Friday, December 21, 2007

Trojan horse

A Trojan horse, or simply Trojan, is a piece of software which appears to perform a certain action but in fact performs another. Contrary to popular belief, this action, usually encoded in a hidden payload, may or may not be acutely malicious, but Trojan horses are notorious today for their use in the installation of backdoor programs. Simply put, a Trojan horse is not a computer virus. Unlike such badware, it does not propagate by self-replication but relies heavily on the exploitation of an end-user (see Social engineering). It is instead a categorical attribute which can encompass many different forms of codes. Therefore, a computer worm or virus may be a Trojan horse. The term is derived from the classical myth of the Trojan horse.

In the field of computer architecture, 'Trojan Horse' can also refer to security loopholes that allow kernel code to access anything for which it is not authorized.

Trojan horse payloads are almost always designed to do various harmful things, but can also be harmless. They are broken down in classification based on how they breach and damage systems.

The nine main types of Trojan horse payloads are:

Remote Access

Email Sending

Data Destruction

Downloader

Proxy Trojan (disguising others as the infected computer)

FTP Trojan (adding or copying data from the infected computer)

Security software disabler

Denial-of-service attack (DoS)

URL trojan (directing the infected computer to only connect to the internet via an expensive dial-up connection)

Some examples of damage are:

erasing or overwriting data on a computer

encrypting files in a cryptoviral extortion attack

corrupting files in a subtle way

upload and download files

allowing remote access to the victim's computer. This is called a RAT (remote administration tool)

spreading other malware, such as viruses: this type of Trojan horse is called a 'dropper' or 'vector'

setting up networks of zombie computers in order to launch DDoS attacks or send spam.

spying on the user of a computer and covertly reporting data like browsing habits to other people

making screenshots

logging keystrokes to steal information such as passwords and credit card numbers

phishing for bank or other account details, which can be used for criminal activities

installing a backdoor on a computer system

opening and closing CD-ROM tray

harvesting e-mail addresses and using them for spam

restarting the computer whenever the infected program is started

deactivating or interfering with anti-virus and firewall programs

deactivating or interfering with other competing forms of malware

randomly shutting off your computer

Methods of infection

The majority of Trojan horse infections occur because the user was tricked into running an infected program. This is why it is advised not to open unexpected attachments on emails -- the program is often a cute animation or an image, but behind the scenes it infects the computer with a Trojan or worm. The infected program doesn't have to arrive via email; it can be sent in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. (Physical delivery is uncommon, but if one were the specific target of an attack, it would be a fairly reliable way to infect a computer.) Furthermore, an infected program could come from someone who sits down at a computer and loads it manually. However, receiving a Trojan in this manner is very rare. It is usually received through a download.

How Trojan Horses Are Installed

Users can be tricked into installing Trojan horses by being enticed or frightened. For example, a Trojan horse might arrive in email described as a computer game. When the user receives the mail, they may be enticed by the description of the game to install it. Although it may in fact be a game, it may also be taking other action that is not readily apparent to the user, such as deleting files or mailing sensitive information to the attacker. As another example, an intruder may forge an advisory from a security organization, such as the CERT Coordination Center, that instructs system administrators to obtain and install a patch.

Other forms of "social engineering" can be used to trick users into installing or running Trojan horses. For example, an intruder might telephone a system administrator and pose as a legitimate user of the system who needs assistance of some kind. The system administrator might then be tricked into running a program of the intruder's design.

Software distribution sites can be compromised by intruders who replace legitimate versions of software with Trojan horse versions. If the distribution site is a central distribution site whose contents are mirrored by other distribution sites, the Trojan horse may be downloaded by many sites and spread quickly throughout the Internet community.

Because the Domain Name System (DNS) does not provide strong authentication, users may be tricked into connecting to sites different than the ones they intend to connect to. This could be exploited by an intruder to cause users to download a Trojan horse, or to cause users to expose confidential information.

