Privacy Attacks

-: Privacy Attacks :-


Here attacker uses various automated tools which are freely available on the internet. Some of them are as follows:

1) Trojan :- Trojan is a Remote Administration Tool (RAT) which enable attacker to execute various software and hardware instructions on the target system.

Most trojans consist of two parts -
a) The Server Part :- It has to be installed on the the victim's computer.
b) The Client Part :- It is installed on attacker's system. This part gives attacker complete control over target computer.

Netbus, Girlfriend, sub7, Beast, Back Orifice are some of the popular trojans.

2) Keylogger :- Keyloggers are the tools which enable attacker to record all the keystrokes made by victim and send it's logs secretly to the attacker's e-mail address which is previously set by him.

Almost all the Trojans have keylogging function.

     Use of latest updated antirus-firewall, detect the presence of trojan and remove it permanently.   

3) Spyware :- Spyware utilities are the malicious programs that spy on the activities of victim, and covertly pass on the recorded information to the attacker without the victim's consent. Most spyware utilities monitor and record the victim's internet-surfing habits. Typically, a spyware tool is built into a host .exe file or utility. If a victim downloads and executes an infected .exe file, then the spyware becomes active on the victim's system.
Spyware tools can be hidden both in .exe files an even ordinary cookie files.
Most spyware tools are created and released on the internet with the aim of collecting useful information about a large number of Internet users for marketing and advertising purposes. On many occasions, attacker also use spyware tools for corporate espionage and spying purposes.

4) Sniffer :- Sniffers were originally developed as a tool for debugging/troubleshooting network problems.
The Ethernet based sniffer works with network interface card (NIC) to capture interprete and save the data packets sent across the network.
Sniffer can turn out to be quite dangerous. If an attacker manages to install a sniffer on your system or the router of your network, then all data including passwords, private messages, company secrets, etc. get captured.

Recommended  Tools      
Snort    http://www.snort.org      
Ethereal    http://www.ethereal.com   

-: The Trojan Horse :-

What is a Trojan ?
"A Trojan Horse, or Trojan, is a term used to describe malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system". - Wikipedia

"A Trojan horse is an apparently useful program containing hidden functions that can exploit the privileges of the user [running the program], with a resulting security threat.". - CERT Advisory

Types of Trojan :-
 The different types of Trojan Horses are as follows-

1) Remote Access Trojans :- Abbreviated as RATs, a Remote Access Trojans are potentially the most damaging, designed to provide the attacker with complete control of the victim's system.

2) Data Sending Trojans :- A type of a Trojan horse that is designed to provide the attacker with sensitive data such as passwords, credit card information, log files, e-mail address or IM contact lists. They could install a keylogger and send all recorded keystrokes back to the attacker.

3) Destructive Trojans :- Once this Trojan is installed on your computer, it will begin to systematically or completely randomly delete information from your computer. This can include files, folders, registry entries, and important system files, which likely to cause the failure of your operating system.

4) Proxy Trojans :- A type of Trojan horse designed to use the victim's computer as a proxy server. This gives the attacker the opportunity to conduct illegal activities, or even to use your system to launch malicious attacks against other networks.

5) FTP Trojans :- A type of Trojan horse designed to open port 21 (FTP) and acts like an FTP server. Once installed, the attacker not only could download/upload files/programs to victim's computer but also install futher malware on your computer.

6) Security Software Disabler Trojan :- A type of Trojan horse designed stop or kill security programs such as an antivirus program or firewall without the user knowing. This Trojan type is normally combined with another type of Trojan as a payload.

7) DoS Attack Trojans :- These trojans are used by the attacker to launch a DoS/DDoS attack against some website or network or any individual. In this case they are well known as "Zombies".

How Trojan Works ?
Trojans typically consist of two parts, a client part and a server part. When a victim (unknowingly) runs a Trojan server on his machine, the attacker then uses the client part of that Trojan to connect to the server module and start using the Trojan. The protocol usually used for communications is TCP, but some Trojans' functions use other protocols, such as UDP, as well. When a Trojan server runs on a victim\92s computer, it (usually) tries to hide somewhere on the computer; it then starts listening for incoming connections from the attacker on one or more ports, and attempts to modify the registry and/or use some other auto-starting method.

