The Web    Google
AntiOnline Spotlight: Trojan Force

AntiOnline Spotlight: Trojan Force
April 1, 2004

AntiOnline: Maximum Security for a Connected World

Most hackers (and crackers) take pride in their intimate knowledge of software and systems. To most, the mere notion that they would employ trojans, backdoors or most software "aids" to gain access to remote systems is an affront to their talents and skill sets.

Still, trojans are being used to allow attackers free reign on networks and leach valuable data from PCs and servers. "True" hackers may not be using them, but someone is.

The debate, however, bears little relevance to administrators. Whether it's hackers, crackers or the oft-maligned script kiddies, administrators owe it to themselves and the safety of their networks to know what these tools are capable of and how to keep an eye out for them.

Don't let your network succumb to the whims of outsiders! See what AO members have to say about trojans.

Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.

This week's spotlight threads:
Can anybody hack without using Trojans?

alaedin wonders if hacks are possible without the use of trojans...

Can a hacker hack a PC without putting a Trojan in it?
Actually, yes. But an understanding of trojans, and what hackers and security folks think of them, is a good conversation starter. i2c tells the group:
Trojans are just tools so the "hacker" (I prefer the term cracker) doesn't have to get to involved with low-level stuff. Take, for example, sub7 (sends shivers down my spine even thinking of the l33t people that use it... muuhahaha!); you can delete, add and copy of files. Then there are other features such as remote desktop stuff. It's basically a nasty RAT (remote admin tool).
Sgear17 elaborates...
Trojan users are referred to as crackers or script kiddies, lamers, etc., which use downloadable software on the 'net that may aid them. A real hacker doesn't use trojans, but uses knowledge to bypass the computer. They think like computer and go inside the computer with the use of vulnerabilities.

...Using a firewall will protect you from those kinds of attackers will work only if it is properly configured. If you use a well-known firewall, for example, but don't know how to configure it, the firewall may help point the attacker to the weaknesses your system.

catch has the following to say:
Most attackers use root kits to carry out their objectives.

Root kits tend to be defined as a suite of tools containing the following four elements:

1. Vulnerability scanner/exploiter (break in and install).
2. Tools to hide itself (run undetected, hiding network connections an all future attacker related changes to the system dynamically).
3. Backdoor(s) (assure future access).
4. Custom system components (prevent discovery via altered ls, md5sum, tripwire, ls, du, etc).

Although these tools can be more or less completely automated, they don't qualify as trojans in the strictest sense of the word since no cooperation is required by the target system's custodian/user.

Item 4 of the root kit would contain trojans of sorts, since the programs are evil under the guise of being normal utilities. This type of automated suite is most effective as it gives the attacker tremendous speed and gives the attack a high level of predictability.

I don't pretend to know the definition of "a real hacker," but I do know that efficient attackers, be they malicious or pen testers, take care to utilize the tools available to them without pride or elitism concerns.

A pen tester, in case you don't already know, refers to a penetration tester.

Are attackers pouring into your systems via those nasty trojans? Join this discussion by clicking here.

What is AntiOnline?

AntiOnline (AO) is home to many of the most popular network security discussion forums online. Here, participants engage in candid, thought-provoking and enlightening exchanges on the latest hazards and how to protect your systems against them.

We invite you to join the AO community (it's free!), share your wisdom and learn a few things in the process.

  • 12/8: Maslan-C Worm Spreads By Email
  • 9/2: Trojan Yipid Sends Chinese Email
  • Worldwide Security Server Appliance Market Hits $379 Million
  • IM Threat Center Formed
  • 9/3: Worm Ends Antivirus Processes
  • DOJ Scores First Criminal P2P Convictions
  • Simplifying SCM with Appliances
  • 12/7: Banker-BG Trojan Targets Brazilian Banks
  • Sender ID: Phishing Solution or Another Problem?
  • ISPs Band Together Against Spam
  • 10/21: Rbot-NG Worm Spreads Remotely
  • Security Camera Product