Trojan horse (computing): Difference between revisions
| Line 9: | Line 9: | ||
A classic example originated from computer pioneer [[Ken Thompson]] in his 1983 [[Association for Computing Machinery|ACM]] [[Turing Award]] [[Reflections on Trusting Trust|lecture]]. Thompson noted that it is possible to add code to the [[UNIX]] "login" command that would accept either the intended encrypted [[password]] or a specific special password, allowing a back door into the system with the latter password. Furthermore, Thompson argued, the [[List of compilers|C compiler]] itself could be modified to automatically generate the rogue code, to make detecting the modification even harder. Because the compiler is itself a program generated from a compiler, the Trojan horse could also be automatically installed in a new compiler program, without any detectable modification to the source of the new compiler.<ref>{{cite conference|first=Ken|last=Thompson|title=Reflections on Trusting Trust|booktitle=1983 Turing Award Lecture|publisher=ACM|date=October 1983|url=http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf|format=[[PDF]]}}</ref> |
A classic example originated from computer pioneer [[Ken Thompson]] in his 1983 [[Association for Computing Machinery|ACM]] [[Turing Award]] [[Reflections on Trusting Trust|lecture]]. Thompson noted that it is possible to add code to the [[UNIX]] "login" command that would accept either the intended encrypted [[password]] or a specific special password, allowing a back door into the system with the latter password. Furthermore, Thompson argued, the [[List of compilers|C compiler]] itself could be modified to automatically generate the rogue code, to make detecting the modification even harder. Because the compiler is itself a program generated from a compiler, the Trojan horse could also be automatically installed in a new compiler program, without any detectable modification to the source of the new compiler.<ref>{{cite conference|first=Ken|last=Thompson|title=Reflections on Trusting Trust|booktitle=1983 Turing Award Lecture|publisher=ACM|date=October 1983|url=http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf|format=[[PDF]]}}</ref> |
||
once apon a time there was a lil slut called joe's mum, |
|||
==Example== |
|||
every friday and saturday nite she would hang around outside the thomas trip waiting for her next victim to give some sweet STds. |
|||
on one dark nite a beautiful good looking man came along called laurence, whacked a jonny on and boned the shit out of that lil slut and now she is his slave. |
|||
SLUT |
|||
the end |
|||
Who thinks laurences mum is good in bed |
|||
you wanker |
|||
==Types of Trojan horse payloads== |
==Types of Trojan horse payloads== |
||
Revision as of 13:54, 10 September 2008
- This article refers to a form of malware in computing terminology. For other meanings, see Trojan Horse (disambiguation)
In the context of computing and software, a Trojan horse, also known as a trojan, is malware that appears to perform a desirable function but in fact performs undisclosed malicious functions. Therefore, a computer worm or virus may be a Trojan horse. The term is derived from the classical story of the Trojan Horse.
Origin of the term
The word 'Trojan horse' is generally attributed to Daniel Edwards of the NSA. He is given credit for identifying the attack form in the 1972 report "Computer Security Technology Planning Study".[1] The term derives from the Trojan War, as mentioned in Homer's Iliad and Odyssey and Virgil's Aeneid: worn out by the long siege, the attacking Greeks built a giant wooden horse, ostensibly a peace offering, and pretended to sail away, but in fact left soldiers hidden inside the statue. After the Trojans brought the horse inside the city walls, the soldiers emerged, (through an opening in the bottom of the horse) opened the gates to the Greek armies, and sacked the city of Troy.
A classic example originated from computer pioneer Ken Thompson in his 1983 ACM Turing Award lecture. Thompson noted that it is possible to add code to the UNIX "login" command that would accept either the intended encrypted password or a specific special password, allowing a back door into the system with the latter password. Furthermore, Thompson argued, the C compiler itself could be modified to automatically generate the rogue code, to make detecting the modification even harder. Because the compiler is itself a program generated from a compiler, the Trojan horse could also be automatically installed in a new compiler program, without any detectable modification to the source of the new compiler.[2]
once apon a time there was a lil slut called joe's mum, every friday and saturday nite she would hang around outside the thomas trip waiting for her next victim to give some sweet STds. on one dark nite a beautiful good looking man came along called laurence, whacked a jonny on and boned the shit out of that lil slut and now she is his slave. the end
Types of Trojan horse payloads
Trojan horse payloads are almost always designed to cause harm, but can also be harmless. They are classified based on how they breach and damage systems. The six main types of Trojan horse payloads are:
- Remote Access
- Data Destruction
- Down loader
- Server Trojan(Proxy, FTP , IRC, Email, HTTP/HTTPS, etc.)
