 |
 Trojan Horses: How Can I Get Infected?
by Dancho Danchev
the author of "The Complete Windows Trojans Paper".
Physical access
A lot of people out there can't differ various ways of infection just because in their minds the only way of getting infected is by downloading and running server.exe and they will never do it as they say. As you'll read here, there
are many more ways for malicious attackers to infect your machine and start using it for illegal activities. Please take all of these topics I'm reviewing here really seriously; read them carefully and remember that prevention is way better than the cure!
Physical access is vital for your computer's security. Imagine what can an attacker do while having physical access on your machine, and let's not mention if you're always connected to the Internet and leave the room for several minutes... long enough to get you infected. Here I'll point you several scenarios, often used by attackers to infect your computer while
they're having physical access to your machine. There are some very smart people out there that keep thinking of new ways of getting physical access to someone's computer. Here are some tricks that are interesting:
- Your "friend" wants to infect you with a trojan and he/she has physical access to your machine. Let's say you were at home surfing the net, chatting or whatever. Suddenly your "friend" asks you for a glass of water, knowing that you'll go in another room and will be away for 1 or 2 minutes. While you do that he/she takes out a diskette of the pocket and infects your unprotected PC. You came back and everything is OK because your "friend" is doing exactly the same thing before you left
...surfing the net.
- The next example is when 2 guys want to take revenge on you cause of something and are supporting each other to accomplish the task. Again you are at home with your "friend", surfing, chatting, whatever you're doing; suddenly the telephone rings and a "friend" of yours wants to speak with you for something that is really important. He/she (it's better to be she in this case) asks "Is there anyone around you? If so,please move somewhere away from him/her(after knowing it is him or her,of course). I don't want anyone to listen what I'm going to tell you". The victim is again lured away from the computer, leaving the attacker to do whatever he/she wants on the target computer.
- Other approaches like the previous ones might be sudden ring on the bell, as well as other variations of phone calls and conversations leaving the attacker alone with the victim's computer. There are so many other possible approaches; just think for a while and you'll see what I mean and how easily you could be tricked, and it's because you're not suspicious enough when it is about your sensitive computer data.
- Another way of infecting while having physical access is the Auto-Starting CD function. You've probably noticed that when you place a CD in your CDROM, it automatically starts with some setup interface; here's an example of the Autorun.inf file that is placed on such CD's:
[autorun]
open=setup.exe
icon=setup.exe
So you can imagine that while running the real setup program a trojan could be run VERY easily, and as most of you probably don't know about this CD function they will get infected and won't understand what happened and how it's been done. Yeah, I know it's convenient to have the setup.exe autostart but security is what really matters here, that's why you should turn off the Auto-Start functionality by doing the following:
Start Button->Settings->Control Panel->System->Device Manager->CDROM->Properties->Settings
and there you'll see a reference to Auto Insert Notification. Turn it off and you won't have any problems with that function anymore.
I know MANY other variations of physical access infections but these are the most common ones so pay attention and try to make up several more by yourself.
When the victim IS connected to the Internet:
Here we have many variations; again, I'll mention the most common ones. While the attacker is having physical access he/she may download the trojan.exe, using various ways just by knowing how various Internet protocols work.
- A special IRCbot known only to the attacker is staying in IRC with the only function to DCC the trojan.exe back to the attacker whenever he/she messages the bot with a special command. The victim will probably be away from the
computer.
- The attacker wants to download some specific software like new version of some programs infected with trojan(s), of course, and visit some URL, known to him/her only, and download the trojan.
- The attacker pretends he/she wants to check his/her (web based) mail (for example, at Yahoo! or HotMail) but in fact has the trojan.exe stored in his/her mailbox and just downloads and executes the file, hereby infecting the computer. The mail service is used as a storage area, in this case.
There are many more ways of infecting the victim while connected to the Net, as you can imagine. Any of these examples will succeed but it all depends on the victim's knowledge of the Internet and how advanced his/her skills are, so the attacker needs to check these things somehow before doing any of these activities I pointed here. After that, the attacker will be able to choose the best variant for infecting the victim and doing the job.
Previous | 1 | 2 | 3 | 4 | 5 | 6 | Next
|
|
