Article

A Comparison of Trojan Virus Behavior in Linux and Windows Operating Systems

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Trojan virus attacks pose one of the most serious threats to computer security. A Trojan horse is typically separated into two parts - a server and a client. It is the client that is cleverly disguised as significant software and positioned in peer-to-peer file sharing networks, or unauthorized download websites. The most common means of infection is through email attachments. The developer of the virus usually uses various spamming techniques in order to distribute the virus to unsuspecting users. Malware developers use chat software as another method to spread their Trojan horse viruses such as Yahoo Messenger and Skype. The objective of this paper is to explore the network packet information and detect the behavior of Trojan attacks to monitoring operating systems such as Windows and Linux. This is accomplished by detecting and analyzing the Trojan infected packet from a network segment -which passes through email attachment- before attacking a host computer. The results that have been obtained to detect information and to store infected packets through monitoring when using the web browser also compare the behaviors of Linux and Windows using the payload size after implementing the Wireshark sniffer packet results. Conclusions of the figures analysis from the packet captured data to analyze the control bit, and check the behavior of the control bits, and the usability of the operating systems Linux and Windows.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Berkaitan dengan anak, hal tersebut harus mengarah pada perubahan persepsi dimana anak tidak diperlakukan seperti kelompok calon konsumen lain, tetapi kelompok rentan pengguna internet. 29 Sorotan khusus tentang sifat persetujuan mereka untuk pemrosesan data tampaknya menjadi salah satu langkah besar ke depan. 30 3. Pengaruh GDPR secara tidak langsung kepada anak-anak Terdapat sejumlah ketentuan GDPR yang secara umum berdampak bagi anak-anak sehingga membuktikan bahwa rezim perlindungan data Eropa lebih baik jika dibandingkan dengan Arahan 1995, yang secara tidak langsung tetapi secara signifikan bermanfaat bagi anak-anak. ...
... (2016). 29 Frau-Meigs, Divina, and Lee Hibbard. "Education 3.0 and Internet Governance: A new global alliance for children and young people's sustainable digital development." ...
... Terkait kebocoran data oleh peretas telah disanggah oleh KOMINFO bersama BSSN (Badan Siber dan Sandi Negara) dalam artikel di website resmi KOMINFO. 29 Intinya mereka menyatakan bahwa tidak ada data breach atau data leak, sehingga data pasien Covid-19 aman, Namun mengingat sebaran data di Indonesia yang begitu luas, Kementerian Kominfo tentu melakukan koordinasi dan pengecekan apakah masih ada potensi dari sumber lain. 30 Data rekam medis pasien dikualifikasikan ke dalam data pribadi yang bersifat sensitif. ...
Conference Paper
Full-text available
... In the recent years, IS has attracted attention based on the fact that the Internet (and in turn, computer networking) has become an effective means of sending/receiving data and that a substantial number of entities depend on the capability to transmit sensitive data. Similarly, malware has informed the efforts of antivirus programs' advancement to address the potential threats [2] . However, Trojan horses have continued to circumvent the security toolsets of antivirus programs because of their operation modes. ...
... A Trojan code defeats the purpose of the conventional antivirus approach because it depends on the end user's perception of the code as genuine software for it to install. Furthermore, on installation, it reverses the client-server paradigm by turning the infected host into a server, while the antivirus toolsets continue to assume the end user's workstation as a client node [2] . In addition, while antivirus routines cast the operation modes of software as malicious when it exhibits the tendencies of self-replication -the Trojan code evades detection by desisting from creating its copies in favor of working as a standalone code that has the potential of creating backdoors for other malware [3] . ...
... The Trojan detectability function, however, assumes that the environment acts as a variable constant-such that, Trojan manifestations in one operating system like UNIX would not be similar to the manifestation in a different system; like Windows [2] . On the other hand, detectability does not mitigate the intrusion of systems, in the first place [7] . ...
Conference Paper
Full-text available
Malicious payloads and computer codes have conventionally strived to gain access to target systems for aims which the affected end user experiences as unwanted functions or loss of data. This paper will examine the major types of Trojan horses, their mode of operation, and consequently, propose a framework for attack prevention and handling. It will highlight the need for effective control based on the premise that since Trojan attacks pose as harmless software, they have the potential to cause damage of exceptional magnitude. Ultimately, the proposed prototype will employ functional modeling to illustrate its potential as a powerful approach to information security.
