Trojan Horse/Spyware Attacks What is Spyware? Spyware is often referred to as data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This rather comprehensive listing of the varying types and degrees of sypware is from the Lavasoft website who produces one of the best as well as free detectors, Adaware. This type of annoyance enters your computer through vulnerabilities which could include email that's not monitored by virus programs, popups, or by just going to certain sites and logging on. Many are nothing more than data miners which look for advertising information such as what part of the world you live in etc., to those that will brand your programs with information and steal your browser's homepage. Some have the capabilities of telling your computer to dial certain numbers automatically. Data miner The application is designed to collect information about the user and does so actively. This may or may not include transmission of the information to a remote server, but the server is owned by the company producing the detected application and more importantly, the information collected is disclosed to the user via privacy policy and/or licensing.  Malware These are malicious software designed to do harm to a user's system or to other systems that is not specifically a VIRUS.  Monitoring Tool This category includes remote access Trojans (RATs), Root Kits, etc. Vulnerability The application employs the use of system and/or security vulnerabilities to install on a system and to operate.  Misc This category is for use with applications that do not fall within the other categories but are noteworthy for the user due to matching criteria listed in the TAC. The criteria however do not point in the direction of a specific detection category. Dialer The application is designed to change the user's DUN (Dial Up Networking) settings to dial numbers that the user does not know about, to connect to a number in stealth, and/or to avoid being detected by the user such as dialing expensive connections where the user has not authorized the connection. Worm This is a self-replicating virus, Trojan, and/or virus designed to propagate across many systems and/or networks. While Ad-Aware does include some well know virus, Trojan, and worm content, it is not an antivirus or antitrojan solution so it is important to make sure that you have a specific solution installed on your system and/or network. MRU This is a listing of the Most Recently Used lists stored in your registry. They are harmless and consist only of things such as the most recent document you opened. They are included in Ad-Aware due to requests from users and to highlight the fact that they are harmless where some antispyware applications will list them as being potentially harmful in an attempt to appear to detect more content than they actually do.  Spyware These applications collect information, may or may not install in stealth, and are designed to transmit that information to 2nd, or 3rd parties covertly employing the user's connection without their consent and knowledge. The word defines the actual intent; this is software (ware) that is designed to collect information in secret (spy).  Adware This is content that is designed to display advertising to the user that may not be expected or wanted. While some also categorize advertising applications that may include tracking features or capabilities as Adware, we place them within more descriptive categories such as Trackware or Data Miner to provide more information to the user. Most often included in freeware bundles or as additional (and/or required) content with shareware. Adware is generally innocuous and consumers may want to remove this content if they no longer wish to receive the advertising content. They may wish to keep them though if the programs are required for the use of a host application. Trackware This category is separate from Data Miners in that it is passive in nature. This category can and does include content such as tracking cookies and those that collect only anonymous information like GUID's and/or sites visited, etc and does not include personally identifiable information.  Exploit The application employs the use of a software or system exploit to install and/or operate.  Keylogger This category is for applications that are designed to record and/or transmit keystroke information.  Annoyware This is a special type of Adware that causes an excessive number of popups/popunders, is designed to force advertising even when not connected to the internet, can cause noticeable system and/or bandwidth slowdowns, and in general is intrusive to the point of frustrating the system user.  