Malware 195
Operations that could be performed by a hacker on a target computer system include these:
■ Stealing data
■ Installing software
■ Downloading or uploading files
■ Modifying files
■ Installing keyloggers
■ Viewing the system user’s screen
■ Consuming computer storage space
■ Crashing the victim’s system
Before we get too far on the subject of Trojans, you need to know about covert and overt
channels. A Trojan relies on these items:
■ An overt channel is a communication path or channel that is used to send information
or perform other actions. HTTP or TCP/IP are examples of communication
mechanisms that can and do send information legitimately.■ A covert channel is a path that is used to transmit or convey information but does so
in a way that is illegitimate or supposed to be impossible. The covert channel violates
security policy on a system.
Why would an attacker wish to use a Trojan instead of a virus? The reason typically
is because a Trojan is more stealthy, coupled with the fact that it opens a covert channel
that can be used to transmit information. The data transmitted can be a number of items,
including identity information.
An Unknowing Victim?
The following is an excerpt from a story that was originally published on http://zdnet.co.uk:
Julian Green, 45, was taken into custody last October after police with a search warrant
raided his house. He then spent a night in a police cell, nine days in Exeter prison and
three months in a bail hostel. During this time, his ex-wife won custody of his seven-year-
old daughter and possession of his house.
This is thought to be the second case in the UK where a Trojan defense has been used to
clear someone of such an accusation. In April, a man from Reading was found not guilty
of the crime after experts testified that a Trojan could have been responsible for the
presence of 14 child porn images on his PC.
Trojan horses can be used to install a backdoor on a PC, allowing an attacker to freely
access the computer. Using the backdoor, a malicious user can send pictures or other
files to the victim’s computer or use the infected machine to access illegal websites, while
hiding the intruder’s identity. Infected machines can be used for storing files without the
knowledge of the computer’s owner.