|
After learning the basics of computer internet-related security, I realised that there were a lot of misconceptions about the different types of security vulnerabilities and exploitation methods. In a series of articles I intend on correcting these misconceptions and even maybe educating some newer internet users. There are a lot of experienced internet users who, for some reason or another (I wont even attempt to go into the psychology behind it), be it for personal gain or not, will try to gain unauthorised access to other computers connected to the internet. This is fact. Internet users should be aware of the methods that they employ to do this so that they may protect themselves against such attacks.
The TROJAN: Also referred to as a "Backdoor Troan" or a "Trojan Horse" this is a software package designed for the purpose of obtaining control over a remote (another) computer. There are many Trojan packages available on the internet. These include SubSeven, OptixPro, C.I.A and many MANY others. The packages consist of two main components - the Client and the Server program. In order for the attacker to gain access to your machine, they have to some how get you to download the server part of the program. There are a few ways in which an attacker might try to get this server part of the package on to your computer. Some examples are: 1. Creating a website from which you may download this server. The attacker might disguise the download as being something different. You might think you are downloading a program to speed your computer up for example, when infact you are allowing other internet users access to your machine. 2. Social Engineering - If you use chat programs like MSN Messenger, AOL Instant Messenger (AIM) or Yahoo Messenger (there are more) then you may come into verbal contact with a hacker. This person will try many social engineering techniques to get you to accept and open file(s) from them. Once you have accepted the server file and opened it then you have allowed them to access your computer. If an attacker has managed to get another internet user to open their specially crafted server file then they will be able to access the remote computer with the client part of the trojan package. Once the server has been opened on a system, it has been what is called executed. The victim will not notice that this has been done in many instances. Some specially crafted server files will display a fake error message to misguide the victim into thinking that an error has occured, and that's why nothing is happening after opening it. In actual fact, the server program has been executed and is now running on the victims computer. This server, if designed correctly by the attacker, will remain on the victims system and re-open every time their system starts up. This gives the attacker access to the victims computer every time they go online. Once the attacker has connected to the victim they may perform many tasks according to the design of the trojan. For example, just some of the things SubSeven allows an attacker to do are: View your screen (Screencapture), your webcam (if you have one), monitor all your keypresses on your keyboard, grab passwords from your machine, download files, upload files, delete/rename/move files, open new programs on your computer, close programs, send you messages, turn your monitor off, open your cd drive. These can be potentially dangerous to an internet user who purchases things online or has sensitive data stored on their computer. To avoid being a victim of this method of hacking there are some steps you can take. Install an UP-TO-DATE antivirus on your computer. Anti-virus companies are aware of most of the trojans out there and design their software to prevent you from opening a file which may allow an attacker to gain entry to your computer. Do not accept files from people on the internet. If you must accept a file then check that it is of the correct extention ie. If someone says that they are sending you a picture of themself to you and the file that you are being sent is something like "MyPic.EXE" then do not accept it as the .EXE extention indicates that the file is an executable and not a picture. Most picture files end in .JPG or .GIF or .BMP there are others also. There are 3 main extentions to look out for though there may be more that I am not aware of - EXE, SCR and CMD. It is not to say that all files ending in these extentions are trojans. Any program that will run on your computer usually ends in .EXE and your screensaver if you have one is SCR. If you have a firewall then it may prompt you as soon as you open the server file. It may say some thing like "Do you wish to allow MyPic.EXE to act as a server program on port 27374". Although, many trojan servers will rename themselves once opened and some will even damage your firewall to the extent that it does not function preoperly anymore.
Related Items:
|
