A white paper published by McAfee in 2005. All citations and credits for any part or content should be for McAfee. McAfee however holds no liability for any thing in this blog since this blog is created by a third party without their express consent. This blog is created for academic purposes only.

Trojan Horses and Bots

In the often repeated story of the Trojan horse used to get inside and attack the fortified and well-defended city of Troy from within, invaders used something that was seemingly benign as a vehicle for the attack: a large wooden horse. Similarly, Trojan horses of the information security world are seemingly benign programs that attack computer systems from within.

Once inside the computer, a Trojan program commonly replaces key system files and/or programs with malicious versions of the same. When these programs are executed, they perform their predetermined destructive activities, and users are powerless to stop them.
For example, an attacker may replace one of the Windows operating system dynamically linked libraries (DLLs) with a malicious version. DLLs are program files that Windows calls on to perform various tasks. An attacker may replace one of these DLLs with a Trojan horse version that does everything the normal DLL did, and a little more. That little more may be any number of things, from reformatting the hard drive to stealing credit card numbers.

In recent months, spyware and potentially unwanted programs have begun to wreak more havoc than worms or viruses. Although often unseen at first, PC users, particularly users connecting to the Internet from home, have increasingly noticed that their PCs are becoming slower and programs are crashing more often. In many cases, their PCs have become almost useless, because the memory and the processing power of the machines is taken up trying to send their private information from their PCs to the Internet. Or they are fighting off a myriad of unwanted spam advertisements that pop up onto their computer screens and advertise goods from all over the world. Most annoying of all, is the advertisement that continuously announces to and reminds the frustrated user that their PC now has a potentially unwanted program and they should purchase a particular software solution to clean it up.

Recently, hackers have utilized the distributed resources of thousands of Internet-connected PCs to launch Denial of Service (DoS) attacks against unlucky targeted organizations or servers. This is done by the master hackers who deposit their software code by Trojan horse onto the PCs, which then register with their host and await further instructions as to when and how to launch an attack. At a time chosen by the master hacker, the PC robots (bots), under external control, will launch their code and attack the designated target from the unwitting residential owner’s PC. This way, the master attacker remains anonymous, but thanks to the unprotected home user, can utilize the resources of thousands of computers around the world to achieve his goal.
Subscribe to: Posts (Atom)