Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking Tips (http://www.go4expert.com/articles/ethical-hacking-tutorials/)
-   -   Viruses and Trojan Horse (http://www.go4expert.com/articles/viruses-trojan-horse-t13079/)

GreenGrass 20Aug2008 06:37

Viruses and Trojan Horse
 

Viruses:



The definition on a virus will be it will copy itself in large numbers on the victims’ computer. This can might have many effects how the computer will act to this changes made by a program. It can slow down the performance and it will use up memory of the computer to new processes so aren’t good at all. Also for a virus it’s very important to load into the memory of the computer when it boot-ups. They are also using many different tactics to hide from the Anti Virus Software’s. They will normally cause a lot of havoc on the computer it is running on.

Boot Sector Viruses:



The virus will be execute while the computer is starting up this allow the virus to move into memory right away when the computer is active they will also overwrite or remake an new copy of themselves to boot sector again it will also point to a new virus file so it will load again when the computer start-up again. This is the basic example of how a virus will try to stay alive. When the virus files into the memory it can keep infect other files on the hard drive.

Program Viruses:



This is a virus so is included into a program you may download from the internet they can be find in different sharewares around the World Wide Web. They are designed to load into the memory when the program are being executed. They can only make a lot of copies of themselves to different locations. Or they might infect specific file types like *.exe *.sys *.com. Most Program viruses are made the to useful programs so the user shouldn’t accept it to be virus. They may also delete or corrupt files on the system. This virus load into the memory only when the program is executed.

Multipartites Viruses:



This is a virus so more advanced than the other to types I explained here. They will have the same effect as the both viruses anyway. The virus will be downloaded from the internet they user believe it is a useful program but instead it will try to do weird actions on the victims’ computer. When the executable file is executed it will copy itself to MasterBootSection. This will say when computer bootup the virus will go straight into the memory of the computer. When that happened it will replace or copy more files to the computer so will have link to start-up in the memory of the computer. It will also infect specific files types on the computer. It can also corrupt and damage data on the computer to the victim.

Stealth Viruses:



As the name say this is a virus so is really tricky for virus scanners to detect since its using several methods to hide themselves away from the scanners. It can also deny access to the files they are hiding in. They are also allowed to hide in program so are virus free to avoid detection. Some of them can even move out off the computers memory for an amount of time to avoid scanners. Also it can change the size of the files its hiding in to pretend the file is nothing wrong with.

Polymorphic Viruses:



This virus type is one of the most difficult viruses for Anti-Virus Scanners to detect this is for when the file is executed on the victims computer the go into the memory link themselves to start-up when the computer start-up the programs. When it infects files on the computer they are allowed to change the virus signature so it can avoid virus detecting. Also critical parts of the virus might also be encrypted so it can avoid detect. Signature is needed for virus scanners to detect the specific virus

Macro Viruses:



This will indicate that the virus is an evil code so can hide in applications you download from the internet or it can be in documents. The viruses are designed to make a lot of havoc on the victim’s computer. They are typed into Visual Basic Application. This will also say that it is typed into advanced Visual Basic. The will try to delete and destroy data on the computer.

Trojan Horse:



This is a program so will pretend to be something so will help your computer but it will in the reality harm it in many ways. All Trojan horses are really "RATs" this will say that it open an back door on the victims computer so an attacker from a remote computer will gain access to all your files on your computer they can also control Software and Hardware functions on your system. In many Trojans they have also included Key loggers so will record all keystrokes you take on your computer. Since they have control of all the functions of the computer they may also use your computer to attack other systems on for avoid detection.

How does the Trojan Work:



First so will happened is you must find a way to infect the system of the target this can be done in several ways... You can for example send it through E-Mail or Instant Messenger. It can also be done by attach the server file by insert it to a legally file like a *.jpg to hide it. When it is installed it will start a server on the remote computer and open a port for the Attacker to come through. When the user is online it will alert the Attacker. So he knows when he can strike the user. Normal action of an attacker at this point is to take away all function to a system so are useful to take away the Trojan Horse like security and stuff like that.

How to Detect Trojan Horses:



This can be very easily done just go to command prompt and type "netstat -n" you will now see a list with open ports on your system if you find a port you might think is a Trojan you can simply search for Trojan port list in your internet browser. Another thing you should take a look at all the Trojan Horses are normally loading into the memory of the computer while it’s booting up. So you should check for files so boot up while windows boot. You should go into the registry to different paths like this: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run" take away the files you don't want to boot up at start-up. If you find any "temp" files take them away since no temp files should be executed into memory while windows start this will normally indicate that you are infected with a virus.

pradeep 23Sep2008 19:18

Re: Viruses and Trojan Horse
 
How do we detect and remove a root-kit?

neo_vi 9Oct2008 16:54

Re: Viruses and Trojan Horse
 
Quote:

Originally Posted by pradeep
How do we detect and remove a root-kit?

Use AVG anti root-kit ! Now a days most of the AV's will find the root kits.

NDL 20Oct2008 15:08

Re: Viruses and Trojan Horse
 
Quote:

Originally Posted by neo_vi
Use AVG anti root-kit ! Now a days most of the AV's will find the root kits.

ya true but i suggest that always been alert is good

Storm_Rider 25Oct2008 23:44

Re: Viruses and Trojan Horse
 
Ceep Up:)


All times are GMT +5.5. The time now is 05:58.