... Virus trojan dapat sangat sulit diketahui keberadaannya secara langsung disebabkan karena trojan dapat menyamar sebagai bagian dari perangkat jaringan sehingga dapat menyembunyikan diri di komputer dan menyebarkannya di internet sementara pengguna tidak dapat melihatnya (Han & Tan, 2010). Virus trojan tampaknya tidak berbahaya karena menyembunyikan dirinya sedemikian rupa sehingga penyerang dapat mengontrol dan melakukan bentuk kerusakan yang berbahaya, seperti merusak data , menghapus data, dan lebih buruk lagi (Al-Saadoon & Al-Bayatti, 2011). ...
Article
Full-text available
Virus merupakan program berbahaya yang dapat merugikan. Salah satu virus paling berbahaya adalah virus trojan, dimana virus trojan bersembunyi pada perangkat pengguna tanpa diketahui keberadaanya. Virus trojan dapat sangat sulit diketahui keberadaannya karena virus trojan bersembunyi pada perangkat jaringan dan menyamar sebagai bagian dari perangkat jaringan. Namun ketika perangkat jaringan terinfeksi oleh serangan virus trojan maka aktivitas yang terjadi pada jaringan akan berbeda dari aktivitas biasanya. Pada aktivitas jaringan terdapat beragam parameter yang menyebabkan pengklasifikasian membutuhkan waktu yang lama dalam melakukan prediksi. Pada penelitian ini dilakukan evaluasi kinerja algoritma klasifikasi dengan berbagai metode seleksi fitur untuk mendeteksi aktivitas trojan pada jaringan internet. Hasil dari penelitian menunjukkan bahwa untuk klasifikasi yang membutuhkan waktu prediksi yang lebih cepat diperoleh kombinasi antara Information Gain dan LDA menggunakan klasifikasi Naïve Bayes, dimana dengan menggunakan kombinasi seleksi fitur dan metode klasifikasi tersebut diperoleh waktu prediksi dengan rata – rata 0,0020 detik dengan akurasi mencapai 92%. Sedangkan untuk klasifikasi yang membutuhkan akurasi maksimal diperoleh kombinasi antara Coefficient Correlation, Information Gain, dan PCA menggunakan klasifikasi Decision Tree, dimana dengan menggunakan kombinasi seleksi fitur dan metode klasifikasi tersebut diperoleh akurasi 99% dan waktu prediksi 0,0033 detik.
... Once activated it can launch several attacks and also go into hiding on the victim"s machine. It can pop up in several windows and, in some instances, open attachments from phishing emails [36]. These pop-ups are usually presented as adverts and warning alerts. ...
Article
Full-text available
This modern time has seen a rise in technology and its associated tools. The rapid development of technology has also grown along with what the researchers termed as diabolic computing. The advancement of technology has moved along with security risks and threats. Cybercriminals are aware of the prospects that the internet has in connecting billions of people across the world. Their operations have also focused on the exploitation of users since humans are perceived to be the weakest link to every firm or establishment. This human exploitation and attacks are termed social engineering. The internet community is the biggest casualty of social engineering attacks. Social Engineering attacks are dangerous and can lead to financial losses, data losses, and even denial of service. These can affect an organization’s reputation. The effects of social engineering attacks are very treacherous. Some have long standing effects and can also result in the closedown of businesses. The study gives a clearer view of social engineering attacks. This view creates awareness of social engineering. This awareness helps to mitigate the various social engineering attacks. The study is focused on computer and internet users. The study reviewed the concept of social engineering, its various attack methods, and how to mitigate them. The study was concluded with a summary of SE attacks and appropriate countermeasures.
... File diambil disimpan dalam format yang libpcap dan gunakan dapat dibaca oleh aplikasi itu yang mengerti format itu. [4] Ada beberapa jenis malware yang paling popular di tahun 2015 yaitu Trojan Ransomware, Exploit kits, Banking Trojans, worms, PoS (Point-of-Sale) Malware, Social Engineering Attacks, Fake Tech Support Services, Rogue Antivirus Software, Potentially Unwanted Programs, dan Adware. [5]. ...
Article
Full-text available
Penelitian ini bertujuan untuk mengatasi permasalahan penyebaran malware yang terdapat dalam jaringan kampus. Salah satu dampak adanya malware dalam jaringan kampus adalah overload traffic bandwidth, sehingga menyebabkan kendala bandwidth yang cepat habis atau lalu lintas transfer data baik yang masuk maupun yang keluar menjadi lambat dari biasanya. Umumnya sebuah kampus atau universitas memiliki struktur jaringan yang didalamnya dikelola oleh satu atau lebih router di dalam mengelola jaringan dan bandwidth. Beberapa router memiliki kemampuan pengaturan firewall yang sudah cukum mumpuni namun perlu dikelola lebih spsesifik berdasarkan kebutuhan skala jaringan dan bandwidth yang tersedia. Dengan menciptakan rule-rule yang baik di dalam firewall akan lebih mudah dalam melakukan filtering terhadap lalu lintas trafik jaringan dan bandwidth sehingga dapat menciptakan keamanan dan kenyamanan pengguna jaringan dan bandwidth.