Hijacker These applications are designed to hijack the user's home page, HOSTS file, browser favorites, chosen search engine, and/or system settings. While there are many adware variations, the fact remains that you need to keep them off your computer for the sake of privacy, speed of browsing, or just to keep your browsing habits from roaming eyes. Two excellent programs, both free, which can scan and fix most adware problems include Lavasoft's Adaware and Moosoft's SpyBot. Downloading details can be found on the Tools and Links page using the button at the left. One of the best ways to avoid spyware is to block popups. While many sites use popups for information you need to see, most popups are for ads and useless information that slows your browsing and can lead to spyware. Many programs are available to block popups and many browsers such as Opera and Firefox have built in popup blockers. Presently, Internet Explorer does not and if you use that browser, you will have to piggyback a popup blocking program with it. One good application for this is Popup Cop. While this is not a free program, you can download it and try it before buying by clicking here.     What is a trojan horse? The Trojan Horse is aptly named for its Greek mythology counterpart. The Greeks built and hid inside a gift of a giant horse, only to find after they took it into their fortified Troy, it became an instrument of war as the cleverly hidden soldiers slid from the horse, opened the doors and allowed their fellows to enter. Trojan Horses are executable programs, which mean that when the file is opened, it will run and perform some action(s). In the Windows operating system, executable programs have file extensions like "exe", "vbs", "com", "bat", "pif", "scr", "lnk", or "js". Some of the common trojan horse filenames include names like "dmsetup.exe", "Movie.avi.pif", and "LOVE-LETTER-FOR-YOU.TXT.vbs."  The perp will send you an innocent looking file which unknowingly, you open and maybe even enjoy running. It could be spread disguised as literally anything people find desirable, such as a free game, e-mails, pictures, mp3 song, clip art, you name it. You could even download a trojan from a WWW or FTP archive, ICQ file exchange, or through IRC programs. When you open the file, you begin its dirty work and it imbeds itself on your computer. Many people use Outlook or Outlook Express as their mail program. There are certain safeguards that you can setup to help eliminate trojans from entering through e-mail. See the Tools & Links page. How does the trojan horse work? A trojan horse allows another user other than yourself, to propagate a program within your computer that will allow them to take control of your operating system. With this control, they can do everything you can do-save and delete files, open Windows Explorer, see your complete hard drive etc., operate your other drives like access a CD, and even use the control panel to change settings. Whereas a trojan horse can be used in a positive way by networking administrators and technicians to actually log into your computer, assume control, or manage files, the trojan horse you might run into online, has nothing good in mind. Additional basics can be found at Trojan Horse Attacks by Joseph Lo. What could happen if you have a trojan horse? Many trojan horses also allow crackers (aka "hackers") to take over your computer and "remote control" it. They can literally do everything you can do sitting at your keyboard. In fact, many programs actually enable the hacker to do more than you can.  It's possible the other user could take control of your computer, log online, and browse the net using your computer.  Technical particulars- How do they work? Protect2000 website gives this description: There are 65535 ports or entries available. A posible intruder will try to find out, if  and what ports on your system are opened. Usually, there will be several.  After finding an open port, the hacker will try to install the server software on your system,or, in case you have already been infected, will discover the server. Once the server is found, the hacker can use his client software; think of it as a remote control. Depending on the kind of server, the hacker can do many things; in the worst case he (or she) will take over your system completely, use your e=mail program, up or download files, listen in if you have an open mic, corrupt your data and files, make your pc crash and even format your C disk or other disks. Scary? You bet. Trojan programs- Apparently, the trojan horse idea was used by some computer companies a few years back for technical assistance. If a user had problems, they would call support