Trojan And Email Forging

1) Introduction To Trojan&viruses:
A Trojan horse, or Trojan, in computing is a generally non-self-replicating type of malware
program containing malicious code that, when executed, carries out actions determined by the
nature of the Trojan, typically causing loss or theft of data, and possible system harm. The term
is derived from the story of the wooden horse used to trick defenders of Troy into taking
concealed warriors into their city in ancient Anatolia, because computer Trojans often employ a
form of social engineering, presenting themselves as routine, useful, or interesting in order to
persuade victims to install them on their computers. [1][2][3][4][5]
A Trojan often acts as a backdoor, contacting a controller which can then have unauthorized
access to the affected computer.[6] While Trojans and backdoors are not easily detectable by
themselves, computers may appear to run slower due to heavy processor or network usage.
Malicious programs are classified as Trojans if they do not attempt to inject themselves into
other files (computer virus) or otherwise propagate themselves (worm).[7] A computer may host a
Trojan via a malicious program a user is duped into executing (often an e-mail attachment
disguised to be unsuspicious, e.g., a routine form to be filled in) or by drive-by download.

The Difference Between a Computer Virus, Worm and Trojan Horse

The most common blunder people make when the topic of a

computer virus arises is to refer to a worm or Trojan horse
as a virus.
One common mistake that people make when the topic of a computer virus arises is to refer to a
worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used
interchangeably, they are not exactly the same thing. Viruses, worms and Trojan Horses are all
malicious programs that can cause damage to your computer, but there are differences among the
three, and knowing those differences can help you better protect your computer from their often
damaging effects.

What Is a Virus?
A computer virus attaches itself to a program or file enabling it to spread from one computer to
another, leaving infections as it travels. Like a human virus, a computer virus can range in
severity: some may cause only mildly annoying effects while others can damage your hardware,
software or files. Almost all viruses are attached to an executable file, which means the virus
may exist on your computer but it actually cannot infect your computer unless you run or open

the malicious program. It is important to note that a virus cannot be spread without a human
action, (such as running an infected program) to keep it going. Because a virus is spread by
human action people will unknowingly continue the spread of a computer virus by sharing
infecting files or sending emails with viruses as attachments in the email.

What Is a Worm?
A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms
spread from computer to computer, but unlike a virus, it has the capability to travel without any
human action. A worm takes advantage of file or information transport features on your system,
which is what allows it to travel unaided.
The biggest danger with a worm is its capability to replicate itself on your system, so rather than
your computer sending out a single worm, it could send out hundreds or thousands of copies of
itself, creating a huge devastating effect. One example would be for a worm to send a copy of
itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself
out to everyone listed in each of the receiver's address book, and the manifest continues on down
the line.
Due to the copying nature of a worm and its capability to travel across networks the end result in
most cases is that the worm consumes too much system memory (or network bandwidth),
causing Web servers, network servers and individual computers to stop responding. In recent
worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to
tunnel into your system and allow malicious users to control your computer remotely.

What Is a Trojan horse?

A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after.
The Trojan Horse, at first glance will appear to be useful software but will actually do damage
once installed or run on your computer. Those on the receiving end of a Trojan Horse are
usually tricked into opening them because they appear to be receiving legitimate software or files
from a legitimate source. When a Trojan is activated on your computer, the results can vary.
Some Trojans are designed to be more annoying than malicious (like changing your desktop,
adding silly active desktop icons) or they can cause serious damage by deleting files and
destroying information on your system. Trojans are also known to create a backdoor on your
computer that gives malicious users access to your system, possibly allowing confidential or
personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce
by infecting other files nor do they self-replicate.

What Are Blended Threats?

Added into the mix, we also have what is called a blended threat. A blended threat is a more
sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and
malicious code into one single threat. Blended threats can use server and Internet vulnerabilities
to initiate, then transmit and also spread an attack. Characteristics of blended threats are that they

cause harm to the infected system or network, they propagates using multiple methods, the attack
can come from multiple points, and blended threats also exploit vulnerabilities.
To be considered a blended thread, the attack would normally serve to transport multiple attacks
in one payload. For example it wouldn't just launch a DoS attack it would also, for example,
install a backdoor and maybe even damage a local system in one shot. Additionally, blended
threats are designed to use multiple modes of transport. So, while a worm may travel and spread
through e-mail, a single blended threat could use multiple routes including e-mail, IRC and filesharing sharing networks.
Lastly, rather than a specific attack on predetermined .exe files, a blended thread could do
multiple malicious acts, like modify your exe files, HTML files and registry keys at the same
time basically it can cause damage within several areas of your network at one time.
Blended threats are considered to be the worst risk to security since the inception of viruses, as
most blended threats also require no human intervention to propagate

