• Trojans are malicious pieces of 
code used to install hacking                         
software on a target system 
and aid the hacker in gaining 
and retaining access to that 
system. Trojans and their 
counterparts are important 
pieces of the hacker’s toolkit. 
• Trojans is a program that 
appears to perform a desirable 
and necessary function but 
that, because of hidden and 
unauthorized code, performs 
functions unknown and 
unwanted by the user. 
• Trojan generally consists of 
two parts: a client component 
and a server component. For 
the Trojan to function as a backdoor, the server component has to be installed on the 
victim’s machine. 
• Server is part of the Trojan on the Victim’s Computer. It opens a port in the Victim’s 
computer and invites the attacker to connect and administrate the computer. 
• Client Trojan is the part of the Trojan on the Attacker’s computer. It tries to connect the 
Victim computer and administrate the computer without the permission of the User. 




 • A wrapper is a program used to combine two or more executables into a single packaged 
program. The wrapper attaches a harmless executable, like a game, to a Trojan’s payload, 
the executable code that does the real damage, so that it appears to be a harmless file. 
• Hackers use it to bind the Server part of the Software behind any image or any other file. 
Some Famous Trojans 
• Back Orifice  
• NetBus 
• Zlob 
• Pest Trap 
• ProRat 
• Sub7 
• Vundo 
Modes of Transmission 
• CD or DVD Autorun

• Pen Drive 
• Email 
• Website 
• Shared Drives 
Trojan Countermeasures 
 • Awareness and preventive measures are the best defense against Trojans.  
• Educate users not to install applications downloaded from the Internet and email 
• Most commercial anti-virus products can automatically scan and detect backdoor 
programs before they can cause damage. 
 • TCPView is a Windows program that will show you detailed listings of all TCP and UDP 
endpoints on your system, including the local and remote addresses and state of TCP 
• On Windows NT, 2000, and XP, TCPView also reports the name of the process that 
owns the endpoint.