3 Secret Methods That Trojan Programmers Exploit (and how you can protect your organisation)

As expected, the year of 2020 has seen a great uptake in cyber security breaches due to proposed worldwide lockdowns. Malicious programmers have exploited this vulnerability, and in this article, the key highlights will be the three secret methods used by trojan programmers to exploit a given device and suggestions for further protection.  

Simply put, trojan malwares tend to be disguised as legitimate softwares. The aim of a trojan programmer is to gain access and control of a victim’s computer. More about trojans can be read at this article.  

The Trojan Horse Login Program   

If it is inadvertently installed, a two way entry will be created, enabling the threat actor to gain access to important information for example, bank details, and track the victim.    

How to reduce the risk (or even halt) this simple trojan trapdoor: 

• Code review would give the highest rate of detection as this would enable the user to check for coded trapdoors in the program   
• An understanding of the process will provide medium reduction of risk   

Typically, a trojan trap door code is detectable however in some cases they are not. What if the source code has no embedded trojan trap doors?  

At a basic level, a program is executed when a code is inputted. That code then gets translated enabling that code to be executed, producing the result of that code.  

A trojan trapdoor can be inserted secretly in the compiler, where codes are translated and executed, allowing the trojan trapdoor code to remain undetected, as the user will not be able to review the code.  

Clean source - Dirty Compiler - Dirty object  

How do you reduce this risk?  

• The best option to reduce this risk as a company would be to ask the software developer to sign a legal document to bind them into truth as threat actors may reconsider lying on a contract.  

Classic UNIX Attack  

Imagine that you are a threat actor and there is a program called /bin/.  

1. Within that program, the / character (command) is changed into a white space character, meaning that the space bar is pressed instead of /. 
2. A program (setuid – to-root) is run to increase your privilege.  
3. The program /bin/ is executed without the / characters, instead with the white space.  
4. As a result of this, the path separators are dissolved.  
5. A shell is then copied to the person you hacked.  

This security breach often goes undetected by companies until a third party alerts them. As this cyber attack preys on the user not knowing what is there, it can also be characterised as a trojan attack.  The best course of action for companies regarding UNIX attack possibilities is to place more cost-effective preventative measures. 

Preventative measures can include: 

• Firewalls to alert the user of a possible trojan link. 
• Third party services with contracts to conduct risk assessments and implement necessary cyber security practices.  

If a threat actor manages to gain access despite the robust preventative measures, an intrusion detection such as OSSEC can be run. This will create a temporary firewall against a detected threat actor from gaining access to the UNIX base. This tool can also shut down a ‘honeypot’ data file that claims to be a database backup.  

Containment of a UNIX attack can involve tools being used to implement a setuid lockdown.  

Buffer Overflow  

A buffer overflow occurs when data of immense size causes the device to crash, which in turns prompts the device to run a recovery code. 

If a threat actor who has gained access due to a trojan trapdoor places a code at the bottom of the large data overflow, before the recovery code, the malicious code will be executed before the recovery code is run and the device reboots. This will allow a threat actor to gain further control of the device.   

A company should not forget about the remote workers:  

• A company should offer basic cyber security training for remote workers whose devices may not have access to the company’s more multi protected software.  
• A company one drive with multiple authentication processes which the remote workers can access would decrease the risk of trojan infection.  
• Additionally, if possible, a company laptop being provided to remote workers would help to decrease security breaches also. 

How Can Securiwiser Help? 

Trojans may seem like an obvious threat in modern times however it is important to understand the more hidden methods that trojan developers may use to affect the targeted company and individual. Securiwiser can provide its customers with daily scans to alert the business and independent users of any exploited vulnerabilities.