|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| |++++++++++| |The Complete Trojans Text |--------|Written On| |(Security Related) | | | |by tHe MaNiAc | |3.04.2000 | |contact me at: themaniac@blackcode.com |--------|++++++++++| |maniac@forbidden.net-security.org | |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| This guide is for educational purposes only I do not take any responsibility about anything happen after reading the guide. I'm only telling you how to do this not to do it. It's your decision. If you want to put this text on your Site/FTP/Newsgroup or anything else you can do it but don't change anything without the permission of the author.I'll be happy to see this text on other pages too. All copyrights reserved.You may destribute this text as long as it's not changed. <--=--=--=--=--=--=--=--=> Author Notes: I hope you like my texts and find them useful. If you have any problem or some suggestion feel free to e-mail me but please don't send mails like "I want to hack the US government please help me" or "Tell me how to blind a trojan into a .jpg" "WHere can I get a portscanner" etc...... Be sure if I can help you with something I will do it. I've started writing security related tutorials and I hope you like that.I'll try to cover much more topics in my future texts and I want to thank to all of the people that like my texts. <--=--=--=--=--=--=--=--=> Links: ------------------------------ \ Here you can find other texts \ written by me or other friends: \ http://www.blackcode.com / blacksun.box.sk / neworder.box.sk / ------------------------------ Table of Contents <---------------------------------------\ | \ |-1.What Is This Text About? \ |-2.What Is A Trojan Horse \ |-3.Trojans Today \ |-4.The future of the trojans \ |-5.Anti-Virus Scanners \ |-6.How You Can Get Infected? \ |-----From ICQ \ |-----From IRC \ |-----From Attachment \ |-----From Physical Access \ |-----From Trick \ |-7.How Dangerous A Trojan Can Be? \ |-8.Different Kinds Of Trojans \ |-----Remote Access Trojans \ |-----Password Sending Trojans \ |-----Keyloggers \ |-----Destructive Trojans \ |-----FTP Trojans \ |-9.Who Can Infect You? \ |-10.What is the attacker looking for? \ |-11.How The Trojans Works \ |-12.The Most Common Trojan Ports | |-13.How Can I Monitor My Comp for trojans without any scanner?| |-14.Software To Help You Monitor Your Computer | |-----Log Monitor /-----------------------> |-----PrcView / |-----XNetStat / |-----AtGuard \ |-----ConSeal PC FIREWALL \ |-----LockDown2000 / |-----TDS / |-15.Placing Backdoors In Programs / |-16.Advices / |-17.Final Words / \_______________________________/ 1.What is this text about? /=-=-=-=-=-=-=-=-=-=-=-=-=-=/ In this text I'm going to explain you interesting things about the trojans and about their future.I hope you'll realize that trojans are dangerous and they're still big security problem although many people say don't download files from the net and you won't get infected which is not right.The main thing I want to explain here is do the trojans have future and other interesting things about them. This text is only for Windows based trojans not Unix one. =-=-=-=-=-=-=-=-=-=-=-=-=-= 2.What Is A Trojan Horse? /=-=-=-=-=-=-=-=-=-=-=-=-=/ A trojan horse is -An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user. -A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user. -Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and probably unwanted) by the user. Trojans can also be called RAT's, or Remote Administration Tools. The trojan got it's name from the old mythical story about how the greeks during the war, gave their enemy a huge wooden horse as a gift. They accepted this gift and they brought into their kingdom, and during the night, greek soldiers crept out of the horse and attacked the city, completely overcoming it. 3.Trojans Today /=-=-=-=-=-=-=-=/ Trojans has always been big security problem even today.Most of the people don't know what a trojan is and they keep downloading files from untrusted sources or from suspicious people.Today there are more than 600 trojans on the net that I know but I think there are many many more.Because every hacker or programer today have it's own trojan made for his/her special needs and not published anywhere.Every hacking group has also it's own trojans and programs. When someone start learning winsock the first creating is chat client or trojan horse.Even the anti-virus scanners I'll talk below people still get infected by themselves,by some hacker or by some of your friends. -----------------------> 4.The Future Of Trojans =-=-=-=-=-=-=-=-=-=-=-=-= I think there're a lot of people out there that think the trojans are outdated and they don't have future.Well I don't