       It is necessary for the attacker to know the victim\92s IP address to connect to his/her machine. Many Trojans include the ability to mail the victim\92s IP and/or message the attacker via ICQ or IRC. This system is used when the victim has a dynamic IP, that is, every time he connects to the Internet, he is assigned a different IP (most dial-up users have this). ADSL users have static IPs, meaning that in this case, the infected IP is always known to the attacker; this makes it considerably easier for an attacker to connect to your machine.

       Most Trojans use an auto-starting method that allows them to restart and grant an attacker access to your machine even when you shut down your computer.

How Trojan Horses Are Installed ?
Infection from Trojans is alarmingly simple. Following are very common ways to become infected that most computer users perform on a very regular basis.
Software Downloads
Websites containing executable content (ActiveX control)
Email Attachments
Application Exploits (Flaws in a web applications)
Social Engineering Attacks

The Removal :-
Antivirus software is designed to detect and delete Trojan horses ideally preventing them from ever being installed.
-: Popular Trojans :-

1) NetBus :-



Latest Version: NetBus 2.10 Pro
Developer: Carl-Fredrik Neikter
Default Port: 20034 (variable)
Language: Delphi
Operating System: Windows 95/98, NT4 or later
Type: Remote Access
Download:   NB2ProBeta.zip







2) Back Orifice XP :-



Latest Version: BOXP Beta 7
Developer: Javier Aroche
Default Port: 15380
Language: Microsoft Visual C++ 6.0
Operating System: Windows 95/98/ME/NT/2000/XP
Type: Remote Access
Download:   boxp_beta7_bin.zip



3) SubSeven / Sub7 :-



Latest Version: SubSeven 2.2
Developer: Mobman
Default Port: 1080, 1369, 5873, 27374 (variable)
Language: Delphi
Operating System: Windows 95/98/ME/NT/2000
Type: Remote Access, Keylogger, Eavesdropper, Sniffer, Proxy server, FTP server
Download:   Subseven.2.2.zip



4) Beast :-



Latest Version: Beast 2.07
Developer: Tataye
Default Port: 6666
Language: Delphi
Operating System: Windows 95/98/ME/NT/2000/XP
Type: Remote Access, Keylogger
Download:   Beast_2.07.rar



-: The NetBus Trojan :-

NetBus was written in Delphi by Carl-Fredrik Neikter, a Swedish programmer in March 1998.

It is capable of :--
Open/Close CD-ROM
Show optional BMP/JPG image
Swap mouse buttons
Start optional application
Play a wav file
Control mouse
Show different kind's of messages
Shut down Windows
Download/Upload/Delete files
Go to an optional URL
Send keystrokes and disable keys
Listen for and send keystrokes
Take a screendump
Increase and decrease the sound-volume
Record sounds from the microphone
Make click sounds every time a key is pressed
This utility also has the ability to scan "Class C" addresses by adding "+Number of ports" to the end of the target address. Example: 255.255.255.1+254 will scan 255.255.255.1 through 255.

NetBus 2.0 Pro :- It was completely re-written and re-designed. It now has increased features such as improved GUI for client and server, improved file manager, windows manager, registry manager, plugin manager, capture of web cam images, n...more............!

Following is the stepwise procedure for installation and configuration of NetBus 2.0 Pro (server and client).

1) Download NetBus 2.0 Pro. from here -   NB2ProBeta.zip

2) Extract and install properly on your system.

3) After installation you will find the two shortcuts in the NetBus installation directory.

     This is to be executed on victim's system.      
     This is to be executed on your system.   


4) By Executing the 'NetBus Server' (on victim's computer), you will be greeted by a window as shown in figure (left). Click on 'Settings' button.
Here you can configure server settings such as port no, password, visibility, auto/manual start, etc. as shown in figure (right).

         

Click on 'OK' button to finish NetBus Server settings.
Then close the NetBus Server window.

5) By executing 'NetBus' (i.e. client)(on your system), you will be greeted by a window as shown below-


6) To add a new host go to the menu 'Host' and then click 'New'. This is as shown in figure (left).
Here you should enter the proper Destination(e.g. 'My Computer'), IP Address(eg. 72.232.50.186), TCP Port(by default 20034), Username/Password(exactly same as that of 'NetBus Server') for target computer.

         

Click on 'OK' to finish the addition of new host.

7) Now you are ready to connect with target(victim's) computer.
To do so, select the host from main window then go to 'Host' menu and then click 'Connect'.

8) After client get connected with server(target computer), you can use any of the features of 'NetBus Trojan' as listed above. You can see all these tools on 'Toolbar' of NetBus Client.

0 comments: