Vol.1, No.5

How trojans steal credit card information

What is a trojan horse, and how could it steal your credit card information?

Credit card information stored in a computer
It can enter your computer undetected. Whoever would attempt to infect your computer with a Trojan horse on your personal computer could steal your credit card information, passwords you use to access websites, including websites where you pay bills or make purchases, confidential information of any kind, e-mail addresses, and information about where you live. The Trojan horse could be used for other illegal purposes.

A Trojan horse can enter your computer without your knowing. The person who gave you the Trojan horse can have unrestricted access to any data stored on your computer. A Trojan might be a program that runs on your computer without your knowledge. It might even be connected to a legitimate program you do know about, with additional features that you do not know the program has.

How do Trojans operate, you might wonder? What types of Trojans exist, and what can you do to project yourself? This article will attempt to answer some of those questions.

The best known Trojans are Remote access Trojans, with some kinds being the Back Orfice, and Netbus Trojans. With such Trojans, someone has complete access to another's computer, with access to all files, private conversations, and accounting data.

One example of such a Trojan was the Bugbear virus, which in September 2002 gave those who used it remote access to sensitive information.

Such a Trojan acts as a server and uses a port that is not available to Internet attackers. If a computer user is connected to a network behind a firewall, that person is protected from attacks outside the network. A hacker inside the network, however, could still use such a Trojan.

Another type of a Trojan is a Data-sending Trojan. This is a kind of Trojan that hackers use to obtain credit card information, as well as chat logs, and address lists. Such a Trojan could look for information in specific places, or it could install a key logger that would send all recorded keystrokes to a hacker.

Often a hacker who uses a Data-sending Trojan uses a free e-mail service to receive his information. The information can also be sent to a hacker's website. Such a hacker might well use a free website provider. In such a case, the data would be sent through a web form. Such methods would not be noticed, and a hacker could even be anyone on the same network as the victim. Such a hacker would not have to be in a network, however, as he could externally use such a system to gather information from a victim.

The only purpose of a destructive Trojan is to destroy and delete files. The Trojan could be activated by the attacker. It could work like a bomb, designed to be activated at a specific time.

A destructive Trojan can be a danger to any computer network. It works a lot like a virus. Because it is specifically designed to attack, however, it might go unnoticed by anti-virus software.

Another type of Trojan is a Denial of Service Trojan. It is designed to start a denial of service, if there are enough victims. For example, if you have 200 infected users, and each victim is attacked at the same time, heavy traffic will be generated, more than the victim's bandwidth can carry most likely. Access to the Internet will be shut down or denied.

A proxy Trojan turns the victim's computer into a proxy server. It would then be available to the whole world. Such a Trojan is often used to make purchases with stolen credit cards, or other illegal purposes. This makes the attacker anonymous, because he is using your computer for any illegal activity.

This could cause legal problems, if you are a personal victim of such a Trojan, or for your company, if your company is. If such illegal activity is tracked, it will be tracked back to you or your company's computer.

Another type of Trojan is a security software disabler. It is designed to kill programs such as firewalls, and anti-virus software.

The Bugbear virus was just such a type of a Trojan.

How are computers infected with a Trojan, and can anything be done to prevent them from being infected?

Two common ways a computer is infected are through an e-mail attachment, or through a software download from a website.

Many people will claim they never download software from an unknown website or open an attachment. Hackers often use techniques, however, to cause someone to open an attachment or downloading infected software, without suspecting a thing.

One such Trojan was the Septer.troj, which victims received in an e-mail in October 2001. Victims were tricked into believing the e-mail contained a submission form for disaster relief for the Red Cross. Victims filled out a form with their credit card information, which was then encrypted and sent to the hacker who created it.

Many people have a computer that was infected when they opened an attachment. The hackers often know the names and even e-mail addresses of your friends. They will use such information to send you an "e-mail," or "joke," which you think is from your friend. When you open the e-mail, your computer is infected with a Trojan.

Many people have received Trojans when they downloaded a file from a website. This can happen with a link you receive in an e-mail.

The ZeroPopUp Trojan was one Trojan sent in that manner. Victims were tricked into believing they were downloading software to block pop-up ads. Once installed, the Trojan sent an e-mail to everyone in the victim's address book, implying that the e-mail was from the victim, promoting the software.

Hacking programs, mail bombers, flooders, and other tools can even be found for free on archives of free web space providers.

There are steps you can take to protect yourself from Trojans. If you have any reason to be suspicious about whether an e-mail is actually from your friend or not, don't open an attachment until you are certain. Contact your friend and find out before you open the attachment.

It might also be safer to never open at attachment, if you don't know the source of the e-mail.

If you receive an e-mail that seems to be from a trusted website with a link to something you really want to download, and you are at all suspicious, contact customer service or someone from the website first. Make certain the link to a website is legitimate.

Suppose you want to download software from the Internet, and you do not know anything about the source. One option would be to not download the software to be safe. Another would be to notice before you download if a pop up box appear with a digital certificate from a certification authority appear to authenticate the identity of the software publisher (VeriSign is the world's largest). A message might appear which says something to the effect that the publisher authenticity has been verified by VeriSign Commercial Software Publishers, CA.

These are some steps you can take if you use a personal computer at home. There are no absolute answers to prevent infection. Even if you use a computer in a network at work, most virus scanners detect only a portion of known Trojans and do not detect unknown Trojans.

Even though there are not absolute answers for preventing infection in the workplaces, steps can be taken to make computers safer. Not only does virus scanning need to be done for e-mail, but it should be done for the Internet, for HTTP and FTP, because otherwise you might be protected for e-mail only. Otherwise a user could download a Trojan from a website without knowing it.

Multiple virus engines should be used. Multiple sources will detect more Trojans than a single engine.

Executables entering the network should be checked.

While there are no absolute answers to prevent your computer from being infected with a Trojan, there are steps you can take to be safer.