at the company, the tech would use a remote access program, a trojan horse, and get into their computer, look at it, and hopefully fix it on the spot. Great idea had others not figured out ways to use it who had other ideas in mind. Several notable and common trojan horse programs are BackOriface, NetBus, and Remote Administrator. Listing of ports trojans will "sniff" out- Through some internet research, this listing of ports and the trojans that typically use them is only helpful if you have a firewall program operating that will report which port is being probed. Zone Alarm will do this as well as others. The list of ports is as follows and lock up these ports....protect yourselves: 2 - Death 21 - Back Construction, Blade Runner, Doly Trojan, Fore, FTP trojan, Invisible FTP, Larva, MBT, Motiv, Net Administrator, Senna Spy FTP Server, WebEx, WinCrash 23 - Tiny Telnet Server, Truva Atl 25 - Aji, Antigen, Email Password Sender, Gip, Happy 99, I Love You, Kuang 2, Magic Horse, Moscow Email Trojan, Naebi, NewApt, ProMail trojan, Shtrilitz, Stealth, Tapiras, Terminator, WinPC, WinSpy 31 - Agent 31, Hackers Paradise, Masters Paradise 41 - DeepThroat 48 - DRAT 50 - DRAT 59 - DMSetup 79 - Firehotcker 80 - Back End, Executor, Hooker, RingZero 99 - Hidden Port 110 - ProMail trojan 113 - Invisible Identd Deamon, Kazimas 119 - Happy 99 121 - JammerKillah 123 - Net Controller 133 - Farnaz, port 146 - Infector 146 (UDP) - Infector 170 - A-trojan 421 - TCP Wrappers 456 - Hackers Paradise 531 - Rasmin 555 - Ini-Killer, NeTAdministrator, Phase Zero, Stealth Spy 606 - Secret Service 666 - Attack FTP, Back Construction, NokNok, Cain & Abel, Satanz Backdoor, ServeU, Shadow Phyre 667 - SniperNet 669 - DP Trojan 692 - GayOL 777 - Aim Spy 808 - WinHole 911 - Dark Shadow 999 - DeepThroat, WinSatan 1000 - Der Spacher 3 1001 - Der Spacher 3, Le Guardien, Silencer, WebEx 1010 - Doly Trojan 1011 - Doly Trojan 1012 - Doly Trojan 1015 - Doly Trojan 1016 - Doly Trojan 1020 - Vampire 1024 - NetSpy 1042 - Bla 1045 - Rasmin 1050 - MiniCommand 1080 - WinHole 1081 - WinHole 1082 - WinHole 1083 - WinHole 1090 - Xtreme 1095 - RAT 1097 - RAT 1098 - RAT 1099 - BFevolution, RAT 1170 - Psyber Stream Server, Streaming Audio trojan, Voice 1200 (UDP) - NoBackO 1201 (UDP) - NoBackO 1207 - SoftWAR 1212 - Kaos 1225 - Scarab 1234 - Ultors Trojan 1243 - BackDoor-G, SubSeven, SubSeven Apocalypse, Tiles 1245 - VooDoo Doll 1255 - Scarab 1256 - Project nEXT 1269 - Mavericks Matrix 1313 - NETrojan 1338 - Millenium Worm 1349 (UDP) - BO DLL 1492 - FTP99CMP 1509 - Psyber Streaming Server 1524 - Trinoo 1600 - Shivka-Burka 1777 - Scarab 1807 - SpySender 1966 - Fake FTP 1969 - OpC BO 1981 - Shockrave 1999 - BackDoor, TransScout 2000 - Der Spaeher 3, Insane Network, TransScout 2001 - Der Spaeher 3, TransScout, Trojan Cow 2002 - TransScout 2003 - TransScout 2004 - TransScout 2005 - TransScout 2023 - Ripper 2080 - WinHole 2115 - Bugs 2140 - Deep Throat, The Invasor 2155 - Illusion Mailer 2283 - HVL Rat5 2300 - Xplorer 2565 - Striker 2583 - WinCrash 2600 - Digital RootBeer 2716 - The Prayer 2773 - SubSeven 2801 - Phineas Phucker 3000 - Remote Shutdown 3024 - WinCrash 3128 - RingZero 3129 - Masters Paradise 3150 - Deep Throat, The Invasor 3456 - Teror Trojan 3459 - Eclipse 2000, Sanctuary 3700 - Portal of Doom 3791 - Eclypse 3801 (UDP) - Eclypse 4000 - Skydance 4092 - WinCrash 4242 - Virtual hacking Machine 4321 - BoBo 4444 - Prosiak, Swift remote 4567 - File Nail 4590 - ICQTrojan 5000 - Bubbel, Back Door Setup, Sockets de Troie 5001 - Back Door Setup, Sockets de Troie 5010 - Solo 5011 - One of the Last Trojans (OOTLT) 5031 - NetMetropolitan 5031 - NetMetropolitan 5321 - Firehotcker 5343 - wCrat 5400 - Blade Runner, Back Construction 5401 - Blade Runner, Back Construction 5402 - Blade Runner, Back Construction 5550 - Xtcp 5512 - Illusion Mailer 5555 - ServeMe 5556 - BO Facil 5557 - BO Facil 5569 - Robo-Hack 5637 - PC Crasher 5638 - PC Crasher 5742 - WinCrash 5882 (UDP) - Y3K RAT 5888 - Y3K RAT 6000 - The Thing 6006 - The Thing 6272 - Secret Service 6400 - The Thing 6667 - Schedule Agent 6669 - Host Control, Vampyre 6670 - DeepThroat, BackWeb Server, WinNuke eXtreame 6711 - SubSeven 6712 - Funny Trojan, SubSeven 6713 - SubSeven 6723 - Mstream 6771 - DeepThroat 6776 - 2000 Cracks, BackDoor-G, SubSeven 6838 (UDP) - Mstream 6912 - Shit Heep (not port 69123!) 