Wednesday, February 22, 2006

Why Trojan Horses Are Dangerous

The Internet of today is not only a useful informational environment, but a potential source of different dangers that threat both users’ PCs and servers. According to the statistics, the most serious threats are so-called ‘Trojan Horses’. The origin of this term is known to everybody from school. It embodies a “present” with a hidden threat for its recipient. These “presents” can be of great danger for Internet users. So, in this article we would like to describe the work of Trojan Horses.
As it was already mentioned above, Trojan Horses are one of the most dangerous threats for PC and its owner. These malicious programs can be completely different. Major worms can also be related to Trojan Horses. Describing and classifying them is very difficult. However, there is one parameter by which all Trojan Horses can be classified to different groups. This parameter is a target of the virus, or in other words, the harm that they cause on the victim-PC. There are six groups of malicious programs that exert influence upon the victim.

Remote Administration
Nowadays, there are a lot of programs that make it possible to provide remote administration of both separate PCs and computer systems. These programs are very convenient utilities that make things easier for local network administrators. The operation principle of such programs is easy: a special agent is installed on a remote PC; after that the administrator can launch the main module onto his computer, connect to another computer and get an opportunity to completely control it.
Now imagine that a PC user does not know about the agent installed into his system. And this agent connects not to another local network computer, but to thousands miles remote PC on which a hacker works. In this case the criminal can do anything he wants: steal passwords, copy personal documents, install any software, even reboot or turn off the PC. That is why Trojan Horses (in fact, these are agents utility for remote administration) of this group are most dangerous. They offer the criminal splendid opportunities to control a victim-PC.

Data Stealing
Another very dangerous group of Trojan Horses includes those viruses that are focused on stealing users’ data. They are of serious threat for home PC owners. Prima facie this may seem strange. What secret data can an ordinary user have? Hackers should be interested in huge companies which have their commercial secrets and are afraid that their data will be sold to competitors. However, there is one problem here. Trojan Horses cannot themselves find files with secret data. Moreover, it is rather difficult to send big data volumes over the Internet. At the same time it is very easy to steal data (for example passwords for access to OS or Internet) from home PCs which are usually less protected.
This variant is the most popular. With the help of Trojan Horses which steal passwords for access to the Global Network a criminal connected up to the same provider as the victim, can easily make other people cover his Internet costs by using their authorization data. Besides, there are malicious programs with a complicated algorithm. They can try to steal passwords saved in browser from different web-services, FTP-servers, etc.

Spies
Nowadays spies are used more and more often. The principle of their work is as follows: A special agent is installed on user’s PC. Working without being noticed by the user, it collects certain data and sends it over the Internet to a hacker. Such software is called spyware. Modern spyware can do a lot of things: keep log of the pressed keyboard keys, make screenshots of the whole screen and visited web-pages from time to time. All this enables criminals to collect very detailed data about their victims, including passwords necessary for access to the Internet and different services.
However, it should be noticed that the majority of this kind of Trojan Horses record only the order of typed keys. First, this information is the most critical. This is the way to learn user’s passwords and using the resources on behalf of the victim. Second, the list of pressed keys is relatively small in size. So, it can be easily sent to hackers’ PC.

Homepage Hijackings
Today there are a lot of partnership programs in the Internet. Their function is as follows: A person attracts visitors to the sponsored site, getting some fee for every visitor. In fact, partnership programs is a common thing, but only unless both sides stick to the rules. However, many web resources with the “adult” content look through their fingers at partners’ actions. As a result we have the following:
Aiming to have the highest profit, some people use Trojan Horses. They infect Internet users’ computers with such malicious programs that constantly hijack the browser home page and change it to partner’s site’s address. Vsiting it will immediately open some other pop-ups with the sponsor’s web-projects. Besides, such Trojan Horses themselves are able to initiate opening of the defined adress during certain activity of the user (connecting to the Internet, opening new browser window, etc.)

Attack Implementing
The most popular type of remote attacks are denial of service (DDoS-attacks). Their main point is in the following: criminals send great amount of special network packets. As a result, the computer cannot cope with this flood and becomes inaccessible for ordinary users. However, it is impossible to create such a huge amount of threads to completely load a server. And it is dangerous for hackers as well.
That is why criminals often use the following scheme: First of all they infect as much ordinary Internet users’ PCs as possible with a special Trojan Horse. This malicious program lives in the PC without identifying itself or making any activity. However, when it receives a special command from the control center the Trojan is activated and starts sending network packets to the pointed victim. There can be hundreds and thousands of such computers, so it is not a surprise that the server “falls down”. In fact, such Trojans Horses are not harmful for a user, except that when he works his channel is overloaded.

Downloading and Installation of Other Software
Lately, spyware requirements have changed. All viruses were very small before, but modern Trojan Horses can be huge in size. This is because of their multi-functionality (for example spy-programs and remote administration utilities) and technologies they use. It is not always possible to place such big data volumes on user’s PC. That is why hackers use the following method: First a PC is infected with a small utility which connects to a certain server, downloads malicious spyware from there, installs and launches it. In this case multi-purpose downloaders are most dangerous as they enable a criminal to install different Trojan Horses on user’s PC. It depends on what is kept on the server at this moment.

Conclusions
So, we can be certain of the fact that modern Trojan Horses are really very dangerous for any computer connected to the Internet. It is also necessary to consider that modern programs can relate to two, three and more groups. Such Trojans can for example spy on the user, secretly download and install different software on his PC and take part in attacks.
It is not difficult to protect your PC from such threats. It is enough to have a regularly updated antivirus program, correctly set firewall and regular updates of OS and software.

0 Comments:

Post a Comment

<< Home