Anti-Black Primer: How Trojan horses work

A Trojan horse is a program that has certain features or is just fun. But it usually does something unexpected, such as stealing passwords or files.

How a Trojan Horse works

The General Trojan program includes the client and the service end two programs, in which the client is used for the attacker remote control implanted Trojan machine, server-side program that is Trojan program. The attacker wants to attack your system through a Trojan horse, and his first step is to put the server-side program of the Trojan into your computer.

At present, the main way of Trojan intrusion is to get the Trojan to execute the file into the attacker's computer system by some means first. The use of the way there are mail attachments, download software medium, and then through a certain hint deliberately misleading the attacker to open the execution file, such as deliberately lied to this Trojan execution file, is your friend sent you a greeting card, Maybe when you open this file, you do have the picture of the greeting card, but then maybe the Trojan has been quietly running in your background. The general Trojan execution file is very small, most of them are a few k to dozens of K, if the Trojan bundled to other normal files, you can hardly find, so, there are some sites to download the software is often bundled with the Trojan file, you perform these downloads files, also run the Trojan horse.

Trojans can also be implanted through script, ActiveX, and asp.cgi Interactive scripts, as Microsoft's browsers have some vulnerabilities in executing senipt scripts. Attackers can use these vulnerabilities to spread viruses and Trojans, and even directly to the browser computer file manipulation and other control. A short time ago, an HTML page using Microsoft Scripts Script vulnerability to format a browser's hard disk was presented. If an attacker has a way to download a trojan executable file to an Execute WWW folder on the attacking host, he can execute the Trojan directory on the attacking host by compiling a CGI program. In addition, Trojan can also take advantage of some of the system to plant people, such as Microsoft's well-known US server overflow vulnerability, through a iishack attack program can cause the IIS server crashes, and simultaneously attack the server, execute remote Trojan execution files.

When the server program runs successfully on the infected machine, the attacker can use the client to establish a connection with the server and further control the infected machine. In the client and service-side communication protocol choice, most Trojans use TCP/IP protocol, but there are some Trojans for special reasons, the use of UDP protocol for communication. When the server is running on the infected machine, it hides itself in a corner of the computer as much as possible to prevent the user from discovering it, listens to a particular port, waits for the client to connect to it, and still works correctly for the next time the computer is restarted. Trojan horse programs will generally modify the registry or other ways to become a self starter program.