Monday, 19 September 2022

Trojan Horse

 Trojan Horse

Trojan Horse are malicious programs which mislead from its actual intentions.  The word of  Trojan derived from a Greek story. This is a wooden horse, in which soldiers hiding and waiting to enter the city. When the wooden horse reached in the city and then soldiers came out and  attacked. With this theory, Trojan software mislead user intention and wait for time to came out for stealing the user information and also give unauthorized access to Threat actor. The trojan can also spread other connected devices across a network.



Trojans are typically spread by Social Engineering. The purpose or most common use of Trojan programs are: -

  • Steal Information
  • Infect Connected Devices
  • Creating back door
  • Gaining Unauthorized Access
  • Ransomware Attacks
  • Using Victim for Spamming
  • Using Victim as Botnet
  • Downloading other malicious software
  • Disabling Firewalls

The following are list of port wise  Trojan, such as 

  • TCP Port 20 Senna Spy
  • TCP Port  21 Invisible FTP
  • TCP Port 22 Shaft
  • TCP Port 80 Executor
  •  TCP Port 421 Wappers Trojan
  • TCP Port 1095/1098 RAT
  • TCP Port 17300 Netbus
  • TCP Port 53001 Remote window Shutdown
  • TCP Port 456 Hacker Paradise 

For Cyber security you must know the process of Trojan working. The process divide in following steps,
  1. Creating Trojan with Trojan Construction Kit
  2. Creating Droppers for deliver Trojan 
  3. Creating Wrapper  for blind the Trojan file
  4. Execute the Dropper (Trojan File)
Threat Actor used Trojan Construction Kit to customized the Trojan. Customized Trojans can be more dangerous for the target. After that  Threat Actor attached the Trojan with dropper (Dropper is a software, which designed for delivering a payload on the target machine). Threat Actor also  blind  the file with Wrapper. So this file not easily detect by defending software. 

Once Trojan is installed on Target PC, it will connect the attacker  to the victim by providing unauthorized access or extract secret information or perform a specific action for which Trojan is designed for.


Following are some Trojan Types,
  • Command Shell Trojans (For Remote Control Command Shell)
  • Defacement Trojans (For Editing  & Executing Windows Program)
  • HTTP/HTTPS Trojans (For Bypassing Firewall and Executing  on Target)
  • Botnet Trojans ( FOR DDos Attack)
  • Proxy Server Trojans ( For Converting Host system to Proxy server)
  • Remote Access Trojans ( For GUI access of  Target System)
 
 By following some measures, You can protect of your network from Trojans. like as ,
  • Avoid to Click on Suspected Email Attachments
  • Monitor Network Traffic
  • Block unused Ports 
  • IDS
  • Antivirus
  • Scan USB or any removeable media before use
  • Enable Auditing
  • Used Host base Firewall

No comments:

Post a Comment

Building Own SIEM Environment using Opensource Tools (Part 4)

  Building Own SIEM Environment using Opensource Tools (Part 4) Wazuh Server As per last blog, we are going to install Wazuh server and Wazu...