194 Chapter 8 ■ Trojans, Viruses, Worms, and Covert Channels
Scareware has become more common over the last few years as users
have become more knowledgeable and malware authors have had to
change their tactics. Enticing users to click realistic dialogs and presenting
real-looking error messages can be powerful ways to place illicit software
on a user’s system.Trojans
One of the older and potentially widely misunderstood forms of malware is the Trojan.
Simply put, a Trojan is a software application that is designed to provide covert access to
a victim’s system. The malicious code is packaged in such a way that it appears harmless
and thus gets around both the scrutiny of the user and the antivirus or other applications
that are looking for malware. Once on a system, its goals are similar to those of a virus or
worm: to get and maintain control of the system or perform some other task.
A Trojan infection may be indicated by some of the following behaviors:
■ The CD drawer of a computer opens and closes.
■ The computer screen changes, either flipping or inverting.
■ Screen settings change by themselves.
■ Documents print with no explanation.
■ The browser is redirected to a strange or unknown web page.
■ The Windows color settings change.
■ Screen saver settings change.
■ The right and left mouse buttons reverse their functions.
■ The mouse pointer disappears.
■ The mouse pointer moves in unexplained ways.
■ The Start button disappears.
■ Chat boxes appear on the infected system.
■ The Internet service provider (ISP) reports that the victim’s computer is running port
scans.
■ People chatting with you appear to know detailed personal information.
■ The system shuts down by itself.
■ The taskbar disappears.
■ Account passwords are changed.
■ Legitimate accounts are accessed without authorization.
■ Unknown purchase statements appear in credit card bills.
■ Modems dial and connect to the Internet by themselves.
■ Ctrl+Alt+Del stops working.
■ When the computer is rebooted, a message states that other users are still connected.