... Later on, this will result in a computer crash. [7] As a result, Trojan horse attacks pose one of the most serious threats to computer security. ...
Article
Full-text available
Trojan horse is said to be one of the most serious threats to computer security. A Trojan horse is typically separated into two parts – a server and a client. It is the client that is cleverly disguised as significant software and positioned in peer-to-peer file sharing networks, or unauthorized download websites. The most common means of infection is through email attachments. In order to distribute the virus to unsuspecting users, the developer of the virus usually uses various spamming techniques. Malware developers use chat software as another method to spread their Trojan horse viruses such as Yahoo Messenger and Skype. This study aims to analyze and detect the behavior of Trojan attacks, provide ways on how to prevent, detect, and recover from Trojan attacks.
... Currently trojan horse attacks is considered as one of the most serious threats in cyber attacks. There are many definitions related with trojan horse such as by [3,14]. For this research, trojan horse is defined as a program that appears as a useful and harmless, and once it has been installed in a victim computer, it begins to carry out malicious acts such as stealing important information from victim's computer. ...
Article
Full-text available
For the past few years, malware or also known as malicious code is seen as one of the biggest threats of the cyber attacks. It has caused lot of damages, loss of money and productivity to many organizations and end users. Malicious code can be divided into many categories such as viruses, worms and trojan horses. Each of these categories has it owns implications and threats, and trojan horse has been chosen as the domain of this research paper. Prior to the formation of a new trojan horse detection model, an in-depth study and investigation of the existing trojan horse classification is presented in this paper. Surprisingly, not much research related with trojan horse has been done. On 16 th January 2013, Troj/Invo-Zip has caused chaos by masquerading as an invoice from Europcar and spreading via email. Therefore, in this research paper, a new trojan horse classification called Efficient Trojan Horse Classification (ETC) is developed. This ETC later is used as a basis to build a model to detect trojan horse efficiently. The methods used to develop the ETC are the static and dynamic analyses. As for the dynamic analysis, cuckoo sandbox has been integrated to speed up the analysis and reverse engineering processes.
Article
In the realm of contemporary law enforcement, combating cybercrime necessitates innovative tools capable of navigating the digital landscape effectively. This paper examines the development and implications of a custom Remote Access Tool (RAT) tailored specifically for law enforcement use and made specifically for the Linux environment. Unlike conventional malware, this RAT operates covertly, evading detection by traditional antivirus software, and enables authorized agents to remotely access and gather crucial information from target systems. Through a user- friendly interface and advanced functionalities, it empowers law enforcement agencies to conduct digital investigations with unprecedented efficiency and efficacy, while also raising important considerations regarding legality, transparency, and ethical conduct in the pursuit of justice.
Article
Full-text available
يهدف البحث إلى دراسة الإجراءات المتبعة عند التعامل مع مسرح الجريمة الإلكترونية وتحليلها، والكيفية التي يجب التعامل بها مع هذا النوع من الجرائم وتكون من خلال مسرح هذه الجريمة ومعاينته والضوابط الواجب مراعاتها عند إجراء المعاينة وآثاره المادية، وكيفية توثيقه ورفع الآثار بالطرق التقنية الحديثة، وفق الأنظمة المتقدمة من تصوير فوتوغرافي ورسم رقمي لمسرح الجريمة، والقياس الرقمي لأبعاد مسرح الجريمة، والأدوات اللازمة للحفاظ علي الدليل الرقمي الذي يمكن استخلاصه منه، وذلك في إطار التشريعات والقوانين الخاصة بدولة الإمارات العربية المتحدة، وقد استخدم الباحث المنهج الوصفي التحليلي لوصف الإجراءات المتبعة في مثل هذه الجرائم وتحليلها، وقد توصل الباحث من خلال هذا البحث إلى أن المشرع الإماراتي اتخذ منحى يتوافق مع التطورات المعلوماتية التي أصبحت اليوم تشكل واقعنا المعاش؛ إذ أعطى الحماية القانونية لأدلة الإثبات الإلكترونية وحدد الضوابط التي تحكمها.
