How Trojan Works ?

How Trojan Works ? 

Trojans typically consist of two parts, a client part and a server part.
When a victim (unknowingly) runs a Trojan server on his machine, 
the attacker then uses the client part of that Trojan to connect to the server module and start using the Trojan.
The protocol usually used for communications is TCP, but some Trojans' functions use other protocols, such as UDP, as well.
When a Trojan server runs on a victim’s computer, it (usually) tries to hide somewhere on the computer; 
it then starts listening for incoming connections from the attacker on one or more ports, and attempts to modify the registry and/or use some other auto-starting method.


      
It is necessary for the attacker to know the victim’s IP address to connect to his/her machine.
Many Trojans include the ability to mail the victim’s IP and/or message the attacker via ICQ or IRC. 
This system is used when the victim has a dynamic IP, that is, every time he connects to the Internet, 
he is assigned a different IP (most dial-up users have this). ADSL users have static IPs, meaning that in this case, 
the infected IP is always known to the attacker; this makes it considerably easier for an attacker to connect to your machine.


      
Most Trojans use an auto-starting method that allows them to restart and grant an attacker access to your machine even when you shut down your computer.