In the last article, I had introduced you to the concept of trojans or RATs. Today I'll try to go a bit deep in this subject. This topic has got the potential to be a deeply engrossing one. So try to follow the basic concepts and then you can actually try your hand at playing God (for educational purpose, of course).
I'll start this article with the ways a trojan may get activated on an infected PC. The article will also try to classify the different types of trojan based on the basic function they perform.
Most trojans create some file in the WINDOWS\SYSTEM directory. The file will be something that will fool the victim in thinking that it is a normal windows executable. Most trojans hide from the Ctrl+Alt+Del menu. This is because there are people who use this way to see which process are running in the system. There are programs that will tell me you exactly the process and the file from where it comes from. But some trojans fake names and it's a bit hard for some people to understand which process should be terminated. The remote access trojans opens several ports on your PC. These allow any remote user to connect to your PC and create havoc.
Note: Ports are logical, theoretical and virtual connection points for a PC on any network. Inherent part of TCP/IP. Will be discussed in detail later.
Different types of trojans are:
Password Sending Trojans
The purpose of these trojans is to rip all cached passwords and send them to specified e-mail without letting the victim know about the e-mail. Most of these trojans don't start on every system startup and most of them use port 25 to send the e-mail. There are such trojans that e-mail other information too like ICQ number, computer info and so on. These trojans are dangerous if you have any passwords cached anywhere on your computer.
These trojans are very simple. The only one thing they do is to log the keys that the victim is pressing and then check for passwords in the log file. In the most cases, these trojans restart every time Windows is loaded. They have options like online and offline recording. In the online recording they know that the victim is online and record everything typed in. But in the offline recording everything written after Windows start is recorded and saved on the victims disk waiting to be transferred.
The only one function of these trojans is to destroy and delete files. This makes them very simple and easy to use. They can automatically delete all your .dll or .ini or .exe files on your computer. These are very dangerous trojans and once you're infected, be sure of the fact that if you don't disinfect your computer soon, soon you will a good-for-nothing machine.
These trojans open port 21 on your computer letting everyone having a FTP client to connect to your computer without password with full upload and download options.
These are the most common trojans. They all are dangerous and you should me careful while using them (if you do). Next time we will see different ways via which you can be infected by a trojan. Further we will also see preventive measures. So don't miss the next issue.
Till then, goodbye and safe surfing.