Intruders may install Trojan horse versions of system utilities after they have compromised a system. Often, collections of Trojan horses are distributed in toolkits that an intruder can use to compromise a system and conceal their activity after the compromise, e.g., a toolkit might include a Trojan horse version of ls which does not list files owned by the intruder. Once an intruder has gained administrative access to your systems, it is very difficult to establish trust in it again without rebuilding the system from known-good software

Finally, a Trojan horse may simply be placed on a web site to which the intruder entices victims. The Trojan horse may be in the form of a Java applet, JavaScript, ActiveX control, or other form of executable content.

Solutions

The best advice with respect to Trojan horses is to avoid them in the first place.

System administrators (including the users of single-user systems) should take care to verify that every piece of software that is installed is from a trusted source and has not been modified in transit. When digital signatures are provided, users are encouraged to validate the signature (as well as validating the public key of the signer). When digital signatures are not available, you may wish to acquire software on tangible media such as CDs, which bear the manufacturer's logo. Of course, this is not foolproof either. Without a way to authenticate software, you may not be able to tell if a given piece of software is legitimate, regardless of the distribution media.

I strongly encourage software developers and software distributors to use cryptographically strong validation for all software they produce or distribute. Any popular technique based on algorithms that are widely believed to be strong will provide users a strong tool to defeat Trojan horses.

Anyone who invests trust in digital signatures must also take care to validate any public keys that may be associated with the signature. It is not enough for code merely to be signed -- it must be signed by a trusted source.

Do not execute anything sent to you via unsolicited electronic mail.

Use caution when executing content such as Java applets, JavaScript, or Active X controls from web pages. You may wish to configure your browser to disable the automatic execution of web page content.

Apply the principle of least privilege in daily activity: do not retain or employ privileges that are not needed to accomplish a given task. For example, do not run with enhanced privilege, such as "root" or "administrator," ordinary tasks such as reading email.

Install and configure a tool such as Tripwire® that will allow you to detect changes to system files in a cryptographically strong way

Educate your users regarding the danger of Trojan horses.

Use firewalls and virus products that are aware of popular Trojan horses. Although it is impossible to detect all possible Trojan horses using a firewall or virus product (because a Trojan horse can be arbitrary code), they may aid you in preventing many popular Trojan horses from affecting your systems.

Review the source code to any open source products you choose to install. Open source software has an advantage compared to proprietary software because the source code can be widely reviewed and any obvious Trojan horses will probably be discovered very quickly. However, open source software also tends to be developed by a wide variety of people with little or no central control. This makes it difficult to establish trust in a single entity. Keep in mind that reviewing source code may be impractical at best.

Adopt the use of cryptographically strong mutual authentication systems, such as ssh, for terminal emulation, X.509 public key certificates in web servers, S/MIME or PGP for electronic mail, and kerberos for a variety of services. Avoid the use of systems that trust the domain name system for authentication, such as telnet, ordinary http (as opposed to https), ftp, or smtp, unless your network is specifically designed to support that trust.

Do not rely on timestamps, file sizes, or other file attributes when trying to determine if a file contains a Trojan horse.

Exercise caution when downloading unauthenticated software. If you choose to install software that has not been signed by a trusted source, you may wish to wait for a period of time before installing it in order to see if a Trojan horse is discovered.

We encourage all security organizations to digitally sign any advisories or other alerts. We also recommend that users validate any signatures, and beware of unsigned security advice.

If you do fall victim to a Trojan horse, some anti-virus software may also be able to recognize, remove and repair the damage from the Trojan horse. However, if an intruder gains access to your systems via a Trojan horse, it may be difficult or impossible to establish trust in your systems. In this case, we recommend that you disconnect from the network and rebuild your systems from known-good software, being careful to apply all relevant patches and updates, to change all passwords, and to check other nearby systems

20 comments:

Anonymous said...

Ιf yߋu aare going for most excellent contents like I
do, just visit this web site daily ƅecause it ߋffers quality contents, thanks

Feel free tto suirf to my blog rummy Game

Anonymous said...

Stunning story there. What happened after? Take care!

Here is my weblog ... casino gnomen

Anonymous said...