think so.Trojans will always have future and new things added in them.There are so many things that can be improved by skilled programers in the trojans. Trojans that COMPLETELY hide in the system and of course restart every time Windows is loaded trojans that will lie every trojan and anti-virus program this is the future I think. People that program trojans has a lot of ideas that makes their trojans unique. These people start placing backdoors in ActiveX and who knows maybe in future they'll find other sources they can place the trojans in.Programmers will always think of new and unique trojans with functions never seen before. Trojans are made every day by the programers with new options and with better encryption so the Anti-Trojan software can't detect them.So noone knows how many are the trojans on the net. But the programmers are still programming trojans and they will continue in the future. Technically, a trojan could appear almost anywhere, on any operating system or platform. However, with the exception of the inside job mentioned previously, the spread of trojans works very much like the spread of viruses. Software downloaded from the Internet, especially shareware or freeware, is always suspect. Similarly, materials downloaded from underground servers or Usenet newsgroups are also candidates.There are thousand of programs with not checked source and new programs are appearing every day especially the freeware one so they can all be trojans.So be careful what you're downloading and from where you're downloading it. Always download software from the official page. -----------------------------> 5.Anti-Virus Scanners /=-=-=-=-=-=-=-=-=-=-=-=/ People think that when they have a virus scanner with the latest virus definitions they're secure on the net and they can't get infected with a trojan or noone can have access to their computer.This is NOT right.The purpose of the anti-virus scanners is to detect not trojans but viruses.But when trojans became popular the scanners started adding also trojan definitions.These scanners just can't find the trojans and analyze them that's why they're just detecting the common and the well know from everyone trojans like Back Orifice and NetBus and also several other.As I told they're around 600 trojans I know out there and the anti-virus scanners are detecting just a LITTLE part of them. These scanners are not firewalls that will stop someone that want to connect to your computer or try to attack you as people think they are.So I hope that you understand that the main purpose of these scanners is not to detect trojans and protect you while you're online. Most of the internet users know only Back Orifice and NetBus as trojans. There are some specific tools out there that clean ONLY from these trojans. Again people think that they're secure and protected from every trojan. ---------------------------> 6.How Can I get Infected? /=-=-=-=-=-=-=-=-=-=-=-=-=-=/ Everyone ask this question and often people ask themselves how they got infected.Also when someone ask them did they run some file send to them by someone or downloaded from somewhere people always say they didn't run anything or download some file but they did it.People just don't pay attention to things they do online and that's why they forget about the moment of the infection with the trojan. You can get infected from many places and I'll try to explain you these things here. 6.1 From ICQ 6.2 From IRC 6.3 From Attachment 6.4 Physical Access 6.5 Tricks-diskette 6.1 From ICQ People think that they can't infect while they're talking via ICQ but they just forget the moment when someone sends them a file. Everyone knows how insecure ICQ is and that's why some people are afraid of using it. As you maybe know there's a bug in ICQ allowing you to send a .exe file to someone but it will look as .bmp or .jpg or whatever you want it to look like.This is very dangerous as you see and can get you in trouble.The attacker will just change the icon of the file like a BMP image,tell you it's a pic of him,rename it to photo.bmp then you'll get it and of course before getting it you'll see that it's .bmp and you're secure because the file is not executable. Then you run it see the picture and you think there's nothing to worry about but there is. That's why most of the people say that they didn't run any files because they know that they've run an image not executable. A way to prevent this bug in ICQ is always to check the type of the file before running it.It may has an BMP icon but if at the type of the file is written executable I thin you know that it will be mistake if you run that file. 6.2 From IRC You can also get infected from IRC by receiving files from untrusted sources.But I advice you always to be paranoid and do not receive files from ANYONE even from your best friend because someone may stolen his/her password and infect you.Some people think that they can be 100% sure that the other person is their friend when they ask him/her something like a secret or something else that only he/she know but as I told you be paranoid because someone may infect your friend and just check his/her IRC logs and see what is this secret about or learn other things.Be paranoid it's more secure as I say and do not receive files from anyone on IRC or from somewhere else like e-mail,ICQ or even your online friends. 