THE BLOG WWW.TEKBALL.BLOGSPOT.COM HAS BEEN SHIFTED TO www.techmatics.blogspot.com.
we hope you will support the change.
THANK YOU !
home of latest tips and tricks for computer,mobie and internet.free sofwares,games,books,tutorials,downloads and much more....
Showing posts with label COMPUTER VIRUSES. Show all posts
Showing posts with label COMPUTER VIRUSES. Show all posts
Wednesday, April 6, 2011
Tuesday, March 1, 2011
BlackHole RAT Beta – Mac OS X Trojan Horse
BlackHole is a variant of a well-known Remote Access Trojan (RAT) for Windows known as darkComet.
“Hello, Im the BlackHole Remote Administration Tool.
I am a Trojan Horse, so i have infected your Mac Computer.
I know, most people think Macs can’t be infected, but look, you ARE Infected!
I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.
So, Im a very new Virus, under Development, so there will be much more functions when im finished.
But for now, it’s okay what I can do?”
This message, displayed in the full screen window with the reboot button blocks user’s screen.
As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple’s increasing market share.
Functions :
- Remote execution of shell commands.
- Opens URL using victim’s default browser.
- Sends a message which is displayed on the victims screen.
- Creates a text file.
- Perform shutdown, restart and sleep operation.
- Popping up a fake “Administrator Password” window to phish the target.
TROJAN HORSE VIRUS
What is a Trojan ?
"A Trojan Horse, or Trojan, is a term used to describe malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system". - Wikipedia
"A Trojan horse is an apparently useful program containing hidden functions that can exploit the privileges of the user [running the program], with a resulting security threat.". - CERT Advisory
Types of Trojan :-
The different types of Trojan Horses are as follows-
1) Remote Access Trojans :- Abbreviated as RATs, a Remote Access Trojans are potentially the most damaging, designed to provide the attacker with complete control of the victim's system.
2) Data Sending Trojans :- A type of a Trojan horse that is designed to provide the attacker with sensitive data such as passwords, credit card information, log files, e-mail address or IM contact lists. They could install a keylogger and send all recorded keystrokes back to the attacker.
3) Destructive Trojans :- Once this Trojan is installed on your computer, it will begin to systematically or completely randomly delete information from your computer. This can include files, folders, registry entries, and important system files, which likely to cause the failure of your operating system.
4) Proxy Trojans :- A type of Trojan horse designed to use the victim's computer as a proxy server. This gives the attacker the opportunity to conduct illegal activities, or even to use your system to launch malicious attacks against other networks.
5) FTP Trojans :- A type of Trojan horse designed to open port 21 (FTP) and acts like an FTP server. Once installed, the attacker not only could download/upload files/programs to victim's computer but also install futher malware on your computer.
6) Security Software Disabler Trojan :- A type of Trojan horse designed stop or kill security programs such as an antivirus program or firewall without the user knowing. This Trojan type is normally combined with another type of Trojan as a payload.
7) DoS Attack Trojans :- These trojans are used by the attacker to launch a DoS/DDoS attack against some website or network or any individual. In this case they are well known as "Zombies".
How Trojan Works ?
Trojans typically consist of two parts, a client part and a server part. When a victim (unknowingly) runs a Trojan server on his machine, the attacker then uses the client part of that Trojan to connect to the server module and start using the Trojan. The protocol usually used for communications is TCP, but some Trojans' functions use other protocols, such as UDP, as well. When a Trojan server runs on a victim’s computer, it (usually) tries to hide somewhere on the computer; it then starts listening for incoming connections from the attacker on one or more ports, and attempts to modify the registry and/or use some other auto-starting method.
It is necessary for the attacker to know the victim’s IP address to connect to his/her machine. Many Trojans include the ability to mail the victim’s IP and/or message the attacker via ICQ or IRC. This system is used when the victim has a dynamic IP, that is, every time he connects to the Internet, he is assigned a different IP (most dial-up users have this). ADSL users have static IPs, meaning that in this case, the infected IP is always known to the attacker; this makes it considerably easier for an attacker to connect to your machine.
Most Trojans use an auto-starting method that allows them to restart and grant an attacker access to your machine even when you shut down your computer.
How Trojan Horses Are Installed ?
Infection from Trojans is alarmingly simple. Following are very common ways to become infected that most computer users perform on a very regular basis.
The Removal :-
Antivirus software is designed to detect and delete Trojan horses ideally preventing them from ever being installed.
"A Trojan Horse, or Trojan, is a term used to describe malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system". - Wikipedia
"A Trojan horse is an apparently useful program containing hidden functions that can exploit the privileges of the user [running the program], with a resulting security threat.". - CERT Advisory
Types of Trojan :-
The different types of Trojan Horses are as follows-
1) Remote Access Trojans :- Abbreviated as RATs, a Remote Access Trojans are potentially the most damaging, designed to provide the attacker with complete control of the victim's system.
2) Data Sending Trojans :- A type of a Trojan horse that is designed to provide the attacker with sensitive data such as passwords, credit card information, log files, e-mail address or IM contact lists. They could install a keylogger and send all recorded keystrokes back to the attacker.
3) Destructive Trojans :- Once this Trojan is installed on your computer, it will begin to systematically or completely randomly delete information from your computer. This can include files, folders, registry entries, and important system files, which likely to cause the failure of your operating system.
4) Proxy Trojans :- A type of Trojan horse designed to use the victim's computer as a proxy server. This gives the attacker the opportunity to conduct illegal activities, or even to use your system to launch malicious attacks against other networks.
5) FTP Trojans :- A type of Trojan horse designed to open port 21 (FTP) and acts like an FTP server. Once installed, the attacker not only could download/upload files/programs to victim's computer but also install futher malware on your computer.
6) Security Software Disabler Trojan :- A type of Trojan horse designed stop or kill security programs such as an antivirus program or firewall without the user knowing. This Trojan type is normally combined with another type of Trojan as a payload.
7) DoS Attack Trojans :- These trojans are used by the attacker to launch a DoS/DDoS attack against some website or network or any individual. In this case they are well known as "Zombies".
How Trojan Works ?
Trojans typically consist of two parts, a client part and a server part. When a victim (unknowingly) runs a Trojan server on his machine, the attacker then uses the client part of that Trojan to connect to the server module and start using the Trojan. The protocol usually used for communications is TCP, but some Trojans' functions use other protocols, such as UDP, as well. When a Trojan server runs on a victim’s computer, it (usually) tries to hide somewhere on the computer; it then starts listening for incoming connections from the attacker on one or more ports, and attempts to modify the registry and/or use some other auto-starting method.
It is necessary for the attacker to know the victim’s IP address to connect to his/her machine. Many Trojans include the ability to mail the victim’s IP and/or message the attacker via ICQ or IRC. This system is used when the victim has a dynamic IP, that is, every time he connects to the Internet, he is assigned a different IP (most dial-up users have this). ADSL users have static IPs, meaning that in this case, the infected IP is always known to the attacker; this makes it considerably easier for an attacker to connect to your machine.
Most Trojans use an auto-starting method that allows them to restart and grant an attacker access to your machine even when you shut down your computer.
How Trojan Horses Are Installed ?
Infection from Trojans is alarmingly simple. Following are very common ways to become infected that most computer users perform on a very regular basis.
- Software Downloads
- Websites containing executable content (ActiveX control)
- Email Attachments
- Application Exploits (Flaws in a web applications)
- Social Engineering Attacks
The Removal :-
Antivirus software is designed to detect and delete Trojan horses ideally preventing them from ever being installed.
Subscribe to:
Posts (Atom)