Remote access Trojans

These are probably the most publicized Trojans, because they provide the attacker with total control of the victim's machine.

Examples are the Back Orifice and Netbus Trojans.

The idea behind them is to give the attacker COMPLETE access to someone's machine, and therefore full access to files, private conversations, accounting data, etc.

The Bugbear virus that hit the Internet in September 2002, for instance, installed a Trojan horse on the victims'machines that could give the remote attacker access to sensitive data.

The remote access Trojan acts as a server and usually listens on a port that is not available to Internet attackers.

Therefore, on a computer network behind a firewall, it is unlikely that a remote (off-site) hacker would be able connect to the Trojan (assuming that you have blocked these ports, of course).

HOWEVER, an internal hacker (located behind the firewall) can connect to this kind of Trojan without any problems.

_________________________

Comments

What is Port (computer networking)

In the internet protocol suite, a port is an endpoint of communication in an operating system. While the term is also used for female connectors on hardware devices (see computer port), in software it is a logical construct that identifies a specific process or a type of network service. A port is always associated with an IP address of a host and the protocol type of the communication, and thus completes the destination or origination network address of a communication session. A port is identified for each address and protocol by a 16-bit number, commonly known as the port number. For example, an address may be 'protocol: TCP, IP address: 1.2.3.4, port number: 80', which may be written 1.2.3.4:80 when the protocol is known from context. Specific port numbers are often used to identify specific services. _________________________

What is a localhost ?

In computer networking, localhost is a hostname that means this computer. It is used to access the network services that are running on the host via its loopback network interface. Using the loopback interface bypasses any local network interface hardware. The local loopback mechanism is useful for testing software during development, independently of any networking configurations. For example, if a computer has been configured to provide a website, directing a locally running web browser to http://localhost may display its home page. On most computer systems, localhost resolves to the IP address 127.0.0.1, which is the most commonly used IPv4 loopback address, and to the IPv6 loopback address. _________________________

What is Back Door?

A back door is generally a piece of code intentionally left by the developer of the software or firmware that allows access without going through the normal security process. Back doors may also be the result of different malware/virus attacks that leave a method for remote, unsecured access into a device once the malicious code has been executed. _________________________

Learn Ethical Hackings

Search This Blog