6.3 From Attachment The same thing goes about the e-mail attachments.NEVER run anything even if it says you'll see hot porno or some passwords for server or anything else.The best way to infect someone with a trojan is mass e-mailing the server because there're new people on the net and they'll of course get infected.This is the best way of infecting as I said that's why it's preferred by the people that want to infect the masses. 6.4 Physical Access You can of course get infected by some of your "friends" when they have physical access to your computer.Let's suppose you leave someone on your computer just for 5 minutes,then of course you can get infected by one of your "friends".There are some very smart people out there that keep thinking of new ways of getting physical access to someone's computer.Here are some tricks that are interesting: 1.You "friend" may ask you "Hey bro can you give me some water" or something that will leave him alone.You'll go to take some water and then........You know 2.The attacker may have a plan.Let's say you invited him/her at 12:00 at your home and that attacker told one of your "friends" to call the victim at 12:15 and start talking about something with the victim.The attacker again have time to infect you. Also the "friend" that is calling you may say something like "Is there anyone around you,if so move somewhere else I don't want anyone to hear what we are talking about" The attacker is again alone and have time to infect you. 6.5 Trick This is one trick that may work on people that really want something and the attacker knows what is it. Let's say that the victim wants to watch some porno or want xxx passwords,then attacker can just leave a diskette with the trojan in the front of the victim's house and put the trojan with some xxx pics of course. This is bad things because sometimes if you really want something and you finally found it you don't think about anything else except to check it you.You again get infected. I hope now you understand how you got infected the last time (if you got infected of course). -----------------------------------> 7.How dangerous a trojan can be? /=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/ Many people that don't know what a trojan is think that when they run an executable nothing happened because their computer is still working and all the data is there,if it was a virus their data will be damaged and their computer will stop working. Someone is downloading and uploading files on your computer. Someone is reading all of your IRC logs and learning interesting things about you and your friends. Someone is reading ALL of your ICQ messages. Someone is deleting files on your computer. These are some examples how dangerous a trojan can be. There people that use trojans just to place virus on the infected machine like CIH and destroy the machine. ---------------------------> 8.Different Kinds Of Trojans =-=-=-=-=-=-=-=-=-=-=-=-=-=-= Remote Access Trojans ------------------------------- These trojans are the most popular trojans now. Everyone wants to have such trojan because he or she want to have access to their victim's hard drive. The RAT'S (remote access trojans)are very simple to use.Just make someone run the server and you get the victim's IP and you have FULL access to his or her computer.They you can almost everything it depends of the trojan you use. But the RAT'S have the common remote access trojan functions like: keylogger,upload and download function, make a screen shot and so on.Some people use the trojans for malicious purposes. They want just to delete and delete.This is lame.But a have a guide about the best way to use a trojan.You should read it. There are many programs out there that detects the most common trojans,but new trojans are coming every day and these programs are not the maximum defense. The trojans do always the same things. If the trojan restart every time Windows is loaded that means it put something in the registry or in win.ini or in other system file so the trojan can restart. Also the trojans create some file in the WINDOWS\SYSTEM