6939 - Indoctrination 6969 - GateCrasher, Priority, IRC 3, NetController 6970 - GateCrasher 7000 - Remote Grab, Kazimas, SubSeven 7001 - Freak88 7215 - SubSeven 7300 - NetMonitor 7301 - NetMonitor 7306 - NetMonitor 7307 - NetMonitor 7308 - NetMonitor 7424 - Host Control 7424 (UDP) - Host Control 7789 - Back Door Setup, ICKiller 7983 - Mstream 8080 - RingZero 8787 - Back Orifice 2000 8897 - HackOffice 8988 - BacHack 8989 - Rcon 9000 - Netministrator 9325 (UDP) - Mstream 9400 - InCommand 9872 - Portal of Doom 9873 - Portal of Doom 9874 - Portal of Doom 9875 - Portal of Doom 9876 - Cyber Attacker, RUX 9878 - TransScout 9989 - iNi-Killer 9999 - The Prayer 10067 (UDP) - Portal of Doom 10085 - Syphillis 10086 - Syphillis 10101 - BrainSpy 10167 (UDP) - Portal of Doom 10528 - Host Control 10520 - Acid Shivers 10607 - Coma 10666 (UDP) - Ambush 11000 - Senna Spy 11050 - Host Control 11051 - Host Control 11223 - Progenic trojan, Secret Agent 12076 - Gjamer 12223 - Hack´99 KeyLogger 12345 - GabanBus, My Pics, NetBus, Pie Bill Gates, Whack Job, X-bill 12346 - GabanBus, NetBus, X-bill 12349 - BioNet 12361 - Whack-a-mole 12362 - Whack-a-mole 12623 (UDP) - DUN Control 12624 - Buttman 12631 - WhackJob 12754 - Mstream 13000 - Senna Spy 13010 - Hacker Brazil 15092 - Host Control 15104 - Mstream 16660 - Stacheldracht 16484 - Mosucker 16772 - ICQ Revenge 16969 - Priority 17166 - Mosaic 17300 - Kuang2 The Virus 17777 - Nephron 18753 (UDP) - Shaft 19864 - ICQ Revenge 20001 - Millennium 20002 - AcidkoR 20034 - NetBus 2 Pro, NetRex, Whack Job 20203 - Chupacabra 20331 - Bla 20432 - Shaft 20432 (UDP) - Shaft 21544 - GirlFriend, Kidterror, Schwindler, WinSp00fer 22222 - Prosiak 23023 - Logged 23432 - Asylum 23456 - Evil FTP, Ugly FTP, Whack Job 23476 - Donald Dick 23476 (UDP) - Donald Dick 23477 - Donald Dick 26274 (UDP) - Delta Source 26681 - Spy Voice 27374 - SubSeven 27444 (UDP) - Trinoo 27573 - SubSeven 27665 - Trinoo 29104 - Host Control 29891 (UDP) - The Unexplained 30001 - TerrOr32 30029 - AOL Trojan 30100 - NetSphere 30101 - NetSphere 30102 - NetSphere 30103 - NetSphere 30103 (UDP) - NetSphere 30133 - NetSphere 30303 - Sockets de Troie 30947 - Intruse 30999 - Kuang2 31335 (UDP) - Trinoo 31336 - Bo Whack, ButtFunnel 31337 ["ELEET" port] - Baron Night, BO client, BO2, Bo Facil 31337 (UDP) ["ELEET" port] - BackFire, Back Orifice, DeepBO, Freak> 31338 - NetSpy DK, ButtFunnel 31338 (UDP) - Back Orifice, DeepBO 31339 - NetSpy DK 31666 - BOWhack 31785 - Hack´a´Tack 31787 - Hack´a´Tack 31788 - Hack´a´Tack 31789 (UDP) - Hack´a´Tack 31791 (UDP) - Hack´a´Tack 31792 - Hack´a´Tack 32100 - Peanut Brittle, Project nEXT 32418 - Acid Battery 33333 - Blakharaz, Prosiak 33577 - PsychWard 33777 - PsychWard 33911 - Spirit 2001a 34324 - BigGluck, TN 34555 (UDP) - Trinoo (Windows) 35555 (UDP) - Trinoo (Windows) 37651 - YAT 40412 - The Spy 40421 - Agent 40421, Masters Paradise 40422 - Masters Paradise 40423 - Masters Paradise 40426 - Masters Paradise 41666 - Remote Boot 41666 (UDP) - Remote Boot 44444 - Prosiak 47262 (UDP) - Delta Source 50505 - Sockets de Troie 50766 - Fore, Schwindler 51996 - Cafeini 52317 - Acid Battery 2000 53001 - Remote Windows Shutdown 54283 - SubSeven 54320 - Back Orifice 2000 54321 - School Bus 54321 (UDP) - Back Orifice 2000 57341 - NetRaider 58339 - ButtFunnel 60000 - Deep Throat 60068 - Xzip 6000068 60411 - Connection 61348 - Bunker-Hill 61466 - Telecommando 61603 - Bunker-Hill 63485 - Bunker-Hill 65000 - Devil, Stacheldracht 65432 - The Traitor 65432 (UDP) - The Traitor 65535 - RC  How to avoid becoming a trojan horse victim- run a good firewall program such as Zone Alarm or like those outlined on the Firewall page of this website. Also, use software made specifically to sniff out trojans like The Cleaner and don't forget to keep it updated.  don't download an executable program just to "check it out" - if it's a trojan, the first time you run it, you're already infected!  be aware that downloading blindly from people or sites, whether you know about them or not, is risky. you must be sure what the file is before opening it if you decide to open it at all beware of hidden file extensions if you have programs that give options to automatically open or get files, don't use them don't be lulled into a false sense of security just because you run anti-virus programs-many don't check for trojans and you must constantly update them keep up to date at Dark-e.com on the latest threats and how to keep them off your computer Ways to get rid of trojans- you may have to do a clean reinstall of your operating system or have someone do it for you maintain and update a trojan sniffer like The Cleaner which can be run, finding the trojan, and usually cleaning it from your system. use a commercial anti-virus software program use a shareware anti-virus program check sites on the net for help and instruction. (check the "Tools and Links" page) load a good firewall program to tell you if someone is attempting to access your computer-check the Firewalls page for more.