Purpose and uses

A Trojan may give a hacker remote access to a targeted computer system. Operations that could
be performed by a hacker, or be caused unintentionally by program operation, on a targeted
computer system include:

Crashing the computer, e.g. with "blue screen of death" (BSOD)

Data corruption
Formatting disks, destroying all contents
Use of the machine as part of a botnet (e.g. to perform automated spamming or to
distribute Denial-of-service attacks)
Electronic money theft
Infects entire Network banking information and other connected devices
Data theft, including confidential files, sometimes for industrial espionage, and
information with financial implications such as passwords and payment card information
Modification or deletion of files
Downloading or uploading of files for various purposes
Downloading and installing software, including third-party malware and ransomware
Keystroke logging
Watching the user's screen
Viewing the user's webcam
Controlling the computer system remotely
Encrypting files; a ransom payment may be demanded for decryption, as with the
CryptoLocker ransomware
Modifications of registry
Using computer resources for mining cryptocurrency
Linking computer to Botnet

Using infected computer as proxy for illegal activities and attacks on other computers.
Trojan horses in this way may require interaction with a malicious controller (not
necessarily distributing the Trojan horse) to fulfill their purpose. It is possible for those
involved with Trojans to scan computers on a network to locate any with a Trojan horse
installed, which the hacker can then control. [8]
Some Trojans take advantage of a security flaw in older versions of Internet Explorer and
Google Chrome to use the host computer as an anonymizer proxy to effectively hide
Internet usage,[9] enabling the controller to use the Internet for illegal purposes while all
potentially incriminating evidence indicates the infected computer or its IP address. The
host's computer may or may not show the internet history of the sites viewed using the
computer as a proxy. The first generation of anonymizer Trojan horses tended to leave
their tracks in the page view histories of the host computer. Later generations of the
Trojan horse tend to "cover" their tracks more efficiently. Several versions of Sub7 have
been widely circulated in the US and Europe and became the most widely distributed
examples of this type of Trojan horse. [8]
In German-speaking countries, spyware used or made by the government is sometimes
called govware. Govware is typically a trojan horse software used to intercept
communications from the target computer. Some countries like Switzerland and Germany
have a legal framework governing the use of such software.[10][11] Examples of govware
trojans include the Swiss MiniPanzer and MegaPanzer[12] and the German "state trojan"
nicknamed R2D2.[10]
Due to the popularity of botnets among hackers and the availability of advertising
services that permit authors to violate their users' privacy, Trojan horses are becoming
more common. According to a survey conducted by BitDefender from January to June
2009, "Trojan-type malware is on the rise, accounting for 83-percent of the global
malware detected in the world." Trojans have a relationship with worms, as they spread
with the help given by worms and travel across the internet with them. [13]
The anti-virus company BitDefender has stated that approximately 15% of computers are
members of a botnet, usually recruited by a Trojan infection.

Notable Trojan horses

Netbus Advance System Care(by Carl-Fredrik Neikter)

Subseven or Sub7(by Mobman)
Back Orifice (Sir Dystic)
Beast
Zeus
Flashback Trojan (Trojan BackDoor.Flashback)
ZeroAccess
Koobface
Vundo

What are the Components of a Trojan Virus?

A Trojan virus will normally consist of a server and client component. The client component is
the portion of the malware that infects the end-users computer. Once established or executed,
the virus can be designed to establish a certain level of control over the infected computer. Based
on the desired purpose of the malware author, the client Trojan can deliver additional malware
components such as a key logger, spyware, or perform destructive features on the computer.

2)How Trojan spread ,its working ,types and Rat Trojan:

How Do Trojan Horse Viruses Spread?

Trojan viruses can infect client computers in several ways. One of the most prevalent means of
infection is through email attachments. The malware developer will either use a broad email list
to spam the virus to a large number of people disguised as a potentially useful attachment or
even pornography. Once the user opens the file it will then infect their computer. More recently,
targeted spam called spear phishing has been used to target high visibility personnel in business
and in government. The same technique of spoofing someone they individuals may know or
pretending to be a useful email attachment is used, just with a higher profile potential target set.
Another common method used to distribute Trojan viruses is via instant messenger programs
such as Skype or Yahoo Messenger. Finally, another well-known technique is to send copies of
the virus to all contacts listed in the address book(s) found on the computer after infection.

What Type of Damage Can Trojan Viruses Do?