directory.The file is always looking to be something that the victim will think is a normal WINDOWS executable.Most trojans hide from the Alt+Ctrl+Del menu.This is not good because there are people who use only this way to see which process are running.There are programs that will tell me you exactly the process and the file from where it comes.Yeah but some trojans as I told you use fake names and it's a little hard for some people to understand which process should they kill.The remote access trojans opens a port on your computer letting everyone to connect. Some trojans has options like change the port and put a password so only the guy that infect you will be able to use the computer.The change port option is very good because I'm sure you don't want your victim to see that port 31337 is open on their computer.Remote access trojans are appearing every day and they will continue to appear. For those that use such trojans: BE CAREFUL you can infect yourself and they the victim you wanted to destroy will revenge and you'll be sorry. --------------------------------------- Password Sending Trojans The purpose of these trojans is to rip all cached passwords and send them to specified e-mail without letting the victim about the e-mail. Most of these trojans don't restart every time Windows is loaded and most of them use port 25 to send the e-mail.There are such trojans that e-mail other information too like ICQ number computer info and so on.These trojans are dangerous if you have any passwords cached anywhere on your computer. ---------------------------------------- Keyloggers These trojans are very simple.The only one thing they do is to log the keys that the victim is pressing and then check for passwords in the log file. In the most cases these trojans restart every time Windows is loaded.They have options like online and offline recording.In the online recording they know that the victim is online and they record everything.But in the offline recording everything written after Windows start is recorded and saved on the victims disk waiting for to be transferred. ---------------------------------------- Destructive The only one function of these trojans is to destroy and delete files.This makes them very simple and easy to use.They can automatically delete all your .dll or .ini or .exe files on your computer. These are very dangerous trojans and once you're infected be sure if you don't disinfect your computer information will no longer exist. ----------------------------------------- FTP trojans These trojans open port 21 on your computer letting EVERYONE that has a FTP client to connect to your computer without password and will full upload and download options. These are the most common trojans.They all are dangerous and you should me careful using them. --------------------------------------> 9.Who Can Infect You? /=-=-=-=-=-=-=-=-=-=-=/ Well basically you can get infected by everyone that know how to use a trojan(it's VERY easy) and of course know how to infect you. People that use trojans are wannabe hackers that are just at the stage of using trojans.Some of these people don't move to the next stage and they're lamers that can only use trojans and as I said it's VERY easy. But after reading this text you'll know the most common ways that someone can infect you with a trojan and it will be hard for the people using them to infect you. ------------------------> 10.What Is The Attacker Looking For? /=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/ Some of you may think that trojans are used for damage only. Well they can also be used to spy on someone's machine and take a lot of private information from it.Wellthe common data an attacker looks for would include but not limit to the following. -----> Credit Card Information -----> Credit Information -----> Checking Account Information -----> Any accounting data -----> Data bases -----> Mailing Lists -----> Personal Addresses -----> Email Addresses -----> Account Passwords -----> Home Office / Small Business Information -----> Company Accounts / Subscribed for Services -----> Resumes -----> Email -----> Any Company Information / Services He Can Access -----> Your or spouse's first and last name -----> Children's names / ages -----> Your address -----> Your telephone number -----> Letters you write to people -----> Email -----> Your personal resume -----> Your family pictures -----> School work -----> Any school accounts / information 11.How The Trojans Works /=-=-=-=-=-=-=-=-=-=-=-=/ Here I'll explain you how the trojans work.If you don't know some words you can check the "Terms Used In The Text" section and read about them there. When the victim runs the server it does functions like opening some