings.
There are two other terms that are often used when referring to Trojan horses or
Trojan-type activities that are identified and explained as follows:
● Remote Access Trojans. Some Trojan horse programs allow the hacker or data
thief to control a system remotely. Such programs are called Remote Access Trojans
(RATs) or backdoors. Examples of RATs include Back Orifice, Cafeene, and
SubSeven.
For a detailed explanation of this type of Trojan horse, see the article “Danger:
Remote Access Trojans” on Microsoft TechNet at:
www.microsoft.com/technet/security/topics/virus/virusrat.mspx.
● Rootkits. These are collections of software programs that a hacker can use to gain
unauthorized remote access to a computer and launch additional attacks.. These
programs may use a number of different techniques, including monitoring
keystrokes, changing system log files or existing system applications, creating a
backdoor into the system, and starting attacks against other computers on the
network. Rootkits are generally organized into a set of tools that are tuned to
specifically target a particular operating system. The first rootkits were identified
in the early 1990s, and at that time the Sun and Linux operating systems were the
main targets. Currently, rootkits are available for a number of operating systems,
including the Microsoft® Windows® platform.
Note: Be aware that RATs and some of the tools that comprise rootkits may have legitimate
remote control and monitoring uses. However, the security and privacy issues that these
tools can introduce raise the overall risk to the environments in which they are used.




Worms

If the malicious code replicates it is not a Trojan horse, so the next question to
address in order to more clearly define the malware is: “Can the code replicate
without the need for a carrier?” That is, can it replicate without the need to infect an
executable file? If the answer to this question is “Yes,” the code is considered to be
some form of worm.
Most worms attempt to copy themselves onto a host computer and then use the
computer’s communication channels to replicate. For example, the Sasser worm
relies on a service vulnerability to initially infect a system, and then uses the infected
system’s network connection to attempt to replicate. If you have installed the latest
security updates (to stop the infection), or enabled the firewalls in your environment
to block the network ports the worm uses (to stop the replication), the attack will
fail. In the case of Windows XP, once Service Pack 2 has been applied both the
infection and replication methods are blocked. This is because the service vulnerability
has been removed and the Windows firewall is enabled by default. Additionally,
if the Automatic Updates option is set to Automatic (recommended) any future
issues will be addressed as the updates become available.



Viruses

If the malicious code adds a copy of itself to a file, document, or boot sector of a disk
drive in order to replicate it is considered a virus. This copy may be a direct copy of
the original virus or it may be a modified version of the original. See the “Defense
Mechanisms” section later in this chapter for more details. As mentioned earlier, a
virus will often contain a payload that it may drop on a local computer, such as a
Trojan horse, which will then perform one or more malicious acts, such as deleting
user data. However, a virus that only replicates and has no payload is still a
malware problem because the virus itself may corrupt data, take up system resources,
and consume network bandwidth as it replicates.



Target Environments

As malware attempts to attack a host system, there may be a number of specific
components that it requires before the attack can succeed. The following are typical
examples of what malware may require to attack the host:
● Devices. Some malware will specifically target a device type, such as a personal
computer, an Apple Macintosh computer, or even a Personal Digital Assistant
(PDA), although it should be noted that PDA malware is currently rare.
● Operating systems. Malware may require a particular operating system to be
effective. For example, the CIH or Chernobyl virus of the late 1990s could only
attack computers running Microsoft Windows® 95 or Windows® 98.
● Applications. Malware may require a particular application to be installed on the
target computer before it can deliver a payload or replicate. For example, the
LFM.926 virus of 2002 could only attack if Shockwave Flash (.swf) files could
execute on the local computer.
Home I Mind I Body I Life I Tools I New I Music Instrument I Links I Contact Us I
Copyright ©2003,  part of The YKTA Corporation, and its licensor's. All rights reserved.
Y  K  T  A
HELP

AdlandPro Worlds Classifieds
Get Linked from 15,000+ sites with one click.

Hosting by Yahoo! Web Hosting
Look At This
Are you looking for good
Articles about....
Try these free to
republish.
You can use them for
your needs or for friends
or your site.

CLICK HERE
Get Linked from thousands of Classifieds for FREE with one click.
BACK TO MAIN PAGE
Get the last news
about Germany and
the world.

http://www.focus.de/
We have to help Keep
our  internet  
clean and honest.

. WE ALL
NEED HELP
FOR STOP
THIS .

Knowledge
and Tools

Click Here
HELP
WE
HAVE
PSORIA
SIS
Click Here
base of base
Look At This
Down load
Free Good
Books:
Go To
Look At This
AFRICA
AUSTRALIA
NORTH AMERICA
SOUTH AMERICA
SPAIN
Look At This
THE WAY,  WHY
WRITING A BOOK