Typically a Trojan virus will be designed to provide some form of remote access to a hacker or
criminal on an infected computer. Once the Trojan virus has been installed the hacker will be
able to perform tasks on the computer based on the users account privilege level. Some of these
actions could be: to steal the users login and password data, credit card information, or bank
account data; using the computer to conduct a denial-of-service attack against another user,
company, or organization; installing other software to include additional computer malware;
download or upload files on the users computer, log keystrokes or take screen captures of
sensitive websites; crash the users computer; and to web surf in an anonymous fashion. Hackers
do not have to directly distribute Trojan viruses; however, as many of the better known malware
is designed to infect a computing system and respond to remote commands from hackers who
did not originally deploy the malware. The hacker can conduct a scan of computers on a target
network and once finding computers infected with the desired Trojan virus issue follow-on
commands to control the computer.

What Are the Types of Trojan Horse Viruses?

In recent years, Trojan horse viruses have significantly advanced in their complexity, methods of
infection and payload. The categories currently used to define the different variants of Trojan
viruses include: remote access, password sending, destructive, key loggers, password stealers (or
senders), denial of service, proxy, FTP, software detection killers, and Trojan downloaders.

What Does a Remote Access Trojan Virus Do?

A remote access Trojan virus remains the most encountered Trojan in the wild. This virus will
give the hacker/attacker full control over the targeted computer equivalent to the users
permissions. Once access is gained to the computer, the hacker can then access any personal
information the user has stored on their computer to include logins, passwords, credit card
numbers, financial statements, and other personal information. Many times, this information can
then be used to steal the individuals identity or to apply for credit card/banking information in
the persons name.

How Does a Password Sending Trojan Virus Work?

When a computer is infected by a password sending Trojan virus, the malware will search for all
cached passwords and copy those that are entered by the end-user. At preset or scheduled points
the Trojan will send the collected information to a preset email or collection of email addresses.
These actions are performed without the end-users knowledge and the Trojan is particularly
dangerous for computers that are not running any type of antivirus software. All types of
passwords are vulnerable to this attack to include secure websites, email services, FTP, and
instant messaging programs.

How Do Key Logger Trojans Work?

Key loggers are a variant of Trojan virus that is designed to record the keystrokes on an infected
computer and then send the log files to a remote server or email account. The more advanced key
loggers are capable of searching for login and password data and other pre-programmed personal
data in the log files to reduce the overhead of the information sent to the remote hacker. Some
key loggers are able to record their information online, where the ones that are designed to send
the data via email record information offline. To avoid detection, the offline recording Trojan
key loggers will send information or daily or longer intervals based on the configuration set by
the malware author.

What Do Destructive Trojan Viruses Do?

A destructive Trojan viruss primary purpose is to delete or remove files on the targeted
computer. They are designed to attack the computers core Operating System files but can also
be programmed to remove data. The more sophisticated destructive Trojan viruses will be
programmed to attack based on a certain date or logic requirement being met. They can be used
in blackmail attempts, although this use is not widely reported (yet).

What Is a Denial of Service Attack Trojan Virus?

A denial of service (DoS) attack Trojan virus will be designed to use the infected computer as a
bot to attack another web server or computer. Combined with other computers that are infected,
the Internet connection for the attacked computer can become too busy to allow regular users to
make use of the site. A variation of this Trojan is the Mail Bomb Trojan virus which is designed

to infect as many computers as possible while sending potentially malicious emails to all
addresses found on the targeted machines.

How Does a Proxy Trojan Work?

A proxy or Wingate Trojan virus is designed to make the infected computer act as a Wingate or
proxy server. As a result of the infection, the targeted computer can then be used by other to surf
the Internet in an anonymous fashion. This is normally used to conduct other illegal activities
such as using stolen credit cards to access pornographic websites, shop online, or purchase other
websites or domain names.

What is a FTP Trojan Virus?

A FTP Trojan virus is one of the most basic Trojan viruses in the wild and is one of the most
outdated. The primary purpose of the malware is to open port 21 on the infected computer. Once
opened, anyone can then connect to the computer using the FTP protocol. For the more advanced
versions of this variant of Trojans password protection is enabled so that only the hacker can
gain access to the infected machine.

What Are Software Detection Killer Trojans?

A software detection killer Trojan virus is commonly used in conjunction with other computer
malware such as scareware. The purpose of this variant of Trojan virus is to disable known
antivirus and computer firewall programs. Not only will they disable installed versions of known
computer security software, but the Trojan will also preclude installation of new security
programs that are well-known. Once they are active, other computer malware can be bundled
with the Trojan in order to perform additional malicious tasks.

What is a Trojan Downloader Virus?

