[Trojans]:-
trojan horses present more difficulties in definition than at first appears, whereas viruses r defined primarily by their ability 2 effect, either a program replicates, or it doesn't. damage n intent, however, r not absolutes, at least in terms of program function...
trojans work similar to the client-server model. they consists two parts, a client part n a server part. attacker deploys d client 2 connect to the server, which runs on the remote machine when d remote user (unknowingly) executes the trojan on d machine, typical protocol used by most Trojans is the TCP/IP protocol. wen d server is activated on the remote computer, it'll usually try to remain in a stealth mode, or hidden on d computer. It is usual for Trojans to also modify d registry n/or use some other auto start method (usually "autorun.inf" file). many Trojans have configurable features like mailing d victim's IP.
this is relevant wen d remote machine is on a network with dynamically assigned IP address or when d remote machine uses a dial-up connection 2 connect 2 the internet. most of d trojans use auto-starting methods so that the servers r restarted every time d remote machine reboots / starts. this is also notified to the attacker.. lol..!! ya a log file is sent to attacker!! the start up method ranges from associating the trojan with some common executable files such as explorer.exe to the known methods like modifying d system files or d "Windows Registry"... do u know wat registry? type "regedit" in run command hit enter! :)
some of the popular system files targeted by trojans are auto start folder, "Win.ini", "System.ini", "Winstart.bat", "autoexec.bat" etc etc!!! u can get theses files in "C:" drive! bt dont modify it!
registry is often used in various auto-starting methods.. for xample..
[HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\Current\VersionRunServices]
" Info"="c:directoryTrojan.exe"
registry shell open methods...
[HKEY_CLASSES_ROOTexefileshellopencommand]
[HKEY_LOCAL_MACHINESOFTWAREClassesexefileshellopencommand]
A key with the value "%1 %*" should be placed there n if there is some executable file placed there, it'll be executed each time a binary file is opened. its used like this: trojan.exe "%1 %*"; this would restart the Trojan.
[Worms]:-
.
trojans frequently masquerade as games, joke programs, screensavers, n other programs frequently exchanged by email. compiled binaries r not d only places u'll find trojans, batch files n other shell scripts, perl programs, and perhaps even code written in JavaScript or VBScript...!!!
If u ppl would like to learn how Trojans or Rats are built u may download VB, C++ or Delphi Kits from below!
{ Attention! Following kits are educational ! }
Download:
- Delphi Master Kit 2006
- VB Master Kit 2006
- C++ Master Kit 2006
*>>Backround! :-
Delphi - A Rapid Application Development (RAD) system developed by Borland International, Inc. Delphi is similar to Visual Basic from Microsoft, but whereas Visual Basic is based on the BASIC programming language, Delphi is based on Pascal.
[ moderate - for pro's & begginers ]
VB - Programming language developed by Microsoft. Based on the BASIC language, Visual Basic was one of the first products to provide a graphical programming environment and a paint metaphor for developing user interfaces. Instead of worrying about syntax details, the Visual Basic programmer can add a substantial amount of code simply by dragging and dropping controls, such as buttons and dialog boxes. [ easy - for begginers ]
njou n share! :)
Pls give link for VB Masters Kit and Delphi Masters KIt
ReplyDelete