specific port and listening for connections.It can use TCP or UPD protocols. When you connect with the victim IP the you can do what you want because the server let you do the trojan functions on the infected computer.Some trojans restart every time Windows is loaded. They modify win.ini or system.ini so the trojan can restart but most of the new trojans use the registry so they can restart. Trojans communicate like client and server.The victim runs the server,the attacker sends command to the infected server with the client and the server is just following what the client "says" to it. --------------------------> 12.The Most Common Trojan Ports /=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/ Here's a list of the most common trojan ports: Satanz Backdoor|666 Silencer|1001 Shivka-Burka|1600 SpySender|1807 Shockrave|1981 WebEx|1001 Doly Trojan|1011 Psyber Stream Server|1170 Ultors Trojan|1234 VooDoo Doll|1245 FTP99CMP|1492 BackDoor|1999 Trojan Cow|2001 Ripper|2023 Bugs|2115 Deep Throat|2140 The Invasor|2140 Phineas Phucker|2801 Masters Paradise|30129 Portal of Doom|3700 WinCrash|4092 ICQTrojan|4590 Sockets de Troie|5000 Sockets de Troie 1.x|5001 Firehotcker|5321 Blade Runner|5400 Blade Runner 1.x|5401 Blade Runner 2.x|5402 Robo-Hack|5569 DeepThroat|6670 DeepThroat|6771 GateCrasher|6969 Priority|6969 Remote Grab|7000 NetMonitor|7300 NetMonitor 1.x|7301 NetMonitor 2.x|7306 NetMonitor 3.x|7307 NetMonitor 4.x|7308 ICKiller|7789 Portal of Doom|9872 Portal of Doom 1.x|9873 Portal of Doom 2.x|9874 Portal of Doom 3.x|9875 Portal of Doom 4.x|10067 Portal of Doom 5.x|10167 iNi-Killer|9989 Senna Spy|11000 Progenic trojan|11223 Hack?99 KeyLogger|12223 GabanBus|1245 NetBus|1245 Whack-a-mole|12361 Whack-a-mole 1.x|12362 Priority|16969 Millennium|20001 NetBus 2 Pro|20034 GirlFriend|21544 Prosiak|22222 Prosiak|33333 Evil FTP|23456 Ugly FTP|23456 Delta|26274 Back Orifice|31337 Back Orifice|31338 DeepBO|31338 NetSpy DK|31339 BOWhack|31666 BigGluck|34324 The Spy|40412 Masters Paradise|40421 Masters Paradise 1.x|40422 Masters Paradise 2.x|40423 Masters Paradise 3.x|40426 Sockets de Troie|50505 Fore|50766 Remote Windows Shutdown|53001 Telecommando|61466 Devil|65000 The tHing|6400 NetBus 1.x|12346 NetBus Pro 20034 SubSeven|1243 NetSphere|30100 Silencer |1001 Millenium |20000 Devil 1.03 |65000 NetMonitor| 7306 Streaming Audio Trojan| 1170 Socket23 |30303 Gatecrasher |6969 Telecommando | 61466 Gjamer |12076 IcqTrojen| 4950 Priotrity |16969 Vodoo | 1245 Wincrash | 5742 Wincrash2| 2583 Netspy |1033 ShockRave | 1981 Stealth Spy |555 Pass Ripper |2023 Attack FTP |666 GirlFriend | 21554 Fore, Schwindler| 50766 Tiny Telnet Server| 34324 Kuang |30999 Senna Spy Trojans| 11000 WhackJob | 23456 Phase0 | 555 BladeRunner | 5400 IcqTrojan | 4950 InIkiller | 9989 PortalOfDoom | 9872 ProgenicTrojan | 11223 Prosiak 0.47 | 22222 RemoteWindowsShutdown | 53001 RoboHack |5569 Silencer | 1001 Striker | 2565 TheSpy | 40412 TrojanCow | 2001 UglyFtp | 23456 WebEx |1001 Backdoor | 1999 Phineas | 2801 Psyber Streaming Server | 1509 Indoctrination | 6939 Hackers Paradise | 456 Doly Trojan | 1011 FTP99CMP | 1492 Shiva Burka | 1600 Remote Windows Shutdown | 53001 BigGluck, | 34324 NetSpy DK | 31339 Hack?99 KeyLogger | 12223 iNi-Killer | 9989 ICQKiller | 7789 Portal of Doom | 9875 Firehotcker | 5321 Master Paradise |40423 BO jammerkillahV | 121 ---------------------------------> 13.How Can I Monitor My Computer Without Scanner? /=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/ Again the masses think that when they have some trojan scanner or anti-virus one they're secure. Well the best way you can check for trojans is to do it by your own.You're not sure is the trojan scanner working correctly so start checking it alone. In this text I've included one list of software and reviews of course that will help you check your system for trojans. Well you always need to check which ports are opened on your system and if you see that one of the common trojan ports is open you're probably infected. *NOTE* You can check that by typing "netstat" in the MS-DOS prompt or use other software that can do this for you *NOTE* Always pay attention to which files are running on your computer and check for something suspicious in it like it's name.Well I think you'll check files like config.EXE,himem.exe or winlilo.exe or other funny one. Just Hex Edit them and if you find something interesting like "SchoolBus Server" kill the running file. Make sure you're monitoring your registry and check every new change in it.Also be sure you monitor system.ini or win.ini because there're still trojans that restart from there. And as I told you always download software like ICQ,MIRC or some other well known program from the official