Commonly referred to as remote access Trojans or R.A.T.s. It is a program that gives a hacker or cracker more power over your computer than you may have. Trojans can be very small in size, as little as 8 kb, and can be hidden inside other executables.
How does a Trojan work?
First the Trojan must be delivered to your computer. This can be accomplished in many ways, through an e-mail worm, or hidden in another executable program like an mp3 song or a free game or picture. Running the program installs the Trojan on your computer. The Trojan is really two programs in one. The first part is called the "client" and is used by the hacker to control the victim’s computer. The client is not installed on your computer but on the hacker’s. The second part is the "server" and it is installed on your computer. Once executed this "server program" will provide information to the client program upon request. This server program once installed hides itself on your computer and will run automatically every time you start the computer.
How can I get infected by a Trojan?
Trojans can be embedded in any executable file. The critical thing here is that the file must be executed to install the Trojan on your computer. Trojans can be sent via e-mail, ICQ, mIRC or IRCLE, FTP, Freeware or Shareware programs, mp3 and even movies.
How can I tell if I’ve got a Trojan on my system?
Many freeware or commercial software packages will let you scan your computer for known Trojan files or behavior, but one easy method is by looking at your computer’s open ports, ports used by the Trojan to accept incoming connections. One good and freeware tool that can do that is LPS – Local Port Scanner 1.2.2 that will scan for any given local port, has some built-in Trojan detection functionality. It will also let you scan a remote system (I’ll make a dedicated page on that later this week) and will log the output.
See the information below for a list of many of the known Trojan horses:
(Taken from http://www.simovits.com/trojans/trojans.html)
Your browser does not support inline frames or is currently configured not to display inline frames.
Looking for a TCP/IP port used by a Trojan?
Enter your information below. A port number, such as 80 in the port field, will display all services, Trojans and viruses that are known to use this port. Type sub in the ‘Data to Search For’ field, and all the services, Trojans and viruses with sub in their name will be displayed.
- Port Scanning with NMAP
- Quickly Find Local Open Ports Quickly Find Local Open Ports – GUI
- Quickly Find Remote Open Ports
- Quickly Find Remote Open Ports – GUI
- Trojan Ports List