There are several hacking methods used by hackers. Here I am discussing about
some of the most common hacking techniques used by hackers to compromise
Windows machine or to hack your account passwords.
Trojan
Horse/RAT Tools
Many of you may have seen your antivirus software
detecting Trojan horses from your PC.What are these things?.
Trojans is a program that appears to perform a desirable and necessary
function but because of hidden and unauthorized code, performs the functions
Unknown and unwanted by the user.
Type of Trojans
1. Remote Administration Trojans: There are Remote Access Trojans which
are used to control or monitor victim's computer.
2. Data Stealing Trojans: Then there are Data Sending Trojans which find
the data on the computer and send it to the attacker automatically.
3. Security Disabler Trojan: There are Security software disablers
Trojans which are used to disable antivirus software
Majority of Trojans has the capability of Remote Administration.
Some example of these Trojans is . Beast,Netbus,Pro Rat,Sub Seven etc.
How do they work.
A Trojan horse program will contain two parts one is the client part and
the second is the server part. Client part is the one which we get while
Downloading a Trojan horse program.Using this we create a server application
Which is used to install on the victim’s machine.Once the installation is
Successful the client will communicate with the server and the connection is
Established.
While creating a server program ,we can set many options that the
program is intended to perform in the victim's machine. We can define the email
id to which the server send the victim's Ip address and port details.We can
configure the server so that after succesfull installation it will send all the
keystroke,Screenshot,Even webcam videos from the victim’s machine to the
Hacker’s email id.Some Trojans allows the hacker to remotely execute commands in
the victim's machine.
Once the hacker get the system details from the server program the rest
is simple .They just need to input the ip address into the client program and
start hacking. The hacker can gain access to the victim's Desktop and do
whatever he wants to do (including file transferring) without the knowledge
Of the victim.
How to do they get into your system?
For this attackers commonly use 2 methods. 1 . Direct Installation 2. Remote installation .
The first method is relatively harder.In this method the hacker directly
installs Trojan horse in the victim's computers.These kind of attacks usually
comes from people who have physical access to the the victim's computer.It can
be either a co-worker ,a friend or anyone .
The second method is Remote installation by targeting a particular victim.
The stages of hacking can be divided into 3 .
1st stage.
Choosing the target.The hacker chooses a target ,Usually the target will
be a Facebook friend ,Chat friend, colleagues etc..
2nd stage
2nd stage is collecting maximum information.Here social
engineering plays some roles.The hacker collects the maximum amount of
information about the target ,which includes his favorite things ,His computer
details, Antivirus used etc etc.
3rd Stage
3rd stage is the planning .In this stage the hacker
plans the method of deploying the Trojan horse program based on the information
he collected . For example if his target is a game lover he will try to deploy
the Trojan along with a game installer. So that he can make sure that the
target will execute the Trojan in his machine.Also using the security
Information's collected in the above stage the hacker will plan about bypassing
the victim's Computer security.
Let's go into a little more details ..In this stages some other tools will
come in to scene which help the hacker to execute the attack.The most commonly
used tools are Crypters and Binders.
What is a Crypter?
Crypter is a software that encrypts/hide the virus program so that they
are not detected by the antivirus.The crypters will encrypt your virus code
into something unreadable and thus hide the source code .Crypters are of two
type ie FUD (Fully undetectable) means no antivirus will be able to detect the
crypted file and UD (Undetectable) means a very few antivirus may detect your
file .So by collecting the security information of the victim the hacker may
use different crypters and test it with AV scan to make sure that it will
bypass the antivirus software.Free and paid crypter softwares are easy
Available in the internet.
Eg:Steal Cypter
What is a binder ?
Binder is a program used to bind two executables together.As we said
earlier if the Victim is a game lover .Hacker will bind his Trojan server
program with a Game installer .So when the victims run the game installer ,in the background the Trojan will also get installed..
Some binders allow to wrap the Trojan program along with the non
Executable file like an image file
.
Eg:Easy Binder
Final Stage
So finally hacker has a Trojan server program which has been crypted to
by pass AV detection ,which has been binded with some other files.The next step
is just the delivery of the file to the victim’s computer.
The hacker may use the following modes of transmission
1.Chat
2.Web Download
3.Email Attachment
4.Physical Drive
5.Network Share
The victim will install the Trojan and the hacking is done.The hacker can
now do whatever he wants in the system.
Detection
and Removal of Trojan Horse
Symptoms of Trojan attack.
1.Slowness of PC
2.Program starting and initiated without user knowledge.
3.Unwanted sites getting opened in web browsers
4.Any action that is suspicious or not initiated by the user can be an
Indication of a Trojan attack.
1.Always use an Updated AV and Anti Spyware software.
2.Use
Firewalls to increase the security.
3.Always
Update your windows system.
4.Always
scan your web and email downloads.
We
can also use a process monitoring software to find an unwanted process in the
System.
We will update more techniques in the coming days ..
Posts
