Have your wallpaper ever changed automatically? Have the programs ever started without your initiation? Have the browser opened unexpected websites automatically? Simply not ever felt that someone else is controlling your computer? No?? Congrats, you probably haven't been a victim of Trojan yet :)


 A Trojan horse is a remote administration tool (RAT). This is something extremely dangerous. A Trojan gives the full control of victim's PC to the attacker. A Trojan has two parts. One is client part(Control Panel) and other is server part (meant to be sent to victim).

The basic methodology of using a Trojan is as follows.

1. Attackers creates an executable file of size in kbs. This is server part of Trojan and mostly called as server.exe

2. Attacker might hide this server.exe behind any genuine file like a song or image. Attacker give this file to victim and victim is supposed to double click on it.

3. As victim run that server part, a port on victim's computer gets opened and attacker can control his PC sitting remotely in any part of the world through the control panel(client part). Attacker can do anything with victim's computer remotely that victim himself can do on his computer.

Note:  Now I am assuming that you know a little bit about IP adresses that is lan/internal/private and wan/external/public IP. 
If you don't know click on the following Link.

Two different methods of working of Trojan.

1. Direct Connection: In this method, after the server part has been installed on victim's machine, the attackers enters the public IP address assigned to victim's computer for making a connection to it. But a limitation of direct connection is that public IP address is most probably dynamic and gets changed every time one disconnects and reconnects. So attackers needs to find out IP address of victim each time. Moreover the incoming connection like this is usually restricted by firewall. The main limitation of direct connection is that you cannot access the victim who is behind a router or network because victim's machine is not assigned public/external/wan IP. It is only assigned private/internal/lan IP which is useless or meaningless for computers outside that network. The wan IP belongs to his router.
It doesn't matter how attackers is connected to internet. Attacker can be connected to the internet by any of the three means. Victim is behind the router in this case.

2. Reverse Connection: In this method attackers enters his own IP address in server part while configuring it. So when the server part is installed on victim's computer, it automatically makes connection with client part that is attacker. Also the firewall in victim's machine would not restrict to outgoing connections. Problem in this case is same that attackers's IP address is also Dynamic, but this can be over come easily. Attacker actually enters a domain name in server part which always points to his dynamic IP.
    
In my next blog we will see how to deploy Trojans...

And Please comment if you have problems....
Stay connected Stay Updated. ;)

Axact

Axact

Vestibulum bibendum felis sit amet dolor auctor molestie. In dignissim eget nibh id dapibus. Fusce et suscipit orci. Aliquam sit amet urna lorem. Duis eu imperdiet nunc, non imperdiet libero.

Post A Comment: