Trojans entering through the two parts, namely the client and server. When the victim (unknowingly) runs the computer, then the attacker will use the client to connect to the server and start using the trojan. TCP / IP is the protocol type that is commonly used for communication. Trojans can work properly with this type of protocol, but some trojans can also use UDP protocol properly. When the server starts executing (on the victim's computer), Trojan usually try to hide somewhere in the computer system, then start "listening" on a certain port to connect, and modify the registry or by using another method that is method autostarting. The important thing is to be known by the attacker knows the IP address of the victim to connect the computer to the victim's computer. Many variants of Trojan has the ability to send the IP address of the victim to the attacker, such as ICQ and IRC media. It is used for victims who have
Trojan Detection Dynamic IP address, which means every time you connect to the Internet got a different IP address. For users who use Asymmetric Digital Suscriber Line (ADSL) means always using a fixed IP address (static) so easy to know and easy way to connect with a computer attacker [8]. Most Trojans use the method auto-starting, the Trojan will be automatically activated when the computer is turned on. Although the computer is turned off and then turned on again, the Trojan is able to work again and again the attacker access to a victim's computer [8]. New auto-starting methods and other tricks have been discovered since the beginning. This Trojan type of work ranging from trojan connection into several executable files that are often used eg explorer.exe and then modify system files or Windows Registry. System files are placed in the Windows directory. From this directory the attacker carry out an attack or misuse. Abuse of the attacker through the file system is as follows [8]. • Autostart Folder. Autostart folder in the location C: \ Windows \ Start Menu \ Programs \ Startup and in accordance with its name will work automatically bagia system files stored in folders. • Win.ini. Windows system file using load = and run = trojan.exe trojan.exe to run the Trojan. • SYSTEM.INI. Using the shell = explorer.exe trojan.exe. This is caused by the execution of each file after running explorer.exe. • Wininit.Ini. Most of the setup program using this file. Once executed it becomes auto-deletes, consequently Trojan very nimble or quick to return to work.
Trojan Detection Dynamic IP address, which means every time you connect to the Internet got a different IP address. For users who use Asymmetric Digital Suscriber Line (ADSL) means always using a fixed IP address (static) so easy to know and easy way to connect with a computer attacker [8]. Most Trojans use the method auto-starting, the Trojan will be automatically activated when the computer is turned on. Although the computer is turned off and then turned on again, the Trojan is able to work again and again the attacker access to a victim's computer [8]. New auto-starting methods and other tricks have been discovered since the beginning. This Trojan type of work ranging from trojan connection into several executable files that are often used eg explorer.exe and then modify system files or Windows Registry. System files are placed in the Windows directory. From this directory the attacker carry out an attack or misuse. Abuse of the attacker through the file system is as follows [8]. • Autostart Folder. Autostart folder in the location C: \ Windows \ Start Menu \ Programs \ Startup and in accordance with its name will work automatically bagia system files stored in folders. • Win.ini. Windows system file using load = and run = trojan.exe trojan.exe to run the Trojan. • SYSTEM.INI. Using the shell = explorer.exe trojan.exe. This is caused by the execution of each file after running explorer.exe. • Wininit.Ini. Most of the setup program using this file. Once executed it becomes auto-deletes, consequently Trojan very nimble or quick to return to work.
0 comments: on "Trojan Detection"
Post a Comment