| The Infomation Technology (Certifying Authority) Regulations, 2001 |
| The Cyber Regulations Appellate Tribunal |
India Cyber Law and Cases Welcome to the largest Database of Cyber Law and Cases from India. We publish cyber law cases & news from India. Send your suggestions / articles / news Latest News
|
|||||||||||||
TrojansIn the 12th century BC, Greece declared war on the city of Troy. The dispute erupted then the prince of Troy abducted the queen of Sparta and declared that he wanted to make her his wife. This naturally angered the Greeks (and especially the queen of Sparta). The Greeks besieged Troy for 10 years but met with no success as Troy was very well fortified. In a last effort, the Greek army pretended to be retreating, and left behind a huge wooden horse. The people of Troy saw the horse, and, thinking it was some kind of a present from the Greeks, pulled the horse into their city, unaware that the hollow wooden horse had some of the best Greek soldiers sitting inside it. Under the cover of night, the soldiers snuck out and opened the gates of the city, and later, together with the rest of the army, killed the entire army of Troy. Similar to the wooden horse, a Trojan horse program pretends to do one thing while actually doing something completely different. Types of Trojans The following are the most common
types of Trojan horses: These are the most popular Trojans. They let a hacker access the victim's hard disk, and also perform many functions on his computer (shut down his computer, open and close his CDROM drive etc.). Modern RATs are very simple to use. They come packaged with two files - the server file and the client file. The hacker tricks someone into running the server file, gets his IP address and gets full control over his/her computer. Some Trojans are limited by their functions, but more functions also mean larger server files. Some Trojans are merely meant for the attacker to use them to upload another Trojan to his target's computer and run it; hence they take very little disk space. Hackers also bind Trojans into other programs, which appear to be legitimate e.g. a RAT could be bound with an egreeting card. Most RATs are used for malicious purposes, to irritate, scare people or harm computers. There are many programs that detect common Trojans. Firewalls and anti-virus software can be useful in tracing RATs. Remote administration Trojans open a port on your computer and bind themselves to it (make the server file listen to incoming connections and data going through these ports). Then, once someone runs his client program and enters the victim's IP address, the Trojan starts receiving commands from the attacker and runs them on the victim's computer. Some Trojans let the hacker change this port into any other port and also put a password so only the person who infects the specific computer will be able to use the Trojan. In some cases the creator of the Trojan would also put a backdoor within the server file itself so he'll be able to access any computer running his Trojan without the need to enter a password. This is called "a backdoor within a backdoor". The most popular Windows RATs are Netbus, BO and Sub7. Password Trojans Password Trojans search the victim's computer for passwords and then send them to the attacker or the author of the Trojan. Whether it's an Internet password or an email password there is a Trojan for every password. These Trojans usually send the information back to the attacker via Email. Privileges-Elevating Trojans These Trojans are usually used to fool system administrators. They can either be bound into a common system utility or pretend to be something harmless and even quite useful and appealing. Once the administrator runs it, the Trojan will give the attacker more privileges on the system. These Trojans can also be sent to less-privileges users and give the attacker access to their account. Key loggers These Trojans are very simple. They log all of the victim's keystrokes on the keyboard (including passwords), and then either save them on a file or email them to the attacker once in a while. Key loggers usually don't take much disk space and can masquerade as important utilities, thus making them very hard to detect. Destructive Trojans These Trojans can destroy the victim's entire hard drive, encrypt or just scramble important files. Some might seem like joke programs, while they are actually ripping every file they encounter to pieces. Joke Programs Joke programs are not harmful. They can either pretend to be formatting your hard drive, sending all of your passwords to some hacker, self-destructing your computer, turning in all information about illegal and pirated software you might have on your computer to the police (or to Privacy Watch!) etc. In reality these programs do not do anything. Some common Trojans Back Orifice (BO) This Trojan was developed by a community of hackers known as "Cult of the dead cow" (www.cultdeadcow.com). This Trojan can be downloaded from www.BO2K.com and numerous other websites. (Note: the websites keep changing and it is best to use a powerful search engine like www.Google.com to search for the program.) Back Orifice consists of two parts, a client application and a server application (approximately 122 KB). The client application, running on the hacker's computer, can be used to monitor and control the victim's computer (which runs the server application). The hacker can do the following activities on the victim's computer: i. Run any program or see any file The hacker could be in Australia and the victim in China, but still the hacker can do all the above activities on the victim's computer! The following are the main characteristics of BO: i. BO can only be used on victim computers that are running the Windows 95 or Windows 98 operating systems. ii. The server part of the program
has to be installed on the victim computer. The victim is usually
fooled into installing the server part by sending him the Trojan
fused with another program (e.g. an electronic Diwali card fused
with the Trojan program). NetBus NetBus was developed by a Swedish citizen named Carl-Fredrik Neikter who claimed that he developed it "purely for fun". Netbus can be downloaded from hundreds of websites. It is best to use Google.com to search for the program. Netbus allows the hacker to do numerous activities on the victim's computer. Some of these are: i. Open/close the CD-ROM once or
in intervals (specified in seconds) The following are the main characteristics of Netbus: i. Once it is installed on the victim
computer, it runs every time the computer is started 184. NetBus 2 Pro NetBus 2 Pro is the "legitimate" version of NetBus. It affects computers running the Windows 95, 98 and NT operating systems. The "server" portion (named "NBSvr.exe") is approximately 599 KB in size. Once installed NetBus is run every time the computer is started. Carl-Fredrik Neikter who is also the creator of the original NetBus developed NetBus 2 Pro. Deep throat v 2 Deep Throat was developed by a person called ^Cold^ KiLler, CEO of DarkLIGHT Corp. Deep Throat v 2 affects computers running the Windows 95 / 98 operating systems. The Trojan deletes the existing "systray.exe" file of the victim computer (which is normally 36 KB in size) and replaces it with the "server" portion of the Trojan (which is approximately 301kb in size). Once installed, it is run every time the computer is started. Among other things, Deep Throat allows the hacker to open/close the CD-ROM tray of the victim's computer, restart the victim computer, get a screen dump, and start an FTP Server on Port 21 of the victim. |
