A Trojan gets into a system by tricking a user into downloading a seemingly innocent program and avoids detection by setting up a covert channel. Trojan behavior differs according to the types and desired outcome.
- [Instructor] Hackers are always seeking ways to get into a system. Malware is one way to gain access and cause serious damage. Let's compare some of the different types of malware. A virus alters the way a computer operates and can self-replicate and spread to other programs within the system. Yet has to have some way to travel to another host. Such as an email attachment. A worm is a self-propagating virus and it has the ability to spread and replicate throughout a system consuming resources such as memory and processing without any help from a transport agent.
Spyware tracks information on a user's viewing habit while on the Internet. And then sends that information to a remote computer without the user's knowledge. Rootkits provide attackers backdoor access into a system. A Trojan Horse takes the reference from Greek mythology. The hacker tricks a victim into downloading something harmless, such as a game, an application, or even a software upgrade.
But it actually contains a malicious program designed to breach the security of a computer. Well, all malware can pose a threat to a system. A Trojan Horse attack is a serious threat to the security of an organization. Trojans have affected businesses around the globe. As we see from this visual, Trojans account for 80% of the malware attacks. They're the most destructive and have been a significant lead in malware trend for years.
A Trojan gets into a victims computer undetected. And allows the attacker access to a system and can cause a great deal of damage. Such as destroying data, sending financial information, and monitoring computer activity. A Trojan avoids detection by setting up a covert channel. In communications, there are overt and covert channels. An overt channel is a valid and transparent communication path within a network or computer system in line with a security policy.
A covert channel is a hidden channel within a network and is a way an attacker can conceal his or her activity from standard security methods such as malware protection and intrusion detection systems. Once set up, the attacker can use the covert channel to communicate with the victim's machine to steal data, issue instructions, and phone home. The main objective of the Trojan is to get into the victim's system.
Trojans can then release their payload at a predefined time or activated by the attacker at will. Once the victim connects to the network the attacker can take control of the system and stage different types of attacks depending on the intended outcome. There are a number of different variants. A destructive Trojan randomly deletes files in a system. Such as Dynamic Link Library initialization file, folders, and even registry entries.
Banking Trojans harvest confidential information on clients using online banking and payment systems. Remote access Trojans provide attackers backdoor access to the system without any authentication required in order to access files, conversations, and other data on the victim's machine. A Denial-of-service Trojan involves the victim to become a part of a botnet designed to launch a Distributed Denial of Service attack.
Bitcoin mining Trojans sets up a mining program to mine bitcoins on the victim's system. Security software disablers disable antivirus or firewall protection. And data sending Trojans install a keystroke logger on the victim's machine. Which enables the attacker to gather sensitive data such as user names and passwords, credit card and banking information, and sends the collected information back to the attacker.
Other Trojans include proxy, FTP, and reverse-connecting Trojans. Cyber actors develop new Trojan variants every day, and the goal is still the same, profit.
Join cybersecurity expert Lisa Bock in this course as she explains how to identify vulnerabilities in your system, and how to then take countermeasures to prevent unwanted access. Lisa explains how hackers can use a Trojan to penetrate a network and lists the methods and tools that they use. She follows up by sharing how you can perform ethical hacking of your own system to detect areas of susceptibility, so you can address the flaws and defend against attacks. She also discusses rootkits, SSDP amplification attacks, ICMP, and more.
Note: Learning about ethical hacking for Trojans and backdoors is part of the Malware competency from the Certified Ethical Hacker (CEH) body of knowledge.
- Identifying and removing Trojans
- Defending against Trojans
- Blended threats
- SSDP amplification attack
- Disguising FTP, HTTP, and ping
- Using ICMP
- Detecting, removing, and avoiding rootkits