Where to find detailed information on Trojans and Spyware

Where to find detailed information on Trojans and Spyware: Posted by Luke on April 22nd, 2006; Hi,
I am looking for a point in the right direction,
I will soon be moving fields into the field of internet banking security.
Obviously my employer will provide training but I am trying to do some of my
own research before hand. I have found many sites with information
about Trojans and Spyware (the main interests in internet banking security)
but all they really contain is information on what to do when you have one
on your pc and a one line definition of what one is.
The sort of information that I am looking for is exactly what a Trojan looks
like,
what each individual part of a Trojan does, how it does it so I can analyse
individual Trojans and other Malware. I guess the reason this information
is hard to come by is the fact that it would also be useful to potential
Malware makers as well but if anyone
could give me a point in the right direction it would be greatly
appreciated.

Cheers
Luke; Posted by Gabriele Neukam on April 22nd, 2006; On that special day, Luke, (1lucifer@mail.tpg.com.au) said...

This is impossible. Some sites do produce newly compiled trojans by the
second, see news:Message-ID: <BEc2g.66$BO2.14@trnddc02>

There are trojans by the tens of thousands, literally, you'll never be
able to see them all. This site uses the changing-of-clothes trick,
because this will prevent the trojan to be detected by common anti
virus programs. Even if someone becomes suspicious and sends the
specific file in that (s)he downloaded, the resulting signature is
close to worthless, as it doesn't help detecting the umpteen other
variants produced by this site.

As a result, the trojan will go unnoticed by 99.9% of the recipients.
They will not send it in. There is no detection, and without detection,
there is no information of *any* kind, what this trojan really does.
The only way to find it out, is to set up a victim machine and try to
check its communication attempts with ethereal, skimming the results
for suspicious actions, which can be very difficult, especially if the
communication is encrypted.

Don't expect that you will ever know exactly, what any given trojan
does; there are always bad surprises possible. The only way to make
sure that an infected machine will be free from *anything* after a
treatment, is

from
http://www.microsoft.com/technet/com...mt/sm0504.mspx

"The only way to clean a compromised system is to flatten and rebuild.
That?s right. If you have a system that has been completely
compromised, the only thing you can do is to flatten the system
(reformat the system disk) and rebuild it from scratch (reinstall
Windows and your applications). Alternatively, you could of course work
on your resume instead, but I don?t want to see you doing that."

please read also
http://www.microsoft.com/technet/arc...s/security/ess
ays/10imlaws.mspx?mfr=true

about what you have to keep in mind, security wise. It doesn't look
pretty, but is much more close to the truth than the one-two-three-
steps-to security that MS offers to the average non computer savvy
user.

Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de

--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.; Posted by edgewalker on April 22nd, 2006; "Luke" <1lucifer@mail.tpg.com.au> wrote in message news:4449cde2$1@dnews.tpgi.com.au...

By definition, it "looks like" something other than what it really is, or more
correctly the user is somehow led to believe it is something other than what
it actually is. Some will add that the actual function must be "unwanted" by
the user.

So...

The "trojan" is defined completely subjectively in the "eye of the beholder" so
to speak. What one actually does is completely open. Some trojan functions
will even take the program beyond simple trojan classification i.e. if it replicates
itself it becomes virus, worm, or worse - which one being dependent on other
attributes.

You need more terminology to search for typical functions executed as a
result of trojan attack.

Dropper (creates a program file and executes the program)
Injector (inserts new code into an existing process)
Downloader (downloads a program file and executes the program)
Bomb (explodes - not really, but use your imagination here)
RAT (Remote Administration Tool/Remote Access Trojan)
This example also shows how a legitimate tool can be used maliciously
especially when (as usual) it is installed by a trojan program. Some use
"backdoor" and "trapdoor" as the trojan, but more correctly it was the
program that installed it surrepticiously that was the trojan (installer).
Exploit (software, though not necessarily a program, designed to leverage a
vulnerability in other software)

This is by no means an exhaustive listing, and I'm sure many posters can expand
on it. The main thing to remember is that the trojan is defined not on what it does
but on that it does something that the user neither expects nor wants. What it does
will allow it to be further classified less subjectively according to its function.

Spyware contributes to information leaking out of a system, and adware contributes
to advertising being served into a system. You can see how 'contributes' will lead
to an overlap of these two items, an advertiser may want to cause data leakage so
they can more effectively serve ads that you will respond favorably to.

No, it is just that "trojan" is too non-specific.

That way ----->> then take the first right after the "Google" sign. )

HTH

Similar Posts

Trojans, viruses, spyware, malware.. ALL ON ONE PC!?! Incredibal S (Microsoft Windows) by dragonfly
Looking for Website Information On Trojans (Virus & Worms) by Haggar
Where can i find more detailed info about SOA in CRM 2005? (Windows CRM) by ED
Where to find more detailed INF description? (Drivers) by Holi
the ulimate answre to spyware,trojans,adaware and pop ups (Computers & Technology) by EDWARD DOYLE