Conference Paper
Full-text available
The invention of smartphone have made life easier as it is capable of providing important functions used in user's daily life. While different operating system (OS) platform was built for smartphone, Android has become one of the most popular choice. Nonetheless, it is also the most targeted platform for mobile malware attack causing financial loss to the victims. Therefore, in this research, the exploitation on system calls in Android OS platform caused by mobile malware that could lead to financial loss were examined. The experiment was conducted in a controlled lab environment using open source tools by implementing dynamic analysis on 1260 datasets from the Android Malware Genome Project. Based on the experiment conducted, a new system call classification to exploit call logs for mobile attacks has been developed using Covering Algorithm. This new system call classification can be used as a reference for other researcher in the same field to secure against mobile malware attacks by exploiting call logs. In the future, this new system call classification could be used as a basis to develop a new model to detect mobile attacks exploitation via call logs. Keywords-system calls, similarity analysis, exploitation of call logs using system calls, covering algorithm, data transformation, and system call classification.
Article
Full-text available
For any organization, having a secured network is the primary thing to reach their business requirements. A network is said to be secured when it can sustain from attacks, which may damage the whole network. Over the last few decades, internetworking has grown tremendously and lot of importance is given to secure the network. To develop a secure network, network administrators must have a good understanding of all attacks that are caused by an intruder and their mitigation techniques. This paper explores the most fatal attacks that might cause serious downtime to an enterprise network and examines practical approaches to understand the behavior of the attacks and devise effective mitigation techniques. It also describes the importance of security policies and how security policies are designed in real world.
Article
Acknowledgements ................................................................................................................................................. 4 Table of Contents.................................................................................................................................................... 6 Table of Figures ...................................................................................................................................................... 7 1
Article
The threat of attack by computer viruses is in reality a very small part of a much more general threat, specifically attacks aimed at subverting computer security. This paper examines computer viruses as malicious logic in a research and development environment, relates them to various models of security and integrity, and examines current research techniques aimed at controlling the threats viruses in particular, and malicious logic in general, pose to computer systems. Finally, a brief examination of the vulnerabilities of research and development systems that malicious logic and computer viruses may exploit is undertaken. 1. Introduction A computer virus is a sequence of instructions that copies itself into other programs in such a way that executing the program also executes that sequence of instructions. Rarely has something seemingly so esoteric captured the imagination of so many people; magazines from Business Week to the New England Journal of Medicine [39][48][60][72][135]...
Article
The study of compact active galactic nuclei (AGN) that possess convex radio spectra (the gigahertz-peaked spectrum radio sources) offers a unique opportunity to probe both the early evolutionary stages of relativistic AGN jets and their immediate nuclear environments. In this article I trace Ken Kellermann's early investigations of these sources, which played a major role in justifying the development of modern-day VLBI techniques. I describe how our understanding of these AGN has progressed since Kellermann's early discoveries, and discuss several ways in which the current classification scheme can be simplified to reflect intrinsic source characteristics, rather than observer-biased quantities. Finally, I discuss recent results from the VLBA 2 cm survey concerning the relativistic jet kinematics of the two-sided peaked-spectrum sources 4C +12.50 (PKS 1345+125) and OQ 208 (1404+286).
Available from: http://www.bitdefender.com/world/business/antivirus-for-unices.html
  • Antivirus Scanner
  • For Unices
  • Cited
Antivirus Scanner for Unices. cited; Available from: http://www.bitdefender.com/world/business/antivirus-for-unices.html [2] Bishop, M., ―An Overview of Computer Viruses in a Paper Environment‖, p. 1-32, Technical Report: PCS-TR91-156-1999.
[9] Ubuntu Operating System. cited; Available from: http://en.wikipedia.org/wiki/Ubuntu_(operating_system) [10] Wireshark. cited; Available from
Trojan Programs. cited; Available from: http://www.viruslist.com/en/virusesdescribed?chapter=152540521, Oct 20,2010. [9] Ubuntu Operating System. cited; Available from: http://en.wikipedia.org/wiki/Ubuntu_(operating_system) [10] Wireshark. cited; Available from: http://en.wikipedia.org/wiki/Wireshark, November 2010.
‖The Complete Windows Trojans‖, cited; Available from: http://www.windowsecurity.com/whitepapers/The_Complete_Windows_Tr ojans_Paper.html
  • D Danchev
Danchev, D.,‖The Complete Windows Trojans‖, cited; Available from: http://www.windowsecurity.com/whitepapers/The_Complete_Windows_Tr ojans_Paper.html. Aug 29, 2005.
‖The Complete Windows Trojans‖, cited
  • D Danchev
Danchev, D.,‖The Complete Windows Trojans‖, cited; Available from: http://www.windowsecurity.com/whitepapers/The_Complete_Windows_Tr ojans_Paper.html. Aug 29, 2005.