iman-net
Navigation
  Tojan horses
 

Tojan horses



Trojan horses

A Trojan horse is a computer program which carries out malicious operations without the user's knowledge. The name "Trojan horse" comes from a legend told in the Iliad (by the writer Homer) about the siege of the city of Troy by the Greeks.

Legend has it that the Greeks, unable to penetrate the city's defences, got the idea to give up the siege and instead give the city a giant wooden horse as a gift offering.

The Trojans (the people of the city of Troy) accepted this seemingly harmless gift and brought it within the city walls. However, the horse was filled with soldiers, who came out at nightfall, while the town slept, to open the city gates so that the rest of the army could enter.

Thus, a Trojan horse (in the world of computing) is a hidden program which secretly runs commands, and usually opens up access to the computer running it by opening a backdoor. For this reason, it is sometimes called a Trojan by analogy to the citizens of Troy.

Like a virus, a Trojan horse is a piece of harmful code placed within a healthy program (like a false file-listing command, which destroys files instead of displaying the list).

A Trojan horse may, for example:

  • steal passwords;
  • copy sensitive date;
  • carry out any other harmful operations;
  • etc.

 

Worse, such a program can create an intentional security breach within your network, so as give outside users access to protected areas on the network.

The most common Trojan horses open machine ports, allowing their designer to gain entry to your computer over the network by opening a backdoor or backorifice.

  A Trojan horse is not necessarily a virus, as its goal is not to reproduce itself to infect other machines. On the other hand, some viruses may also be Trojan horses; that is, they might spread like viruses and open ports on infected machines!

Detecting such a program is difficult because you must be able to determine whether an action is being carried out by the Trojan horse or by the user.

Symptoms of infection

 

Infection by a Trojan horse usually comes after opening a contaminated file containing the Trojan horse (see the article on protecting yourself from worms) and is indicated by the following symptoms:

  • Abnormal activity by the modem, network adapter or hard drive: data is being loaded without any activity from the user;
  • Strange reactions from the mouse;
  • Programs opening unexpectedly;
  • Repeated crashes.

Principle of a Trojan horse

 

As a Trojan horse is usually (and increasingly) intended to open a port on your machine so that a hacker can gain control of it (such as by stealing personal data stored on the hard drive), the hacker's goal is to first infect your machine by making you open an infected file containing the Trojan and then to access your machine through the opened port.

However, to be able to infiltrate your machine, the hacker normally has to know its IP address. So:

  • Either you have a fixed IP address (as with businesses, or with individuals with a cable or similar connection, etc.) in which case your IP address can easily be discovered;
  • or your IP address is dynamic (reassigned each time you connect), as with modem connections; in which case the hacker must scan IP addresses at random in order to detect those which correspond to infected machines.

Protect yourself from Trojans

 

Installing a firewall (a program which filters data entering and leaving your machine) is enough to protect you from this kind of intrusion. A firewall monitors both data leaving your machine (normally initiated by the programs you are using) and data entering it. However, the firewall may detect unknown outside connections even if a hacker is not specifically targeting you.. They may be tests carried out by your Internet service provider, or a hacker randomly scanning a range of IP addresses.

For Windows systems, there are two free high-performance firewalls:

  • ZoneAlarm
  • Tiny Personal Firewall

In case of infection

 

If a program whose origins you are unsure of attempts to open a connection, the firewall will ask you to confirm it before initiating the connection. It is important to not authorise connections for a program you don't recognise, because it might very well be a Trojan horse.

If this reoccurs, it may be helpful to check that your computer isn't affected by a Trojan, by using a program that detects and deletes them (called an anti-Trojan).
One example is The Cleaner, which can be downloaded from http://www.moosoft.com/.

List of ports commonly used by Trojans

 

Trojan horses commonly open a port on the infected machine and wait for a connection to open on that port, so that hackers will be able to gain total control over the computer. Here is a (non exhaustive) list of the most common ports used by Trojan horses (source: Site de Rico):

