Hackers have written Trojan horses in practically every programming language, including MS-DOS batch files and BASIC. The choice of programming language isn't as important as creating a Trojan that can avoid detection, install itself without the victim's knowledge, and do its work. Still, the two most popular programming languages for writing RATs are C/C++ (Back Orifice, for example) and Delphi (NetBus), because both languages can create small programs that can be stored in a single executable file.
While it's possible to write a RAT in a language like Visual Basic, the
Some Trojans are easier to write than others. A Trojan horse that mimics a login screen to steal passwords will be much easier to write than a remote access Trojan. To help each other out, many hackers provide the source code for their Trojans on hacker sites. Hackers can then study the source code and try to write a new Trojan from scratch or modify the source code to create a new variant instead.
Another way to get source code to create a Trojan horse is to copy the code from any open source project. (Linux is the most famous
To protect yourself against Trojan horses, use a combination of different protective tools and a little common sense.
First of all, make sure you know who has access to your computer. Lock it up, password protect it, or disconnect it from a network if you're not using it.
Second, be careful where you get your software. Anytime someone
When downloading software, download only from the software publisher's official website. If you download a program from another website, someone could have inserted a Trojan horse into that program. Many hacker
But no matter how careful you may be with your computer, someone could also slip a Trojan horse on your computer in your absence. To further protect yourself, consider installing a rollback program, an antivirus program, a firewall, and an anti–Trojan horse program.
One of the biggest problems with today's software is that much of it, once installed, seems to muck up even
Although originally designed to protect against software conflicts, rollback programs can also protect your computer against viruses or Trojans. The moment a Trojan wipes out your data, run your rollback program to return your computer to the state it was in before the Trojan horse wiped out your hard disk.
While rollback programs can recover your computer from damage caused by a Trojan horse, virus, or even hard disk crash, they can't prevent problems from happening in the first place. But when used together with frequent
Some of the more popular rollback programs that you can buy include ConfigSafe (http://www.imagine-lan.com), FlashBack (http://www.aladdinsys.com), GoBack (http://www.
Although antivirus programs are designed to detect and remove computer viruses, many can also detect and remove the client files of the more common RATs. However, antivirus programs may only recognize the most popular Trojans, so they may not protect you against lesser-known, destructive Trojans, RATs, or custom Trojans. Consider an antivirus program a supplement to the defense of your computer, but not your sole defense against Trojan horses.
can isolate your computer network from any outside threats (see Figure 8-4). While a firewall can't remove a Trojan horse, it can monitor and shut down external traffic
Figure 8-4: A firewall can monitor specific ports and notify you if any are being used without your knowledge.
Some of the more popular firewalls include: BlackICE PC Protection (http://www.iss.net), Personal Firewall (http://www.
Your best defense against a Trojan horse is to install a program
Figure 8-5: An anti–Trojan horse program knows how to detect and remove dangerous Trojan horses before they have a chance to attack your computer.
Unlike firewalls that can block ports that would allow access to your computer through a network or the Internet, anti–Trojan horse programs can monitor open ports for suspicious behavior associated with Trojan horse activity. The moment a RAT tries to access or open a port on your computer, an anti–Trojan horse program can detect the activity, find the Trojan horse, and kill it.
Like antivirus programs, anti–Trojan horse programs must be constantly updated to protect against the latest Trojans. Some popular anti–Trojan horse programs include: Hacker Eliminator (http://hacker-eliminator.com), Tauscan (http://www.agnitum.com), TDS-3: Trojan Defence Suite (http://tds.diamondcs.com.au), NetSpyHunter (http://www.netspyhunter.com), Anti-Trojan (http://www.anti-trojan.net), and The Cleaner (http://www.moosoft.com).
Since hackers often target each other, many hackers have written their own tools to remove specific Trojan horses from their computers. Unlike general purpose anti–Trojan horse programs that scan for all known Trojan horses, hacker Trojan horse–removing programs are
To find a hacker anti–Trojan horse program, look for programs with