TROJAN HORSE ATTACK-PART1
Have you watched movie Troy ? okay lets leave . Have your wallpaper ever changed automatically ? Have the programs ever started without your initiation ? Have the browser opened unexpected websites automatically ? Simply have you ever felt that someone else is controlling your computer ? NO ?
Congrats, you probably haven't been a victim of trojan yet :).
HISTORY BEHIND TROJAN HORSE(HISTORY)
It happened hundreds of years ago. Greece and Troy were at war. The Greeks had come in their ships to attack Troy. For ten long years, they besieged Troy but the Trojans would not surrender. There were strong and high walls around the city of Troy. No enemy could enter the city when the gates were closed. The Greeks made several attempts to break down the walls and the gates but failed each time. So, Greeks built a huge wooden horse and was placed on a large platform with wheels underneath. A few of the bravest Greek warriors including Ulysses hid themselves in the hollow stomach of the horse. When troys opened the gates and came out, they could only see the wooden horse left behind by the Greeks. They thought it was the idol of some Greek God. TROJAN HORSE
They gazed at the gigantic horse in admiration and excitement and soon dragged it into the city of Troy. The capture of wooden horse was, to them, a symbol of their victory over the Greeks. They began to celebrate their success with feasting and merry – making. “The danger is over, at last. We can sleep in peace now,” they said to one another. Late at night, they went to sleep.
At the dead of night, when the Trojan were fast asleep, the Greek warriors who were inside the stomach of the horse came out quietly. They opened the gates of the city for other Greeks to enter. The Greek ships which had pretended to sail away, now turned back quickly in response to the signal from their leaders inside Troy. Soon, thousands of Greek soldiers rushed into the city. They killed thousands of Trojans men, women and children. They burnt their houses and looted the city. Even before the Trojans were fully awake, their magnificent city was in ruins. Before they could realize what was happening, Troy was in the hands of Greeks.
Thus, the Greeks succeeded in punishing the Trojans for dishonorable act of refusing to hand over Helen to them. The architect of their great victory was brainy and wily leader Ulysses who brought the long-drawn war to close by a masterstroke of cunning and foul play.
1. Attacker creates an executable file of size in kbs. This is server part of trojan and mostly called as server.exe
It doesnt matter how attacker is connected to internet. Attacker can be connected to internet any of three means.
Victim is behind a router in this case. (havent inserted the picture of victim behind a network, imagine that )
2. Reverse Connection: In this method, attacker enters his own IP address in server part while configuring it .So when the server part is installed on victim's computer, it automatically makes connection with client part that is attacker. Also the firewall in victim's machine would not restrict to outgoing connections. Problem in this case is same that attacker's IP is also dynamic. But this can be over come easily. Attacker actually enters a domain name in server part which always points to his dynamic IP.
They gazed at the gigantic horse in admiration and excitement and soon dragged it into the city of Troy. The capture of wooden horse was, to them, a symbol of their victory over the Greeks. They began to celebrate their success with feasting and merry – making. “The danger is over, at last. We can sleep in peace now,” they said to one another. Late at night, they went to sleep.
At the dead of night, when the Trojan were fast asleep, the Greek warriors who were inside the stomach of the horse came out quietly. They opened the gates of the city for other Greeks to enter. The Greek ships which had pretended to sail away, now turned back quickly in response to the signal from their leaders inside Troy. Soon, thousands of Greek soldiers rushed into the city. They killed thousands of Trojans men, women and children. They burnt their houses and looted the city. Even before the Trojans were fully awake, their magnificent city was in ruins. Before they could realize what was happening, Troy was in the hands of Greeks.
Thus, the Greeks succeeded in punishing the Trojans for dishonorable act of refusing to hand over Helen to them. The architect of their great victory was brainy and wily leader Ulysses who brought the long-drawn war to close by a masterstroke of cunning and foul play.
A trojan horse is a remote administration tool(RAT). This is some thing extremely dangerous. A trojan gives the full control of victim's PC to the attacker.
A trojan has two parts . One is client part (Control Panel) and other is server part (meant to be sent to victim).
The basic methodology of using a trojan is as follows:-
1. Attacker creates an executable file of size in kbs. This is server part of trojan and mostly called as server.exe
2.Attacker might hide this server.exe behind any genuine file like a song or image. Attacker gives this file to victim and victim is supposed to double click on it.
3.As victim run that server part , a port on victim's computer gets opened and attacker can control his PC sitting remotely in any part of the world through the control panel(client part). Attacker can do anything with victim's computer remotely that victim himself can do on his computer.
Note: Now I am assuming that you know a little bit about IP addresses that is lan/internal/private and wan/external/public IP.
Two different methods of working of Trojan.
1. Direct Connection : In this method, after the server part has been installed on victim's machine, the attacker enters the public IP address assigned to victim's computer for making a connection to it. But limitations of direct connection is that public IP address is most probably dynamic and gets changed everytime one disconnects and reconnects. So attacker needs to find out IP address of victim each time.Moreover the incoming connection like this is usually restricted by firewall.
The main limitation of direct connection is that you can not access the victim who is behind a router or a network beacuse victim's machine is not assigned public/external/wan IP. It is only assigned private/internal/lan IP which is useless or meaningless for computers outside that network.The wan IP belongs to his router.
Victim is behind a router in this case. (havent inserted the picture of victim behind a network, imagine that )
2. Reverse Connection: In this method, attacker enters his own IP address in server part while configuring it .So when the server part is installed on victim's computer, it automatically makes connection with client part that is attacker. Also the firewall in victim's machine would not restrict to outgoing connections. Problem in this case is same that attacker's IP is also dynamic. But this can be over come easily. Attacker actually enters a domain name in server part which always points to his dynamic IP.
