Part B - Micro-project Proposal

Title – Study any Trojan attack. Identify the Trojan attack.

1.0 Rationale

In our computer world, a Trojan Horse is a malicious security breaking program that is
disguised as something benign. For example, you download what appears to be a movie or
music file, but when you click on it, you unleash a dangerous program (Trojan horse program
is downloaded on your PC) that erases your disk, sends your credit card numbers and
passwords to a stranger, or lets that stranger hijack your computer to commit illegal attacks.
Nowadays there are so many Trojan Horses .These server-Trojans are installed on
somebody’s pc and person having that client-Trojan can access & control somebody’s pc
without his knowing. This may be dangerous. So computer users should know about Trojan
viruses and their potential harms to private data. Users should take care while installing
unknown software’s from internet. So this micro-project is totally based on such Trojan Horse
attacks and this research will be helpful to prevent such cyber-attacks.

2.0 Course Outcomes Addressed

a) Detect Network, Operating System and applications vulnerabilities.

b) Describe Ethical Hacking Process.
c) Compare Models of Digital Forensic Investigation.

3.0 Literature Review

The use of financial and banking Trojans against organizations and consumers alike is a
problem which is steadily growing, with frequent attacks being recorded against enterprise
organizations.
 Researchers from Kaspersky Labs revealed some interesting data relating to the use of
financial malware, which was detected in close to 900,000 attacks against users in 2018 -- an
increase of 16 percent in comparison to 767,000 attacks in 2017.
Banking Trojans, including BackSwap, Zeus, Emotet, and Gozi, focus on compromising
systems in order to create a persistent backdoor.

This backdoor is used to connect to a command-and-control (C2) server for the purposes
of data theft, including online account credentials and keylogs, potentially leading to bank
accounts being compromised and identity theft.

Zbot and Gozi are the most widely-used Trojans -- accounting for over 26 percent and 20
percent of attacked users respectively -- alongside SpyEye, which is attributed to 15.6 percent
of campaigns.
The cyber security firm said that the RTM banking Trojan (.PDF) has also been detected in
many of the recent attacks on record, leading to a spike in financial malware activity across
the globe.

4.0 Actual Methodology Followed

We have planned the micro-project on ‘Study any Trojan attack and Identify the Trojan
attack’ under the guidance of subject teacher. Then we have researched on different types of
Trojan Horses and their working for hacking purpose. We have studied how hackers uses
Trojan to access Computers and steal confidential information. Then we have collected some
samples of Trojan Horse and tested them against different antiviruses.
We have studied to detect and remove Trojan from computer. Also studied how to
prevent Trojan Horse attacks so that hackers will not damage or steal private data from any
organization or company. After research, we have prepared micro-project report and
included all the related information in this report.
5.0 Actual Resources Used

Sr. No Name of Resource Specifications Qty.

1 Laptop 4GB RAM- 10GB HD 1

2 Operating System Windows 10 x64 1

4 Antivirus Quick Heal Total Security 1

5 Trojan Horse Sample - 1

6.0 Outputs of the Micro-Project

 What is Trojan Horse?

A destructive program that masquerades as a benign application. Unlike viruses, Trojan

horses do not replicate themselves but they can be just as destructive. One of the most
insidious types of Trojan horse is a program that claims to rid your computer of viruses but
instead introduces viruses onto your computer.
 Trojan horses are broken down in classification based on how they breach
systems and the damage they cause. The seven main types of Trojan horses are:

 Data Sending Trojans

 Remote Access Trojans
 Destructive Trojans
 Proxy Trojans
 FTP Trojans
 security software disabler Trojans
 denial-of-service attack (DoS) Trojans

 Data Sending Trojan

A data-sending Trojan is a kind of Trojan virus that relays sensitive information
back to its owner. This type of Trojan can be used to retrieve sensitive data, including
credit card information, email addresses, passwords, instant messaging contact lists,
and log files and so on.
 Remote Access Trojan
A remote access Trojan (RAT) is a malware program that includes a back door
for administrative control over the target computer. RATs are usually downloaded
invisibly with a user-requested program -- such as a game -- or sent as an email
attachment. Once the host system is compromised, the intruder may use it to distribute
RATs to other vulnerable computers and establish a botnet.

