Trojan and Backdoor

Teams Group

- Nguyễn Mạnh Cường

- Nguyễn Hoàng Hoàn

- Cao Văn Tân

- Nguyễn Trung Tín

Giáo viên hướng dẫn:

- Phạm Văn Tính

Introduction• - What ‘s Trojan ?: It’s a program runs hidden on an

infected computer• - What’s A backdoor ?:It is any type of program that will

allow a hacker to connect to a computer without going through the normal authentication process

• - What’s is used ?: allow a hacker remote access to your system, start a keystroke logger to record your every keystroke, plant a backdoor on your system, cause a DoS, or even disable your antivirus protection or software firewall.

Trojan Types

Trojan Infection Mechanisms

Distributing Trojans

• - Wrapper: A wrapper is a program used to combine two or more executables into a single packaged program.

Change icon, defacing application

Infecting via CD-ROM, USB

• An Autorun.inf file

[autorun]

open=setup.exe

icon=setup.exe

• Turn off the Auto-Start functionality by doing the following:

Start button-> Settings-> Control Panel-> System-> Device Manager-> CDROM-> Properties -> Settings

Hacking Tool

• Firekiller 2000 : will kill (if executed) any resistant protection software.

• ICMP Tunneling

• Reverse WWW Shell

ICMP Tunneling

Backdoor, Trojan Countermeasures

• Most commercial ant-virus products can

automatically scan and detect backdoor

programs before they can cause damage (Eg.

before accessing a floppy, running exe or

downloading mail)

• Educate your users not to install applications

downloaded from the internet and e-mail

attachments.

Process Viewer

• Tripwire: Tripwire will automatically calculate cryptographic hashes of all key system files or any file that you want to monitor for modifications.

• Netstat:

How to avoid a Trojan infection

How to avoid a Trojan infection

How to avoid a Trojan infection