page. Following these simple rules will help you prevent your computer from getting infected. ----------------------------------> 14.Software To Help You Monitor Your Computer /=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/ As I told you I've included one list of software that will help you monitor your computer and help you prevent trojan infections. +++++++++++++++ ----LogMonitor+ +++++++++++++++ Files and directories monitoring tool ===================================== Version: 1.3.4 Home page: http://www.geocities.com/koenigvad/Eng/ Author: Vadim Dumbravanu, koenigvad@yahoo.com Log Monitor is a files and directories monitoring tool. The program periodically checks selected file's modification time and executes external program if file's time was changed or not changed. For directories it handles such events as files change, addition or removal. Works under Windows 95/98/NT. It's free for personal and business use. See LICENSE.TXT for copyright information. This file contains following topics: 1. Purpose. 2. Usage. 3. Some features. 4. Installation. 5. Uninstallation. 1. PURPOSE The program is intended for different administrators using automated processes. From time to time these processes stop working or can even terminate abnormally. Sometimes processes create or update error log-files. Log Monitor can watch over such processes via their log-files and warn administrators about problems. Users can watch over common network folders and see what happens within their directories. 2. USAGE Most of automated processes track log-files, periodically updating them. Accordingly, if such process will terminate abnormally, log-files cease changing. If the process did not update the log-file during selected interval, Log Monitor runs an external program. It can be "net send bla bla bla", or paging program, or process restart. Log Monitor can run a program if the file was changed too, so you can check error files for changes. Log Monitor can also watch over directories and handle files change, addition or removal events within directory tree. Log Monitor can be used as a task scheduler. NT Scheduler Service is uncomfortable if you need to run a task every hour for example. Using Log Monitor you can add nonexisting file, then select interval of 3600 seconds and the program. As long as the file does not update, selected program will run every hour. You can specify working time and days when program will be launched. 3. SOME FEATURES - Several files or directories can be monitored simultaneously, each file has its own interval and is processing in a separate thread. - A list of monitoring processes stores in the configuration file. - Minimizes to the System Tray (and restores from it). ;) - There is an ability to pause monitoring of selected files. "Paused" state can be stored in the configuration file. - Works on the schedule, can check files and directories only during selected time interval and days of week or month. - Many other really beautiful things. ++++++++++++ ----PrcView+ ++++++++++++ PrcView is a freeware process viewer utility that shows comprehensive information about running processes. This information includes such details as the creation time, version and full path for each DLL used by a selected process, a list of all threads, memory blocks and heaps. PrcVIew also allows you to kill and attach a debugger to a selected process. PrcView runs on both Windows 95/98 and Windows NT platforms and includes Windows and command-line version of the program. This software is free and freely distributable on a non-commercial basis in the format ORIGINALLY RELEASED (PrcView.zip) with the original Copyright clause. The author expressly disclaims any warranty for this software. This software and any related documentation is provided "as is" without warranty of any kind. Distribution of the program or any work based on the program by a commercial organization to any third party is permitted only with the written permission of the author If you encounter a problem while running PrcView, please visit http://www.teamcti.com to obtain the latest version. If you still have problems, please send a short description to: IgorNys@writeme.com ----XNetStat XNetStat is a program like the "netstat" command in the MS-DOS promt.The programs shows you all of the open ports of your computer and all of the established connections. Mail fresh@arez.com if you want it or have questions about it. ++++++++++++ ----AtGuard+ ++++++++++++ AtGuard is a nice firewall with some cool features.It can also show you which file opened a connection from your computer that is VERY useful if you want to detect some trojans on your machine. I currently lost the URL for that program but try searching altavista.com