Trojans and Backdoors

Attitude Adjustment: Trojans and Malware on the Internet

Trojans and Backdoors Internet Security Whitepapers

This paper continues our examination of Trojan horses on the Internet; their prevalence, technical structure and impact. It explores the type and scope of threats encountered on the Internet - throughout history until today. It examines user attitudes and considers ways in which those attitudes can actively affect your organization’s vulnerability to Trojanizations of various types. It discusses the status of hostile active content on the Internet, including threats from Java and ActiveX, and re-examines the impact of these types of threats to Internet users in the real world. Observations related to the role of the antivirus industry in solving the problem are considered. Throughout the paper, technical and policy based strategies for minimizing the risk of damage from various types of Trojan horses on the Internet are presented.

Hunting Trojan Horses

Trojans and Backdoors Internet Security Whitepapers

In this report we present HTH (Hunting Trojan Horses), a security framework for detecting Trojan Horses and Backdoors. The framework is composed of two main parts: 1) Harrier – an application security monitor that performs run-time monitoring to dynamically collect execution-related data, and 2) Secpert – a security-specific Expert System based on CLIPS, which analyzes the events collected by Harrier. Our main contributions to the security research are three-fold. First we identify common malicious behaviors, patterns, and characteristics of Trojan Horses and Backdoors. Second we develop a security policy that can identify such malicious behavior and open the door for effectively using expert systems to implement complex security policies. Third, we construct a prototype that successfully detects Trojan Horses and Backdoors.

SAdoor - A Non-Listening Remote Execution Server

Trojans and Backdoors Internet Security Whitepapers

SAdoor listens for a set of packet on a specific NIC and when the first packets (key-packets) has arrived, the last packet (command-packet) is accepted, which contains a shell command for SAdoor to run, or information about how to established a connection.

The Trojan Money Spinner

Trojans and Backdoors Internet Security Whitepapers

In this paper when we refer to a 'banking trojan' we are talking about a piece of malware that targets the money from the account of an online bank. Certain other financial services such as online stock brokerage services are also considered 'online banks' in this context. Some papers have used the term 'phishing trojan' for almost the same thing. Recently the term 'crimeware' has become commonly used to refer to banking trojans. In this paper we consider banking trojans to be a subcategory of crimeware. Crimeware refers to a more general group of malware that are designed to bring financial gains to their writer or distributor. Crimeware therefore includes clickers, spam proxies, ransomware, and other malicious programs that are not interested in online banking per se.

Trojan White Paper

Trojans and Backdoors Internet Security Whitepapers

Many home users are kept in the dark about Trojans, what they are exactly, and the force behind them. The Trojan scene is quite an interesting one, one which I will document in this text, in order to give readers a better understanding of Trojans and the people that create and use them, After all there is more to Trojans than just the Trojans themselves. I will also detail in this text the technologies the latest Trojans incorporate in order to make themselves more stealthy and/or harder to remove. The general purpose of this text is to educate the reader about Trojans, so they can help protect themselves against them, and in the event of infection they may remove them and try and to prevent them from doing any further damage.