A Trojan downloader virus is a fairly recent development over the past several years. This
version of Trojan is designed to infect a target computer in a similar manner to other Trojan
viruses. The sole job that a Trojan downloader does on the infected computer is to download
additional computer malware onto the infected computer. Some Trojan downloaders can also be
used to grant remote access to the target machine to a remote server or individual as part of their
work.

remote administration tool

A remote administration tool (a RAT) is a piece of software that allows a remote "operator" to
control a system as if he has physical access to that system. While desktop sharing and remote
administration have many legal uses, "RAT" software is usually associated with criminal or
malicious activity. Malicious RAT software is typically installed without the victim's knowledge,

often as payload of a Trojan horse, and will try to hide its operation from the victim and from
security software.
The operator controls the RAT through a network connection. Such tools provide an operator the
following capabilities:[1]

Screen/camera capture or image control[2]

File management (download/upload/execute/etc.)[3]
Shell control (from command prompt)[4]
Computer control (power off/on/log off if remote feature is supported)
Registry management (query/add/delete/modify)[5]
Hardware Destroyer (overclocker)[6]
Other software product-specific functions

Its primary function is for one computer operator to gain access to remote PCs. One computer
will run the "client" software application, while the other computer(s) operate as the "host(s)".

RAT trojan horses

Many trojans and backdoors now have remote administration capabilities allowing an individual
to control the victim's computer. Many times, a file called the server must be opened on the
victim's computer before the trojan can have access to it. These are generally sent through email,
P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate
program or file. Many server files will display a fake error message when opened, to make it
seem like it didn't open. Some will also disable antivirus and firewall software. RAT trojans can
generally do the following:

Block mouse and keyboard

Change the desktop wallpaper
Download, upload, delete, and rename files
Destroy hardware by overclocking
Drop viruses and worms
Edit Registry
Use your internet to perform denial of service attacks (DoS)
Format drives
Steal passwords, credit card numbers
Alter your webbrowsers homepage
Hide desktop icons, taskbar and files
Silently install applications
Log keystrokes, keystroke capture software
Open CD-ROM tray
Overload the RAM/ROM drive
Send messageboxes
Play sounds
Control mouse or keyboard
Record sound with a connected microphone

Record video with a connected webcam

Show fake errors
Shutdown, restart, log-off, shut down monitor
Record and control your screen remotely
View, kill, and start tasks in task manager

A well-designed RAT will allow the operator the ability to do anything that they could do with
physical access to the machine. Some RAT trojans are pranks that are most likely being
controlled by a friend or enemy on April Fool's Day or a holiday. Prank RATs are generally not
harmful, and won't log keystrokes or store information about the system on the computer. They
usually do disruptive things like flip the screen upside-down, open the CD-ROM tray, or swap
mouse buttons.

Notable RAT software and trojans

Back Orifice
NetBus
iControl
Sub Seven
Beast Trojan
Bifrost[7]
Blackshades[8][9]
Darkcomet[10][11]
LANfiltrator[12]
Xi Rat
Optix Pro
ProRat
Pandora Rat
ESEA's anti-cheat software

3) Case Study(Rat Trojan):

Blackshades and Miss Teen USA
For many Americans, the first time they heard of Blackshades was in the case of Miss Teen USA 2013,
Cassidy Wolf. In that case, Blackshades customer Jared James Abrahams, a 20-year-old college student,
used Blackshades to begin capturing video from Cassidy's webcam. The victim, unaware that their
webcam is even recording, goes about their business, including dressing and undressing. Like most
teens, having a laptop on in the bedroom is not unusual, and after capturing some nude images,
Abrahams attempted to extort additional videos in exchange for not releasing the first images to
Cassidy's friends on Facebook. But Blackshades is able to do so much more than capturing an occasional
nude image! While most commonly used for good old fashioned credential and credit card theft,
Blackshades has also been used to infiltrate Syrian rebel computers, as first reported by the EFF and with
many more details shared by MalwareBytes.

Blackshades CoCreators HOGUE and YCEL

Michael Hogue, who used the hacker name xVisceral, was originally arrested in Tucson, Arizona as part
of a group of arrests announced by Preet Bharara, the US Attorney in the Southern District of New York,
on June 26, 2012 as part of the follow-up to Card Shop. In addition to xVisceral/Hogue that sweep
grabbed up 404myth (Christian Cangeopol of Lawrencevill, Georgia), Cubby (Mark Caparelli of San Diego,
California), Kabraxis314 (Sean Harper of Albuquerque, New Mexico), kool+kake (Alex Hatala of
Jacksonville, Florida), OxideDox (Joshua Hicks of Bronx, New York), JoshTheGod (Mir Islam of
Manhattan, new York), IwearaMAGNUM (Peter Ketchum of Pittsfield, Massachusetts), theboner1
(Steven Hansen, who was already in jail in Wisconsin) as well as 13 others in the UK (6), Bosnia (2),
Bulgaria (1), Norway (1), and Germany. (See: Manhattan U.S. Attorney and FBI Assistant Director in
Charge Announce 24 Arrests in Eight Countries as Part of International Cyber Crime Takedown).

