06 - Trojans and Backdoors

A Trojan is a program that contains malicious or harmful code inside apparently harmless programming or data in such a way that it can get control and cause damage, such as ruining the file allocation table on a hard disk. With the help of a Trojan, an attacker gets access to stored passwords in a computer and would be able to read personal documents, delete files, display pictures, and/or show messages on the screen.

Module Objective

The objective of this lab is to help students learn to detect Trojan and backdoor attacks. The objective of the lab include:

  • Creating a server and testing a network for attack
  • Detecting Trojans and backdoors
  • Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected

Scenario

According to Bank Info Security News (http://www.bankinfosecurity.com), Trojans pose serious risks for any personal and sensitive information stored on compromised Android devices, the FBI warns. But experts say any mobile device is potentially at risk because the real problem is malicious applications, which in an open environment are impossible to control. And anywhere malicious apps are around, so is the potential for financial fraud.

According to cyber security experts, the banking Trojan is known as the citadel, an advanced variant of Zeus is a keylogger that steals online-banking credentials by capturing keystrokes. Hackers then use stolen login IDs and passwords to access online accounts, take them over, and schedule fraudulent transactions. Hackers created this Trojan that is specifically designed for financial fraud and sold on the black market.

You are a security administrator of your company, and your job responsibilities include protecting the network from Trojans and backdoors, Trojan attacks, the theft of valuable data from the network, and identity theft.

I. Creating a Server Using the ProRat Tool

As more and more people regularly use the Internet, cybersecurity is becoming more important for everyone, and yet many people are not aware of it. Hacker is using malware to hack personal information, financial data, and business information by infecting systems with viruses, worms, and Trojan horses. But Internet security is not only about protecting your machine from malware; hackers can also sniff your data, which means that the hackers can listen to your communication with another machine. Other attacks include spoofing, mapping, and hijacking.

Some hackers may take control of your and many other machines to conduct a denial-of-service attack, which makes target computers unavailable for normal business. Against high-profile web servers such as banks and credit card gateways.

You are a security administrator of your company, and your job responsibilities include protecting the network from Trojans and backdoors, Trojan attacks, theft of valuable data from the network, and identity theft.

Lab Objectives

The objective of this lab is to help students learn to detect Trojan and backdoor attacks. The objectives of the lab include:

  • Creating a server and testing the network for attack
  • Detecting Trojans and backdoors
  • Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected
  • Creating a Server Using the ProRat Tool