or packetstorm.securify.com +++++++++++++++++++++++++ -----ConSeal PC FIREWALL+ +++++++++++++++++++++++++ This software will help you to secure your PC. It has some major advantages over other PC-based firewalls. It is available on Windows 95, Windows 98 and Windows NT (3.51 & 4.0). This is probably the best firewall for Windows machines that will help you block trojans ports on your machine and also against various D.O.S attacks. http://www.signal9.com +++++++++++++++++ ----LockDown2000+ +++++++++++++++++ This is really good anti-trojan package that detects a LOT of trojans and other tools and also acts as a firewall, protect you against nuke and ICQ attacks.It also block file sharing so you won't have problems with it. It's updated regulary with many new trojan definitions. A must have for those of you that want to be protected against attacks and trojan infections. You can get it at http://www.lockdown2000.com ++++++++++ ----TDS-2+ ++++++++++ Trojan Defence Suite is also one very good anti trojan package with a lot of functions and plugins in it.It also detects probably all of the trojans out there and is regulary updated. A must have for those of you that want to be protected against attacks and trojan infections. You can get it at http://www.diamondcs.com.au Using all of these tools of course with the anti-trojan packages will result in one SECURE against trojans Windows machine so go and get them. 15.Placing BackDoors In Programs /=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/ The people that infect with trojans are becoming smarter. They started placing the trojans in some real programs that everyone is using so they can infect the victim. Most of the people know that when they run a trojan nothing will happen or an error message will apear,but when the trojan is "joined" with another program the program will work normally without any error messages and the victim will think that he/she is not infected. That's not right.Programmers made such programs that just "join" two or more executables in one so they can place the trojan in some programs that everyone know about. Such well known programs with open source are also very dangerous.Good programmer may modify the source and make it like a trojan so let's say you're using modified e-mail client.As well all know the password sending trojans use port 25 to send the e-mail with the information.How about if the attacker modified the e-mail client to send your e-mail password to him/her.You'll of course see(if you're monitoring)that port 25 is open but probably you won't pay attention because you're sending e-mails and that's why the port is open. As I said people are becoming smarter and smarter. ---------------------------------> 16.Advices /=-=-=-=-=-=/ Some advises from me to help you prevent being infected by trojan or virus. [1]-Never accept file even it is from some friend. You're never sure who's on the other side of the computer. [2]-When executing file first check it's type someone may try to trick you into running it. [3]-Always monitor your open ports and the running files on your computer. [4]-Download software ONLY from it's official page. [5]-When playing with trojans you can also get infected because the creators some time put the server in the client so when you run the client you also get infected.This shows you once again that trojans are dangerous and when you make mistake you can lose sensitive information. [6]-Become a paranoid it's more secure.People laugh at these people that burn every paper they have,that keep all of their passwords in their minds,that always use encryption,that don't ICQ or IRC because they know how weak these protocols are BUT that's why these people never get caught because they know how to protect themselves. ------------------------> 17.Final Words /=-=-=-=-=-=-=-=/ That's it for now I'll update this text in future too. Btw this was my biggest and well writer text for now and I really like it also I hope it will help to those of you that want to know how to protect from trojans and want to learn more about them.Once again this is a security related tutorial as I told I've starting writing such texts from now. Also check out my magazine at blackcode.com/bc-tech/magazine.php3 This guide is for educational purposes only I do not take any responsibility about anything happen after reading the guide. I'm only telling you how to do this not to do it. It's your decision. If you want to put this text on your Site/FTP/Newsgroup or anything else you can do it but don't change anything without the permission of the author.I'll be happy to see this text on other pages too. All copyrights reserved.You may destribute this text as long as it's not changed. (c)TheManiac