Bill Williams (IT): Support Site
[home]
|
[profile]
|
[register]
|
[help]
|
[Contact Us]
Revise:
Note: You must be registered in order to post a Topic or Comment.
To register,
click here
.
Note: Only the poster of this message, and the moderator can edit the message.
Your UserName:
Your Passkey:
Forgot your passkey?
[Click Here]
Byline:
for Staff use.
Body Text:
For a guide to
embellishing
the text,
click
here
[h3]So what does a trojan malware program do?[/h3] Well first of all, like ET the Alien, it 'phones home', since the infections are scattered on the wind, the crim will not know that a computer has been infected until it calls home. Naturally the crims, make the call home as invisible as possible so a variety of techniques are used, to make the crims difficult to trace. One method is to use the IRC internet protocol, the original version of instant messaging (like Windows Live Messenger etc.). It's possible to use legitimate IRC servers, by sending to a specific user ID. The crim-user logs in to the legitimate IRC server from time to time and from a different IP address each time, so s/he cannot easily be traced. {the crims-actions are all automated of course}. The trojan sends the IP address(es) of its infected computer etc and a name etc and will probably try open any firewalls for particular ports. The cyber-crim then adds this computer to his database of infected computers or robots, collectively known as his BOTNET. The crim can then send programs to the trojan for the trojan to install in the infected computer. One of those programs could well be a keylogger program. This will record all keystrokes typed by the victim on his keyboard, so it is quite likely to contain internet addresses of banking websites etc and anything typed shortly there after is likely to be an account name and password. Banks try to prevent this working by asking for only part of a password, but a frequent on-line bank user will eventually have typed in many of the combinations and the whole password will be obvious over time. Another common program to be installed by the trojan is a spam mail relay program. The billions of spam emails are not nowadays sent from a few spammers locations (they would be found out and blocked) instead they are sent out by botnets. The botnet crim send a sample email and a big list of email addresses over the net to his slaved computers and each one will silently send out hundreds of thousands or millions of spam emails. The crim will of course use this to send out more infection emails to expand his botnet, but he will also rent out his botnet for sending more conventional spam such as the many adverts for Viagra. Other installed programs will search the files of the infected computer looking for valid email addresses for mor span and for any passwords in files. NB: Never name a file of passwords with an obvious name like passwords.txt and never include the word 'password' or 'key' or 'passkey' as headers or such within such a document. And never use any financial passwords on any other websites etc and always create a different password for each different financial situation. <enough for today. I will try explain more at a later date> If you want more right now read this white paper from Sophos http://web.sophos.com/sph/enterEmailAddress.jssp?PivotalWebId=sophos-security-threat-report-midyear-2010-wpna&FormName=White_Paper&lang=en&Resource=sophos-security-threat-report-midyear-2010-wpna&returnUrl=/security/whitepapers/sophos-security-threat-report-midyear-2010-wpna?action=lead_collected [a]http://web.sophos.com/sph/enterEmailAddress.jssp?PivotalWebId=sophos-security-threat-report-midyear-2010-wpna&FormName=White_Paper&lang=en&Resource=sophos-security-threat-report-midyear-2010-wpna&returnUrl=/security/whitepapers/sophos-security-threat-report-midyear-2010-wpna?action=lead_collected[/a] You have to 'sign-up' to download it {probably because Sophos would like to find the dumbest criminals who give out their contact info to read the report about their criminal activities. Revised on 10 Apr 2011
Check here to include your profile signature.
Check here Remember Details.
Go to Home Page