Have
your wallpaper ever changed automatically ? Have the programs ever
started without your initiation ?Have the browser opened unexpected
websites automatically ?Simply have you ever felt that someone else is
controlling your computer ? NO ?Congrats, you probably haven't been a
victim of trojan yet :).
A
trojan horse is a remote administration tool(RAT). This is one of the
best friend of a hacker. A trojan gives the full control of victim's PC
to the attacker. A trojan has two parts .
One is client part (Control Panel) and
One is client part (Control Panel) and
other is server part (meant to be sent to victim).
The basic method of using a trojan is as follows:-
1. Attacker creates an executable file of size in kbs.This is server part of trojan and mostly called as server.exe
2.Attacker might hide this server.exe behind any genuine file like a
song or image.Attacker gives this file to victim and victim is supposed
to double click on it.
3.As victim run that server part,a port on victim's computer gets opened
and attacker can control his PC sitting remotely in any
part of the world through the control panel(client part).Attacker can do
anything with victim's computer remotely that victim himself can do on
his computer.
Note: Now I am assuming that you know a little bit about IP addresses that is lan/internal/private and wan/external/public IP.
Two different methods of working of Trojan.
1.Direct Connection : In this
method, after the server part has been installed on victim's machine,
the attacker enters the public IP address assigned to victim's computer
for making a connection to it. But limitations of direct connection is
that public IP address is most probably dynamic and gets changed
everytime one disconnects and reconnects. So attacker needs to find out
IP address of victim each time.Moreover the incoming connection like
this is usually restricted by firewall.The main limitation of direct
connection is that you can not access the victim who is behind a router
or a network beacuse victim's machine is not assigned
public/external/wan IP. It is only assigned private/internal/lan IP
which is useless or meaningless for computers
outside that network.The wan IP belongs to his router.
It doesnt matter how attacker is connected to internet.
Victim is behind a router in this case.
2. Reverse Connection: In this
method, attacker enters his own IP address in server part while
configuring it.So when the server part is installed on victim's
computer, it automatically makes connection with client part that is
attacker. Also the firewall in victim's machine would not restrict to
outgoing connections. Problem in this case is same that attacker's IP is
also dynamic.
But this can be over come easily. Attacker actually enters a domain name in server part which always points to his dynamic IP.
Reverse connection can bypass a router or a network.
No comments:
Post a Comment