What is trojan?
Trojan is a program installed on computers usually without the owners permission or knowledge and are used to gain access by unauthorised people to the computer.
Trojans appear to be safe, but they often hide malicious computer code that can spread a virus or worm.
Trojans can sit harmlessly on a computer until the hacker activates it and gains access.The term comes from the a Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.
How do trojans work?
Trojans typically consist of two parts, a client part and a server part. When a victim (unknowingly) runs a Trojan server on his machine, the attacker then uses the client part of that Trojan to connect to the server module and start using the Trojan. The protocol usually used for communications is TCP, but some Trojans' functions use other protocols, such as UDP, as well. When a Trojan server runs on a victim’s computer, it (usually) tries to hide somewhere on the computer; it then starts listening for incoming connections from the attacker on one or more ports, and attempts to modify the registry and/or use some other auto-starting method.
It is necessary for the attacker to know the victim’s IP address to connect to his/her machine. Many Trojans include the ability to mail the victim’s IP and/or message the attacker via ICQ or IRC. This system is used when the victim has a dynamic IP, that is, every time he connects to the Internet, he is assigned a different IP (most dial-up users have this). ADSL users have static IPs, meaning that in this case, the infected IP is always known to the attacker; this makes it considerably easier for an attacker to connect to your machine.
Most Trojans use an auto-starting method that allows them to restart and grant an attacker access to your machine even when you shut down your computer. Trojan writers are constantly on the hunt for new auto-starting methods and other such tricks, making it hard to keep up with their new discoveries in this area. As a rule, attackers start by “joining” the Trojan to some executable file that you use very often, such as explorer.exe, and then proceed to use known methods to modify system files or the Windows Registry.
Categories of trojans
Trojans are broken down in classification based on how they breach systems and the damage they cause. The seven main types of Trojan horses are:
Remote Access Trojans
Data Sending Trojans
security software disabler Trojans
denial-of-service attack (DoS) Trojans