For a fascinating "how I became a hacker" biography interview, please see The Rise and Fall of
xVisceral which details how as a 17 year old Halo player, xVisceral first was introduced to
hacking as a way to cheat other Halo players, and a detailed history of how this led to ever-moreadvanced hacking tools and ultimately the creation of Blackshades. (the original source is
currently unavailable, this is an archived copy of an article from:
The Charges against Hogue (filed January 9, 2013) say that "Michael Hogue a/k/a xVisceral, the
defendant, and others known and unknown, willfully and knowingly combined, conspired,
confederated, and agreed together and with each other to engage in computer hacking in
violation of Title 18, USC, Section 1030(a)(5)(A)." It was part of the conspiracy that Hogue and
others "did cause the transmission of a program, information, code and command, and as a result
of such conduct, wouuld and did intentionally cause damage without authorization, to a protected
computer, which would and did cause damage affecting 10 and more protected computers during
a one-year period, in violation of Title 18, USC Sections 1030(a)(5)(A), 1030(c)(4)(B)(i), and

(c)(4)(A)(i)(VI), to wit, HOGUES used malware to infect computers and sold that malware to
others, enabling them to infect and remotely control victims' computers."
Like most RATs, once a victim has been tricked into clicking on the installer, the RAT is
controlled by connecting to a server used for that purpose. The FBI was able to learn
considerably more about the person being described as the "co-creator" of BlackShades, Alex
YCEL, (also spelled Alex Yucel, Alex Yucle, Alex Yuecel), AKA marjinz, AKA Victor
Soltan, by tracking one of his servers. As they investigated the various domains used to host the
servers for the malware. In one case, Alex contacted a company to lease certain computers for
this purpose (November 8, 2012) paying for them on January 30, 2013. On March 18, 2013, he
sent email requesting tech support due to a problem with his servers. Alex was the administrator
of "www.blackshades.ru" and "www.bshades.eu". Alex is a 24 year old citizen of Sweden,
arrested in Moldova and awaiting extradition to the United States.

4)Removal and Protection From Trojan:

How to Remove Trojan Viruses

One of the most frustrating tasks a home computer user will have to do is recover from a Trojan
virus infection. The following steps are general in nature, but intended to help the average
computer user recover from a Trojan and other computer malware infection.
Step 1 Gain access to a non-infected computer that allows you to save files to a CD-R or
memory stick. Then, launch the computers web browser and download the RKill process killer
application produced by Bleeping Computer and save to the portable drive or place in a
temporary folder to burn to CD.
Step 2 Download the free version of the Malwarebytes antimalware application. If using a
portable drive, copy the install file to the drive. One thing to consider is copying two version of
each file with the second version being a unique file name such as your first name or something
that does not have anything to do with computer security since some Trojan viruses will prevent
RKill or Malwarebytes from being installed. If burning a CD, wait to burn the CD until you
have renamed the second version of each file
Step 3 Restart the infected computer in Windows Safe Mode if the computer will allow you to
do so.
Step 4 Copy the files on the memory stick or CD onto the desktop of the infected computer.
Step 5 Run the RKill application by double clicking either the primary or alternatively named
file icon on the computers desktop. RKill should stop all known computer malware processes
from executing on your infected computer. Note that RKill can take a few minutes to execute.
Step 6 Once RKill finishes executing, turn off Windows System Restore on your computer. To
access the System Restore properties, right click the My Computer icon and then select the
Properties menu option. Select the Turn Off System Restore menu choice and choose the
default menu prompts to complete the action.
Step 7 Run the Malwarebytes installation file that you have already copied to the computers
desktop. Note that you may need to run the renamed version of this file based on the Trojan virus
that has infected the computer. Accept all default menu prompts and then run a complete
antivirus scan of your computers drives.
Step 8 After Malwarebytes has completed running, ensure you select the menu options to
remove all infected files discovered.
Step 9 Restart your computer after the infected files are deleted and the Trojan virus will be
removed.
Step 10 After the computer has restarted, turn Windows System Restore back on.

Step 11 If you were not running a commercial antivirus program prior to the Trojan virus
infection, consider purchasing one from Malwarebytes, Avast, AVG, Norton, or McAfee to
prevent future infections.

