العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
EspañolTROJAN HORSE (COMPUTING)
In the context of computer software, a 'Trojan horse' is a program that installs malicious software while under the guise of doing something else. Though not limited in their payload, Trojan horses are more notorious for installing backdoor programs which allow unauthorized non permissible remote access to the victim's machine by unwanted parties - normally with malicious intentions. Unlike a computer virus, a Trojan horse does not propagate by inserting its code into other computer files. The term is derived from the classical myth of the Trojan Horse. Like the mythical Trojan Horse, the malicious code is hidden in a computer program or other computer file which may appear to be useful, interesting, or at the very least harmless to an unsuspecting user. When this computer program or file is executed by the unsuspecting user, the malicious code is also executed resulting in the set up or installation of the malicious 'Trojan horse' program. (See Social engineering.)
Often the term is shortened to simply 'Trojan'.
There are two common types of Trojan horses. One is ordinary software that has been corrupted by a hacker. A hacker inserts malicious code into the program that executes while the program is used or modified. Examples include various implementations of weather alerting programs, computer clock setting software, and peer-to-peer file sharing utilities. The other type of Trojan is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into executing the file or program.
Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Trojan horse programs depend on actions by the intended victims. As such, if Trojans replicate and distribute themselves, each new victim must run the Trojan.
In the field of computer architecture, 'Trojan Horse' can also refer to security loopholes that allow kernel code to access anything for which it is not authorized.
History of the term
The term 'Trojan horse' was first applied to computer software by computer pioneer Ken Thompson in his 1983 ACM Turing Award lecture. Thompson noted that it is possible to add code to the UNIX "login" command that would accept either the intended encrypted password or a particular known password, allowing a back door into the system with the latter password. He named this invention the "Trojan horse." Furthermore, Thompson argued, the C compiler itself could be modified to automatically generate the rogue code, to make detecting the modification even harder. Because the compiler is itself a program generated from a compiler, the Trojan horse could also be automatically installed in a new compiler program, without any detectable modification to the source of the new compiler.[1]
Example of a Trojan horse
A simple example of a Trojan horse would be a program named "waterfalls.scr" which claimed to be a free waterfall screensaver. When run, it would instead open computer ports and allow hackers to access the user's computer remotely.
Types of Trojan horse payloads
Trojan horse payloads are almost always designed to do various harmful things, but can also be harmless. They are broken down in classification based on how they breach and damage systems. The nine main types of Trojan horse payloads are:
★ Remote Access.
★ Email Sending
★ Data Destruction
★ Downloader
★ Proxy Trojan (disguising others as the infected computer)
★ FTP Trojan (adding or copying data from the infected computer)
★ security software disabler
★ denial-of-service attack (DoS)
★ URL trojan (directing the infected computer to only connect to the internet via an expensive dial-up connection)
Some examples of damage are:
★ erasing or overwriting data on a computer
★ encrypting files in a cryptoviral extortion attack
★ corrupting files in a subtle way
★ upload and download files
★ allowing remote access to the victim's computer. This is called a RAT (remote administration tool)
★ spreading other malware, such as viruses: this type of Trojan horse is called a 'dropper' or 'vector'
★ setting up networks of zombie computers in order to launch DDoS attacks or send spam.
★ spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware)
★ making screenshots
★ logging keystrokes to steal information such as passwords and credit card numbers
★ phishing for bank or other account details, which can be used for criminal activities
★ installing a backdoor on a computer system
★ opening and closing CD-ROM tray
★ harvesting e-mail addresses and using them for spam
★ restarting the computer whenever the infected program is started
★ deactivating or interfering with anti-virus and firewall programs
★ deactivating or interfering with other competing forms of malware
Time bombs and logic bombs
"Time bombs" and "logic bombs" are types of Trojan horses.
"Time bombs" activate on particular dates and/or times. "Logic bombs" activate on certain conditions met by the computer.
Methods of infection
The majority of Trojan horse infections occur because the user was tricked into running an infected program. This is why it is advised to not open unexpected attachments on emails -- the program is often a cute animation or an image, but behind the scenes it infects the computer with a Trojan or worm. The infected program doesn't have to arrive via email; it can be sent in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. (Physical delivery is uncommon, but if one were the specific target of an attack, it would be a fairly reliable way to infect a computer.) Furthermore, an infected program could come from someone who sits down at a computer and loads it manually. However, receiving a Trojan in this manner is very rare. It is usually received through a download.
Road apple
A road apple is a real-world variation of a Trojan Horse that uses physical media and relies on the curiosity of the victim. The attacker leaves a malware infected floppy disc, CD ROM or USB flash drive in a location sure to be found or is commonly visited, gives it a legitimate looking label and then waits in the hopes that someone will eventually use it. An example of this would be to get the coporate logo from the web site of the software that is infected and affixing a legitimate-looking label (e.g. "Employee Salaries Summary FY06") for the infected physical media.
Methods of deletion
Since Trojan horses take a variety of forms, there is no single method for deleting them. The simplest responses involve clearing the temporary internet files on a computer, or finding the file and deleting it manually. In some cases, registry editing or other treatments are needed. In extreme cases, it may even be necessary to reset the computer back to its factory defaults.
Well-known trojan horses
★ ''Downloader-EV''
★ ''Dropper-EV''
★ ''Pest Trap''
★ ''NetBus''
★ ''flooder''
★ ''Tagasaurus''
★ ''Vundo trojan''
★ ''Gromozon Trojan''
★ ''Sub-7''
★ ''Cuteqq_Cn.exe''
References
1.
See also
★ List of trojan horses
★ Trojan-Proxy
★ Spy software
★ Farewell Dossier
★ Malware
★ Secure computing
★ Social engineering (security)
★ Remote administration tool
★ Employee monitoring software
★ Botnets
★ Spam
★ Spyware
External links
★ What is a Trojan Horse? Webopedia
★ The Difference between a Virus, a Worm and a Trojan Horse Webopedia
★ Analysis of targeted trojan e-mail attacks
★ Trojan horses and how they are used en-masse in botnets Virus Bulletin's The World of Botnets by Dr Alan Solomon and Gadi Evron-->
★ How to manually get rid of a trojan backdoor Symantec
★ Test your Virusscanner with online harmless Eicar virus
★ Download Trojans and other Hacktools
This article provided by Wikipedia. To edit the contents of this article, click here for original source.
psst.. try this: add to faves