port Trojan
21 Back construction, Blade runner, Doly, Fore, FTP trojan, Invisible FTP, Larva, WebEx, WinCrash
23 TTS (Tiny Telnet Server)
25 Ajan, Antigen, Email Password Sender, Happy99, Kuang 2, ProMail trojan, Shtrilitz, Stealth, Tapiras, Terminator, WinPC, WinSpy
31 Agent 31, Hackers Paradise, Masters Paradise
41 Deep Throat
59 DMSetup
79 FireHotcker
80 Executor, RingZero
99 Hidden port
110 ProMail trojan
113 Kazimas
119 Happy 99
121 JammerKillah
421 TCP Wrappers
456 Hackers Paradise
531 Rasmin
555 Ini-Killer, NetAdmin, Phase Zero, Stealth Spy
666 Attack FTP, Back Construction, Cain & Abel, Satanz Backdoor, ServeU, Shadow Phyre
911 Dark Shadow
999 Deep Throat, WinSatan
1002 Silencer, WebEx
1010 to 1015 Doly trojan
1024 NetSpy
1042 Bla
1045 Rasmin
1090 Xtreme
1170 Psyber Stream Server, Streaming Audio Trojan, voice
1234 Ultor trojan
port 1234 Ultors Trojan
port 1243 BackDoor-G, SubSeven, SubSeven Apocalypse
port 1245 VooDoo Doll
port 1269 Mavericks Matrix
port 1349 (UDP) BO DLL
port 1492 FTP99CMP
port 1509 Psyber Streaming Server
port 1600 Shivka-Burka
port 1807 SpySender
port 1981 Shockrave
port 1999 BackDoor
port 1999 TransScout
port 2000 TransScout
port 2001 TransScout
port 2001 Trojan Cow
port 2002 TransScout
port 2003 TransScout
port 2004 TransScout
port 2005 TransScout
port 2023 Ripper
port 2115 Bugs
port 2140 Deep Throat, The Invasor
port 2155 Illusion Mailer
port 2283 HVL Rat5
port 2565 Striker
port 2583 WinCrash
port 2600 Digital RootBeer
port 2801 Phineas Phucker
port 2989 (UDP) RAT
port 3024 WinCrash
port 3128 RingZero
port 3129 Masters Paradise
port 3150 Deep Throat, The Invasor
port 3459 Eclipse 2000
port 3700 portal of Doom
port 3791 Eclypse
port 3801 (UDP) Eclypse
port 4092 WinCrash
port 4321 BoBo
port 4567 File Nail
port 4590 ICQTrojan
port 5000 Bubbel, Back Door Setup, Sockets de Troie
port 5001 Back Door Setup, Sockets de Troie
port 5011 One of the Last Trojans (OOTLT)
port 5031 NetMetro
port 5321 FireHotcker
port 5400 Blade Runner, Back Construction
port 5401 Blade Runner, Back Construction
port 5402 Blade Runner, Back Construction
port 5550 Xtcp
port 5512 Illusion Mailer
port 5555 ServeMe
port 5556 BO Facil
port 5557 BO Facil
port 5569 Robo-Hack
port 5742 WinCrash
port 6400 The Thing
port 6669 Vampyre
port 6670 Deep Throat
port 6771 Deep Throat
port 6776 BackDoor-G, SubSeven
port 6912 Shit Heep (not port 69123!)
port 6939 Indoctrination
port 6969 GateCrasher, Priority, IRC 3
port 6970 GateCrasher
port 7000 Remote Grab, Kazimas
port 7300 NetMonitor
port 7301 NetMonitor
port 7306 NetMonitor
port 7307 NetMonitor
port 7308 NetMonitor
port 7789 Back Door Setup, ICKiller
port 8080 RingZero
port 9400 InCommand
port 9872 portal of Doom
port 9873 portal of Doom
port 9874 portal of Doom
port 9875 portal of Doom
port 9876 Cyber Attacker
port 9878 TransScout
port 9989 iNi-Killer
port 10067 (UDP) portal of Doom
port 10101 BrainSpy
port 10167 (UDP) portal of Doom
port 10520 Acid Shivers
port 10607 Coma
port 11000 Senna Spy
port 11223 Progenic trojan
port 12076 Gjamer
port 12223 Hack�99 KeyLogger
port 12345 GabanBus, NetBus, Pie Bill Gates, X-bill
port 12346 GabanBus, NetBus, X-bill
port 12361 Whack-a-mole
port 12362 Whack-a-mole
port 12631 WhackJob
port 13000 Senna Spy
port 16969 Priority
port 17300 Kuang2 The Virus
port 20000 Millennium
port 20001 Millennium
port 20034 NetBus 2 Pro
port 20203 Logged
port 21544 GirlFriend
port 22222 Prosiak
port 23456 Evil FTP, Ugly FTP, Whack Job
port 23476 Donald Dick
port 23477 Donald Dick
port 26274 (UDP) Delta Source
port 27374 SubSeven 2.0
port 29891 (UDP) The Unexplained
port 30029 AOL trojan
port 30100 NetSphere
port 30101 NetSphere
port 30102 NetSphere
port 30303 Sockets de Troie
port 30999 Kuang2
port 31336 Bo Whack
port 31337 Baron Night, BO client, BO2, Bo Facil
port 31337 (UDP) BackFire, Back Orifice, DeepBO
port 31338 NetSpy DK
port 31338 (UDP) Back Orifice, DeepBO
port 31339 NetSpy DK
port 31666 Bo Whack
port 31785 Hack�a�Tack
port 31787 Hack�a�Tack
port 31788 Hack�a�Tack
port 31789 (UDP) Hack�a�Tack
port 31791 (UDP) Hack�a�Tack
port 31792 Hack�a�Tack
port 33333 Prosiak
port 33911 Spirit 2001a
port 34324 BigGluck, TN
port 40412 The Spy
port 40421 Agent 40421, Masters Paradise
port 40422 Masters Paradise
port 40423 Masters Paradise
port 40426 Masters Paradise
port 47262 (UDP) Delta Source
port 50505 Sockets de Troie
port 50766 Fore, Schwindler
port 53001 Remote Windows Shutdown
port 54320 Back Orifice 2000
port 54321 School Bus
port 54321 (UDP) Back Orifice 2000
port 60000 Deep Throat
port 61466 Telecommando
port 65000 Devil

 
  34747 visitors  
 

Enter your friend Email and the subject of the message

E.mail

The subject of the message

This website was created for free with Own-Free-Website.com. Would you also like to have your own website?
Sign up for free