Because a RAT enables administrative control, it makes it possible for the intruder to
do just about anything on the targeted computer, including:

 Monitoring user behavior through key loggers or other spyware.

 Accessing confidential information, such as credit card and social security
numbers.
 Activating a system's webcam and recording video.
 Taking screenshots.
 Distributing viruses and other malware.
 Formatting drives.
 Deleting, downloading or altering files and file systems.
RATs can be difficult to detect because they usually don't show up in lists of running
programs or tasks. The actions they perform can be similar to those of legitimate
programs. Furthermore, an intruder will often manage the level of resource use so that
a drop in performance doesn't alert the user that something's amiss.

 Destructive Trojan

A destructive Trojan is a virus designed to destroy or delete files. Destructive

Trojans have more typical virus characteristics than other types of Trojans but do not
always result in data theft.

Destructive Trojans may not be detected by antivirus software. Once a destructive

Trojan infects a computer system, it randomly deletes files, folders, and registry entries,
often resulting in OS failures. A destructive Trojan is usually in program form or
manipulated to strike like a logic bomb programmed and specified by the attacker.

 Proxy Trojan

A proxy Trojan is a virus which hijacks and turns the host computer into a proxy
server, part of a botnet, from which an attacker can stage anonymous activities and
attacks.

The whole point of a proxy Trojan is to hide the attacker, making it harder to trace
the true origin of an attack since the attacks will look like they are coming from random
and multiple directions because of the proxy bots.
 Security Software Disabler Trojan
A type of Trojan horse designed stop or kill security programs such as an
antivirus program or firewall without the user knowing. This Trojan type is
normally combined with another type of Trojan as a payload.

 FTP Trojan
An FTP Trojan installs an FTP server on the victim’s machine allowing the
attacker to gain access to sensitive data through the FTP Protocol. The Trojan opens
port 21 and makes it accessible to the attacker or a group of individuals. Some
password attacks can also be employed where only the attacker gains access to the
system. The system tries to download and upload files from the victim system. The
types of information affected include: Credit card information All types of
username and password information Confidential data Email addresses to
propagate Using the victim’s computer as a source for propagating other
attacks Securing a Computer Against Trojan Attack Anti-virus gateway protection
can be employed to detect Trojans incoming through HTTP, email or FTP.

 denial-of-service attack (DoS) Trojans

This type of malicious program is designed to conduct a DoS attack from an
infected computer on a pre-defined address.
Essentially, a DoS attack involves sending numerous requests to the victim
machine; this leads to a denial of service if the computer under attack does not have
sufficient resources to process all the incoming requests.
In order to conduct a successful DoS attack, malicious users often infect a
number of computers with this type of Trojan in advance (for example, as part of a
mass spam mailing.) As a result, all the infected computers will attack the victim
machine.
 Trojan Removal Tools:
 Malwarebytes
Malwarebytes is currently one of the known free anti-malware tools. Installation is
swift and straightforward. It even runs when the operating system is in Safe Mode. It
is relatively lightweight as well. Manual scans are not resource-intensive, too.
Malwarebytes also improve its user interface to be intuitive. Its real-time malware
blocking and malicious URL blocking is also quite useful.
  Quick Heal Total Security:

7.0 Skill Developed

We have studied:
1. To detect a computer infected by Trojan viruses.
2. To remove Trojan viruses securely from computer.
3. To prevent Trojan attacks.
4. Different types of Trojan viruses and their uses in hacking.
8.0 Applications of This Micro-project

1. This micro-project will be helpful as a guide for students.

2. It will be useful to detect and remove Trojan viruses.
3. It is also useful in digital forensic because many cyber-attacks are done
through Trojans.

9.0 Reference

 https://us.norton.com/internetsecurity-malware-what-is-a-trojan.html
 https://enterprise.comodo.com/example-of-a-trojan-horse.php
 https://www.scribd.com/doc/106785842/Trojan-Horse-Case-Study
 https://www.ikarussecurity.com/en/private-customers/download-test-viruses/