How to Protect Your Computer from Trojan Horse Virus

Infection
The best way to defend against Trojan viruses is to take countermeasure to never get your
computer infected. To prevent future infections there are a number of prudent measures that you
can take to minimize your risk. First, never open unsolicited email attachments contained in
received mail. This is one of the most used methods by hackers to infect targeted computers.
Next, do not click links that you did not solicit. An increasingly popular method by hackers is to
send malicious links out in spam email vice attachments since more users are becoming educated
to the threat that email attachments play. If you have not purchased antivirus software and leave
it running, you are long overdue. Additionally, ensuring that you run regular updates for your
computers operating system, installed programs, and leaving the default firewall turned on is
another must in todays threat environment.

Defending Against Malware and Trojan Horse Threats

Print Share

Malwaresoftware written to infect private computers and commit crimes such as fraud and
identity thefthas become big business in the cyber underworld. As a result, if you use a
computer for web surfing, shopping, banking, email, instant messaging, and gaming without
proper protection, you are putting yourself at high risk of being victimized.
By exploiting vulnerabilities in operating systems and browsers, malware can sneak malicious
Trojan horse programs onto unsecured PCs. Unsuspecting and unprotected users can also
download Trojans, thinking they are legitimate game, music player, movie, and greeting card
files. Trojans can also lurk in files shared between friends, family, and coworkers using peer-topeer file sharing networks.
Trojans have traditionally hidden in worms and viruses spread by email, but theyre increasingly
showing up in instant messages and onPDAs and cell phones. Organized crime rings have
devised insidious new ways of delivering Trojans, and consumers must stay informed of the
latest tricks. Protection against these multi-faceted attacks requires integrated anti-virus, firewall,
and anti-spyware technologies. Below are the top 10 things you need to know to protect yourself
against malware and Trojan attacks.

What Do Trojans Do?

Today, Trojans can be spread by browser drive-bys, where the program is downloaded in the
background when you simply surf to a rigged web site. Shell code runs a Trojan that downloads
additional payload code over HTTPvarious forms of bots, spyware, back doors, and other
Trojan programs. Hackers then send phishing emails to lure users to web sites, where
unsuspecting victims are tricked into revealing personal information. Hackers can also exploit
security weaknesses on sites, and then piggyback their Trojans onto legitimate software to be
downloaded by trusting consumers.
How Does My PC Get a Trojan?

Peer-to-peer (P2P) networking has become a launching pad for viruses. Attackers incorporate
spyware, viruses, Trojan horses, and worms into their free downloads. One of the most
dangerous features of many P2P programs is the browse host feature that allows others to
directly connect to your computer and browse through file shares.
P2P can accidentally give access to logins, user IDs and passwords; Quicken files and credit
reports; personal information such as letters, chat logs, cookies, and emails; and medical records
you accidentally house in accessible folders on your PC. As with email and instant messages,
viruses in P2P files are capable of weaving their way through as many users as they can, stealing
information and delivering it to cyber criminals who forge identities and commit fraud.
Top 10 Ways to Defend Against Malware and Trojans

Although hackers never stop developing new tricks to commit fraud and steal identities,
consumers can take proactive steps to safeguard their systems. All it takes is a combination of
robust security software and a commitment to following basic safety rules.
1. Protect your computer with strong security software and make sure to keep it up to date. The
McAfee Internet Security guarantees trusted PC protection from Trojans, hackers, spyware,
and more. Its integrated anti-virus, anti-spyware, firewall, anti-spam, anti-phishing, and backup
technologies work together to combat todays advanced multi-faceted attacks. It scans disks,
email attachments, files downloaded from the web, and documents generated by word
processing and spreadsheet programs.
2. Use a security-conscious Internet service provider (ISP) that implements strong anti-spam and
anti-phishing procedures. For example, AOL blocks known phishing sites so that customers cant
reach them. The SpamHaus organization lists the current top 10 worst ISPs in this category.
Consider this when making your choice.
3. Enable automatic Windows updates or download Microsoft updates regularly to keep your
operating system patched against known vulnerabilities. Install patches from other software
manufacturers as soon as they are distributed. A fully patched computer behind a firewall is the
best defense against Trojan and spyware installation.
4. Use extreme caution when opening attachments. Configure your anti-virus software to
automatically scan all email and instant message attachments. Make sure your email program
doesnt automatically open attachments or automatically render graphics, and ensure that the
preview pane is turned off. This will prevent macros from executing. Refer to your programs

5.

6.
7.

8.

9.

