Types of Trojan horse
Since the Trojans since birth, has appeared in many types, would like to give them to a complete the list and annotations for the impossible, not to mention the majority of Trojan horse is not a single function, they are often very many functions integrated product ---- and even many of the functions from the public in a number of Trojan also widely exist. Nevertheless, to the Trojans to a preliminary classification. For computer users is also very necessary and timely.
1. Remote Control Trojans
Remote control Trojan is the largest number of most harmful, while the maximum is also a well-known Trojan that can allow an attacker to completely control an infected computer, an attacker can even use it to complete some computer owners themselves can not be successfully carried out operations its great harm should not be underestimated. As the remote control to achieve the purpose, therefore, the types of Trojan horse is often integrates the functions of other types. So that the infected machines do whatever they want, you can now access files, get the owner's private information and even credit card, bank account number and other vital information.
The famous glacier is a remote access Trojan Trojan horse type. Using this type of Trojan horse up is very simple. Just someone to run the server and get the victim's IP. Will have access to his / her computer. They can dry your machine anything. Remote Access Trojans general characteristics of type: keylogger, upload and download, registry operations, restrict system functions ... ... and so on. Remote Access Trojans will type on your computer to open a port to stay connected, as shown in Figure 1-1 1 1.
Figure 1-1-1
2. Password sent Trojans
Increasingly important in information security today. Password is undoubtedly important information leading to an extremely useful key, as long as the master password each other, from a large extent. You can get each other a lot of unscrupulous information. The password is sent special type of Trojan horse infected computer to steal passwords and write, and Trojan, once implemented, will automatically search for the memory, Cache, temporary folder, and all kinds of sensitive password file, once the search for useful password, Trojan will use free e-mail service will send the password to the specified mailbox. To achieve the purpose of obtaining a password, so most of these Trojans use port 25 to send E-mail. Most of these Trojan horse does not restart every time Windows restarts. The purpose of this Trojan horse is to find all the hidden password and the victims do not know where to send them to the specified mailbox, if the physical hidden password, these Trojan horses are dangerous.
Because we need the password diverse, different forms of storage, so often we need to write your own procedures to meet their requirements by Trojan.
3. Keylogging Trojan
This Trojan horse is very simple. They only do one thing, that is, record the victim's keystrokes and find the password in the LOG file. According to my experience, this Trojan horse with the boot and start Windows. They have online and offline recording options such as the name suggests, they were recorded online and offline, you tap the keyboard keys when the situation. That is what button you press, the next horse people know, from these keys, he can easily get your password and other useful information, even your credit card account Oh!, Of course, for this type of Trojan, mail function is also indispensable.
4. Destructive nature of the Trojan
This Trojan only function is to destroy the infected computer's file system, it suffered a system crash or loss of a great loss of important data. From this point, it and the virus is very similar. However, in general, the activation of this Trojan is controlled by the attacker, and the spread of the virus less than a lot of ability.
5.DoS Trojan horse attack
As more and more widely used in DoS attacks, DoS attacks, Trojan horse being used as more and more popular. When you invade a machine, give him kind of DoS attack on the Trojans, then will this computer be your DoS attacks on the most right-hand man was. You control the number of chickens, the more you launch a DoS attack, the greater chance of success. Therefore, the danger of this Trojan is not reflected in the infected computer, but also at the attacker can use it to attack one another computer, cause great harm to the network and cause losses.
There is also a similar DoS Trojan horse known as e-mail bombs, once the machine is infected, trojans will be randomly generated a variety of letters, kept on a specific mailbox to send messages to each other has been paralyzed, unable to accept the message up.
6. Agent Trojan
While the invasion of hackers cover their tracks, to guard against others find their own identity is very important, therefore, to be controlled on the agency Trojan chicken species, allowed the attacker to become a springboard for attacks is the most important task proxy Trojan . Through a proxy Trojan, an attacker can use in case of anonymous Telnet, ICQ, IRC and other procedures so as to cover their tracks.
7.FTP Trojan
This Trojan may be the most simple and ancient Trojan, and its only function is to open the 21 ports, waiting for the user to connect. Now the new FTP Trojans also added password function, so that only the attacker knows the correct password the talent to enter the other computer.
8. Program Trojan killer
Although the above features all kinds of Trojans, but to the other machine to play a role, but also had anti-spyware software that off Caixing. Popular anti-spyware software are ZoneAlarm, Norton Anti-Virus and so on. Trojan program killer feature is the closure of the other machine running on such procedures, so that the other horse to work better. In http:/www.snake-basket.de/e/AV.txt this address, you can find most of the now popular use of anti-virus and anti-Trojan software, the name, description, and the end of their methods.
9. Bounce port-based Trojans
Trojan is a Trojan developer features in the analysis found that the firewall: the firewall for incoming links tend to be very strict filtering, but the link is for even a guard. Thus, contrary to the general's horse, bounce port type Trojan server (the controlled side) with active port, client-side (control side) to use passive ports. Trojan regular monitoring of the client, there is, find that the control side on the line immediately pop-port active link control side to open the active port; for covert purposes, the control side of the passive port normally open at 80, so that if users use port scanning software to check their own ports, also found a similar TCP UserIP: 1026 ControllerIP: 80ESTABLISHED situation, a little bit negligent, you thought that his website (firewall would think so, I think probably no connection outside the firewall will not allow users to port 80 it ).
See here, one may ask: So how can the server know the client, IP address? Are control client can only use a fixed IP address? Inspections to find the. In fact, this rebound port Trojans often use a fixed IP of third-party storage device to carry out IP address of the transfer. Give a simple example: a good prior agreement a personal home page space in which to place a text file, Trojans once every minute to GET the file, if the contents of the file is empty, it does not do anything, if there is content, in accordance with the text file data to calculate the client, IP and port, a TCP link bounce back, so that each controller on-line FTP only one INI file, you can tell the horse where they are. In order to be safe. The IP address even after a certain encryption, in addition to service and control side. Others have not even got any sense. For those able to analyze packet filtering TCP / UDP firewall, port-based Trojans rebound the same method to deal with. To put it simply. Control client uses port 80 trojan can really use the HTTP protocol will transmit the data contained in the HTTP packet, the Do firewalls really smart enough to tell whether through the HTTP protocol is transmitted page or control commands and data? Such as Figure 1 1 1 1 2 below.
Figure 1-1-2
Recommended links:
Fu Chong: The General Trend Of Those Who Know Great Things
Borrow money to MAKE money doing business
RECOMMEND Firewall And Proxy Servers
"Deceiving" Or "enlightened Approach"
MKV to iPod
Domain Name Registration Norms Into Their Public Phase Of Consolidation
VOB to MP4
FreeBSD Serial (35): serial port and modem
reviews Newsgroup Clients
Compare Active X
Photoshop Plug-in Filters
ASF CONVERTER
"Dance Like" Chinese Edition
Zhou Chengyu Court hematemesis: die in The end to fight a lawsuit
power nas campus NETWORK solution education
Green Manufacturing MES Successes
No comments:
Post a Comment