Viruses or Virii (plural) have been raging havoc on privately and publicly owned computer systems since the dawn of Computers. They originate from malicious writers or ‘coders’ who spend their time write these viruses. Most viruses are designed to intercept other files, and attach themselves to them; almost all viruses are less than 50 kilobytes in size.
Most virus writers are under the age of 15 and initially spread their creations through a School or College network, then distribute them on the Internet using illegal software piracy, free games or email to accelerate the process. There are so many viruses today that nearly all virus databases fail to hold a complete list of viruses. This is mostly because we don’t know about 60% of them, most of these viruses are still locked up on disks or old hard disks or haven’t even been compiled or tested, some virus writers only write viruses for pleasure and sometimes they are never released into ‘The Wild’ – meaning distributed to innocent people.
Most viruses today are variants of other successful viruses. When the CIH virus was first detection, it caused major damage to other 50,000 companies and services worldwide in its first week of ‘The Wild’. Within a matter of weeks there were variants (variations) of the same virus under different names or distribution packages (delivery program of the virus) or sizes.
Viruses can travel across entire networks of computers including the Internet; this makes viruses very hard to remove because if one networked system is infected, then it is very likely that most other systems are infected. All viruses are designed to perform these types of transformations, they are not a ‘spawned’ program designed by the computer alone – if something was designed to do something, and then there must be a designer.
Trojan Horse viruses however, are not programmed to automatically perform certain tasks, they have remote controllers or amateur Hackers who control the Trojan Horse virus remotely when you are connected to the Internet or a local network. The remote Hacker could be in another country, in your country, in your state, in your city or your neighbor. Trojan Horse viruses become smarter and more powerful over time, the writers must program their creations to perform specific tasks when the Hacker sends the command. All Trojan Horse viruses consist of a Client and a Server. The Server (or RAT, Remote Administration Tool) is the dangerous part of the Virus, once run on your system it installs itself and adds vital Registry or Initialization Auto-Start procedures to ensure it automatically loads when you turn your computer on.
The Client (or Remote Controller) is a program that is designed for a Hacker, it has a ‘sloppy’ interface and spelling mistakes and abbreviations are common. Each Client is designed for one Trojan Horse virus, you cannot mix Clients and Server, because both the Client and Server know each other’s commands.
Hackers use specially developed ‘Port Scanners’ which scout the Internet for Servers, once an Hacker scans your computer, it will log the data on his/her computer. This type of task is usually performed ‘on-the-fly’ when the Hacker is sleeping or not using his/her computer. When the Hacker returns, he/she connects to all of found Servers with the correct Clients, then begins Hacking and controlling remote computers.
If you are not protected, your computer could be on this list, along with your data! Trojan Horse viruses are loaded on your computer most commonly if you download illegal pirate software, small games or run uncertified email attachments. In 90% of installations of Trojan horse viruses you will run a executable that appears to be legitimate but is in fact a Trojan Horse virus. It will open a ‘backdoor’ on your system for the Hacker to walk through without you knowing. In more advanced terms, when you run an executable that is a Trojan Horse virus it opens a Port or Socket on your system for a Hacker to freely send and receive data.
Thus, slowing your Internet connection in the process, because of the extra load and less bandwidth. Remote Administration Tools (or RATs) are a non-malicious type of Trojan Horse, they are specially developed programs that allow you to remotely connect to your system from another system, it does this in much the same way as a Trojan Horse virus.
Symantec’s PCANYWHERE is a prime example of Remote Administration Tool (or RAT), it allows you to remotely access your system from a remote system, it offers password locks to avoid unauthorized connections and the unique thing about it is that it gives a Virtual Screen of exactly what the screen looks like on the remote system. Very handy for System Administrators who want to access their system at home from work to upload and/or download files. RATs are used widely in the United Kingdom by British Gas, British Telecom and Eastern Electricity; they provide a means of working from home and still being able to work in the Office – but remotely. So not only is the concept of the Trojan Horse malicious but it can also provide a vital role in Work of the 21st Century.