10.

safety options or preferences menu for instructions. Never open unsolicited business emails, or
attachments that youre not expectingeven from people you know.
Be careful when engaging in peer-to-peer (P2P) file-sharing. Trojans sit within file sharing
programs waiting to be downloaded. Use the same precautions when downloading shared files
that you do for email and IM. Avoid downloading files with the extensions .exe, .scr, .lnk, .bat,
.vbs, .dll, .bin, and .cmd. Anti-virus software and a good firewall will protect your system from
malicious files.
Download the latest version of your browser to ensure that it is also fully updated and utilizes
the latest technologies to identify and filter out phishing sites that can install Trojans.
Use security precautions for your PDA, cell phone, and Wi-Fi devices. Trojans arrive as an
email/IM attachment, are downloaded from the Internet, or are uploaded along with other data
from a desktop. Cell phone viruses are in their infancy, but will become more common as more
people buy phones with advanced features. Anti-virus software is available for PDAs and cell
phones. McAfee also offers trusted security solutions for Wi-Fi.
Configure your instant messaging application correctly. Make sure it does not open
automatically when you fire up your computer. Turn off your computer and disconnect the DSL
or modem line when youre not using it. Beware of spam-based phishing schemesdont click
links in emails or IM.
Be certain a web site is legitimate before you go there. Use software that automatically checks
this, such as AccountGuard from eBay and ScamBlocker from Earthlink. You can also check the
validity of individual web addresses (URLs) with a WHOIS search such as www.DNSstuff.com.
Back up your files regularly and store the backups somewhere besides your PC. If you fall victim
to a Trojan attack, you can recover your photos, music, movies, and personal information like
tax returns and bank statements. McAfee PC Protection Plus provides essential protection from
viruses, spyware, and hackers along with automatic backups of your hard drive.

A Trojan virus is a piece of software designed to look like a useful file or software program but
performs a possibly nefarious function once installed on a client computer. The virus takes its
name from the Trojan Horse from Greek mythology setup outside of the city of Troy. Trojan
horse viruses differ from other computer viruses in that they are not designed to spread
themselves. Instead Trojan horse malware is either delivered as the payload of another virus or
piece of malware or through manual end-user action by downloading infected files or inserting
infected drives into a computer. Once a computer is infected with a Trojan virus, the malware
can be designed to steal end-user information, perform destructive harm on the target computer,
or even download additional computer malware. Trojan horse viruses comprised more than 80%
of all computer malware detected in the world over the past year and the number continues to
grow.

5)Introduction and Prevention from email forging:

What is email spoofing and how to prevent your system from spoofing
attacks?
It is hard to imagine a world without emails. These are very fast and easy to access; hence,
people prefer to communicate through emails. You can use emails for personal or official
purposes. Nowadays, using emails also are not very safe. Email viruses and email spoofing are
various forms of threats to the email users. Sometimes, the hackers sent viruses as an attachment
through emails.
Downloading or opening the attachment may allow the virus to enter to your computer. When
you receive an email which displays a different source name and not the original source, then it
is called email spoofing. Email spoofing is also a tool used by the hackers to get unauthorized
access to your personal information.
How Email spoofing affects your computer?
In a spoofed email, the sender may not be the same as mentioned in the mail. In most of the
cases, the sender of the spoofed mail will target to get any personal information of the email
user. Sometimes, you may receive mail addressed from the network administrators, asking for
a change in your password or other information.
Once you provide your password details, the hackers may start sending mails from your mail
account to all the people in your contacts list. Or you may have to click on the given link for a
verification process. But if you click the link, it may take you to pages which you do not want to
visit. By clicking on the link you may indirectly download any virus. These viruses may infiltrate
your computer system and damage the computer parts slowly. You have to be more careful while
you reply to these mails which have a bizarre address in the sender details.
Steps to be taken if your mail Identity has been spoofed

Report about the Spoofed mails to your Internet Service provider and notify them through
Email.
Change your password immediately for all your other email accounts.
Enable Sender filtering
Enable recipient filtering
Further do not respond to any mails which have personal information from the forged Mail ID
Add and update the block list regularly with the spammers, either their domain name or their
email addresses
Download Exchange tools and RUN it to make sure your server is safe and healthy

Stick to the following rules to prevent your system from Spoofing attacks:

Always keep your computer system updated with a good anti virus software
Do not open the mail if you do not recognize the sender.
Ignore any mails with comes without sender names
Ignore any mail which has your name in the sender details
Do not open any mails if it has only a link in the body of the message
Enable the option of Filter messages with blank senders
Make use of any of the three Email authentication systems( Sender policy framework or
SenderID or Domain Keys Identified Mails)