- Security software disabler
- Denial-of-service attack (DoS)
Some examples of damage are:
- Erasing or overwriting data on a computer
- Re-installing itself after being disabled
- Encrypting files in a cryptoviral extortion attack
- Corrupting files in a subtle way
- Upload and download files
- Copying fake links, which lead to false websites, chats, or other account based websites, showing any local account name on the computer falsely engaging in untrue context
- Falsifying records of downloading software, movies, or games from websites never visited by the victim.
- Allowing remote access to the victim's computer. This is called a RAT (remote access trojan)
- Spreading other malware, such as viruses (this type of trojan horse is called a 'dropper' or 'vector')
- Setting up networks of zombie computers in order to launch DDoS attacks or send spam.
- Spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware)
- Making screenshots
- Logging keystrokes to steal information such as passwords and credit card numbers
- Phishing for bank or other account details, which can be used for criminal activities
- Installing a backdoor on a computer system
- Opening and closing CD-ROM tray
- Playing sounds, videos or displaying images
- Calling using the modem to expensive numbers, thus causing massive phone bills
- Harvesting e-mail addresses and using them for spam
- Restarting the computer whenever the infected program is started
- Deactivating or interfering with anti-virus and firewall programs
- Deactivating or interfering with other competing forms of malware
- Randomly shutting off the computer
- Installing a virus
Methods of deletion
Since Trojan horses have a variety of forms, there is no single method to delete them. The simplest responses involve clearing the temporary internet files file and deleting it manually. Normally, anti-virus software is able to detect and remove the trojan automatically. If the antivirus cannot find it, booting the computer from alternate media(cd) may allow an antivirus program to find a trojan and delete it. Updated anti-spyware programs are also efficient against this threat.
Disguises
Most varieties of Trojan horses are hidden on the computer without the user's awareness. Trojan horses sometimes use the Registry, adding entries that cause programs to run every time the computer boots up. Trojan horses may also work by combining with legitimate files on the computer. When the legitimate file is opened, the Trojan horse opens as well.
How Trojans work
Trojans usually consist of two parts, a Client and a Server. The server is run on the victim's machine and listens for connections from a Client used by the attacker.
When the server is run on a machine it will listen on a specific port or multiple ports for connections from a Client. In order for an attacker to connect to the server they must have the IP Address of the computer where the server is being run. Some trojans have the IP Address of the computer they are running on sent to the attacker via email or another form of communication.
Once a connection is made to the server, the client can then send commands to the server; the server will then execute these commands on the victim's machine.
Today, with NAT infrastructure being common, most computers cannot be reached by their external ip address. Therefore many trojans now connect to the computer of the attacker, which has been set up to take the connections, instead of the attacker connecting to his or her victim. This is called a 'reverse-connect' trojan. Many trojans nowadays also bypass many personal firewall installed on the victims computer (eg. Poison-Ivy).
See also
- List of trojan horses
- Privacy-invasive software
- Spy software
- Farewell Dossier
- Malware
- Secure computing
- Social engineering (security)
- Remote administration tool
- Employee monitoring software
- Botnets
- Spam
- Spyware
Notable instances
References
- ^ Anderson, James P. (1972), Computer Security Technology Planning Study (PDF), p. 62
- ^ Thompson, Ken (October 1983). "Reflections on Trusting Trust" (PDF). 1983 Turing Award Lecture. ACM.
{{cite conference}}: Unknown parameter|booktitle=ignored (|book-title=suggested) (help)
External links
- Creating a basic Trojan in Visual Basic
- Analysis of targeted trojan e-mail attacks
- Trojan horses and how they are used en-masse in botnets Virus Bulletin's The World of Botnets by Dr Alan Solomon and Gadi Evron
- How to manually get rid of a trojan backdoor Symantec
- Trojan Horse Facts