Yahoo! Tips N Tricks: Trojan-pedia

Hi All ! I think we all know what I am going to talk about here ie. TROJAN. All must have faced one or more times infection of trojan. I don't think there is any solid way to save ourselves from these viruses / trojans. Anti-virus companies releasing new definitions hour by hour.Still all viruses are not detectable by all antiviruses.

There can be case that you might feel like someone is also watching your computer screen. Your mouse start moving itself, you are not able to shutdown your machine. Once you open task manager and switch to users tab you find 2 users are logged in to your machine.

There can be another case where you get up in the morning and check your office emails, but you are not able to open your mail, then you try to open another mail account and then another mail account and you find that passwords for all accounts have been changed suddenly and you are not able to log in.

There can be another case if you use internet banking, you do transactions using your computer. Some day you realize that very few amount has been transferred to some other account or you found that your account has been emptied.

These are few cases I have just discussed to tell you about the POWER of TROJANS. Trojan is powerful technique under which cyber crime is conducted.

So, basically what is trojan? How it works? How will you know that you are infected with a trojan ? Is there any way of gettting rid of these?

Ok. I will try to answer every question here.. Lets start with first part. What is trojan?
Trojan is a small program (malicious piece of software). It should be called as destructive programs which resides in your computer. It will promise to do something useful for you, but will do exactly the opposite. Like if you download a keygen to generate a key for some software ( means you are user of pirated softwares) , that keygen, not only generates a key but also launch a small server program on your machine, which sends your personal data to its owner.
So Trojan is a program which is shown as helpful to you but in the end do the damage to your machine( some times more than that).

Do you know why a trojan is called a trojan ?
Actually, there is a small story behind it. The term comes from Greek mythology about the Trojan War, as told in the Aeneid by Virgil and mentioned in the Odyssey by Homer. According to legend, the Greeks presented the citizens of Troy with a large wooden horse in which they had secretly hidden their warriors. During the night, the warriors emerged from the wooden horse and overran the city.

Let's see how a trojan works.
If you think of trojan. It is very simple program. One part of software(server/client) is working on your machine which is sending the data to its another part of software(client/server). They are just exchanging information over the internet. But the problem is that data belongs to you and you have no info that your data is being sent over the network.
A trojan program comes in 2 parts ie . SERVER and CLIENT.

SERVER is a program which is used to create services means to sends the data to its client from your machine.
CLIENT is a program which is used to receive the data which is being send by its server program.

Now any of these two can be installed on your machine depending upon the type of trojan. Yes, there are different types of trojans. Trojans are categories now a days according to their working and behavior. I will tell you later about these categories.
I have already told that trojan behave like a friendly program then do the damage. usually some hackers attach a trojan program with some useful softwares. Whenever you install a friendly program on your machine, a harmful program (trojan) is also installed.
Official working style of trojan is:
Trojans usually consist of two parts, a Client and a Server. The server is run on the victim's machine and listens for connections from a Client used by the attacker.

When the server is run on a machine it will listen on a specific port or multiple ports for connections from a Client. In order for an attacker to connect to the server they must have the IP Address of the computer where the server is being run. Some trojans have the IP Address of the computer they are running on sent to the attacker via email or another form of communication.

Once a connection is made to the server, the client can then send commands to the server; the server will then execute these commands on the victim's machine.

Today, with NAT infrastructure being common, most computers cannot be reached by their external ip address. Therefore many trojans now connect to the computer of the attacker, which has been set up to take the connections, instead of the attacker connecting to the victim. This is called a 'reverse-connect' trojan. Many trojans nowadays also bypass many personal firewall installed on the victims computer (eg. Poison-Ivy).