There are no foolproof ways to prevent your computer system from these spoofing methods. All
you need to do is to exercise some caution in the usage.
Phishing the practice of attempting to obtain users credit card or online banking
information, often incorporates e-mail spoofing. For example, a phisher may send e-mail that
looks as if it comes from the banks or credit cards administrative department, asking the user to
log onto a Web page (which purports to be the banks or credit card companys site but really is
set up by the phisher) and enter passwords, account numbers, and other personal information.
Whatever the motivation, the objective of spoofed mail is to hide the real identity of the sender.
This can be done because the Simple Mail Transfer Protocol (SMTP) does not require
authentication (unlike some other, more secure protocols). A sender can use a fictitious return
address or a valid address that belongs to someone else.
Receiving mail from spoofed addresses ranges from annoying to dangerous (if youre taken in by
a phisher). Having your own address spoofed can be even worse. If a spammer uses your
address as the return address, you may suddenly find yourself inundated with angry complaints
from recipients or even have your address added to spammer lists that results in your mail
being banned from many servers.
What FBI Says:

he FBI, in conjunction with national Internet service provider Earthlink, the Federal Trade
Commission, and the National Consumer's League, began an initiative today to raise awareness
about the growing problem of web spoofing scams and to give consumers and businesses
important tips on how to protect themselves from these scams.
According to Jana Monroe, assistant director of the FBI's Cyber Division, "Bogus e-mails that
try to trick customers into giving out personal information are the hottest, and most troubling,
new scam on the Internet."
The FBI's Internet Fraud Complaint Center (IFCC) has seen a steady increase in complaints that
involve some form of unsolicited e-mail directing consumers to a phony "Customer Service"
type of website. Assistant Director Monroe said that the scam is contributing to a rise in identity
theft, credit card fraud, and other Internet frauds.

"Spoofing" or "phishing" frauds attempt to make Internet users believe that they are receiving email from a specific, trusted source, or that they are securely connected to a trusted website,
when that is not the case. Spoofing is generally used as a means to convince individuals to
provide personal or financial information that enables the perpetrators to commit credit
card/bank fraud or other forms of identity theft. Spoofing also often involves trademark and
other intellectual property violations.
In "e-mail spoofing" the header of an e-mail appears to have originated from someone or
somewhere other than the actual source. Spam distributors and criminals often use spoofing in an
attempt to get recipients to open and possibly even respond to their solicitations.
"IP spoofing" is a technique used to gain unauthorized access to computers, whereby the intruder
sends a message to a computer with an IP address indicating that the message is coming from a
trusted port.
"Link alteration" involves altering the return address in a web page sent to a consumer to make it
go to the hacker's site rather than the legitimate site. This is accomplished by adding the hacker's
address before the actual address in any e-mail, or page that has a request going back to the
original site. If an individual unsuspectingly receives a spoofed e-mail requesting him/her to
"click here to update" their account information, and then are redirected to a site that looks
exactly like their Internet Service Provider, or a commercial site like EBay or PayPal, there is an
increasing chance that the individual will follow through in submitting their personal and/or
credit information.
According to Assistant Director Monroe, the FBI's specialized Cyber Squads and Cyber Crime
Task Forces across the country are zeroing in on the spoofing problem. The FBI's legal attach
offices overseas are helping to coordinate investigations that cross international borders. The
IFCC has received complaints that trace back to perpetrators in England, Romania, and Russia.
The FBI is also working actively with key Internet e-commerce stake-holders such as
EBay/PayPal, Escrow.com, and a variety of Internet merchants via the Merchants Risk Council
to identify common traits of such scams, as well as proactive measures to rapidly respond.
The FBI offers the following tips for Internet users:

If you encounter an unsolicited e-mail that asks you, either directly, or through a website,
for personal financial or identity information, such as Social Security number, passwords,
or other identifiers, exercise extreme caution.
If you need to update your information online, use the normal process you've used before,
or open a new browser window and type in the website address of the legitimate
company's account maintenance page.
If a website address is unfamiliar, it's probably not real. Only use the address that you
have used before, or start at your normal homepage.
Always report fraudulent or suspicious e-mail to your ISP. Reporting instances of spoof
websites will help get these bogus websites shut down before they can do any more harm.

Most companies require you to log in to a secure site. Look for the lock at the bottom of
your browser and "https" in front of the website address.
Take note of the header address on the website. Most legitimate sites will have a
relatively short Internet address that usually depicts the business name followed by
".com," or possibly ".org." Spoof sites are more likely to have an excessively long string
of characters in the header, with the legitimate business name somewhere in the string, or
possibly not at all.
If you have any doubts about an e-mail or website, contact the legitimate company
directly. Make a copy of the questionable web site's URL address, send it to the
legitimate business and ask if the request is legitimate.
If you've been victimized by a spoofed e-mail or website, you should contact your local
police or sheriff's department, and file a complaint with the FBI's Internet Fraud
Complaint Center at www.ifccfbi.gov.