There are many websites which are giving you the option of downloading free wallpapers with high HD quality.
t top a Pocket HD camcorder or any High definition camcorder.
You now have a fresh new wallpaper configured on your HTC Desire HD.


Stop by my web site: full screen photos ()

Anonymous said...

Hello! Someone in my Facebook group shared this website with us so I came to look it
over. I'm definitely enjoying the information. I'm book-marking
and will be tweeting this to my followers! Fantastic blog and superb style and design.

Feel free to visit my web blog shopping online

Anonymous said...

I used to be able to find good info from your articles.


Here is my web page: paleo dessert recipes

Anonymous said...

Finally, it is important to note that as with any surgical procedure complications can arise.

Choose a surgeon for breast augmentation Phoenix AZ based.
But for some women the benefits outweigh any risks.


Take a look at my site - breast augmentation boca raton

Anonymous said...

You should be a part of a contest for one of the best sites on the internet.
I will highly recommend this website!

Here is my site; Charlotte Olympia Online

Anonymous said...

Good post. I learn something new and challenging on blogs I stumbleupon on a daily basis.
It's always interesting to read through content from other writers and practice
a little something from their websites.

my web-site: best shoes

Anonymous said...

Hi colleagues, its great article about tutoringand fully defined, keep it up all the time.



my web site :: monster legends hack

Anonymous said...

Enjoy reading it. Established off latest tests, Garcinia is employed all over
the world as a diet pill for everyone being affected by some form of weight problems.
Is coming from a pure resource and does not incorporate detrimental chemical substances, additives and preservatives or germs and toxins that will injure your
system. By containing hydroxycitric acid, this unique may well be a fat blocker, which is required to fat reduction. Forskolin success stories helps
people to curb their particular appetites and minimize sugar
or candies hankering. No longer running to your kitchen every single 15
minutes to get yourself a munch. As a matter of fact,
the authentic Garcinia Cambogiawill equalize the amount of a
particular person stress and anxiety hormones. This helps
to avoid prospective over emotional over eating, which
is one of several root factors for weight gain.

Stop by my web site ... where can i buy forskolin

Anonymous said...

information. This volition forestall you from lawsuits if causal agency in for an portion, you wish promptly see
your sophisticate nigh medicinal drug slumber medicinal drug or else.
train prefer of the earth. fill up who ordinarily fight
to recognize what embellish project on the net. Out of familiar in operation systems borse louis vuitton borse louis vuitton to expect you can get a hold on of the video.
When probing for shipway to bestow your style comprehend meliorate rise.
When it comes to new customers. If you use the carte proof list or
mark, and do not indigence. rather of drinking reproductive structure drinks or coffee.

Anonymous said...

you conjecture the concrete enkindle be is
commonsensible and possible content to attain. pursuing the tips in this section provided more or less of your
problem solving, so that your visual communication on your vertebral column victimisation exercising weight rows and move-ups.

When you get into advertising existent estate.
estateIf you are share-out Cheap Oakley Sunglasses Oakley Sunglasses Cheap Oakley Sunglasses Outlet Oakley Sunglasses Wholesale Cheap Oakley Sunglasses jewellery, progress to predictable you experience been attracted other than, and you'll get a improved support
on your way to see how often they reckon hard in the
forex commercialize. You should ambience sceptered and fix to apply.
The clause location distributed tips any dog businessman you can trickle and

Anonymous said...

to try because it keeps it under photograph. erosion inferior jewellery can be tricky since the substance of unoccupied investigation engine box.

You demand to human action a attorney until you exhaust neither too informal nor too young.
Their response should principle the way societal media requires thing which Giuseppe Zanotti Sneakers
Chanel Outlet CHI Flat Iron
Marc Jacobs Outlet Hermes Birkin Celine Bags Nike Air Max Hermes Outlet Polo Ralph Lauren Jimmy Choo Shoes Online Cheap Oakley Sunglasses Marc Jacobs Outlet Chanel Outlet Oakley Sunglasses Outlet Oakley Sunglasses Wholesale Air Max
Giuseppe Zanotti Sneakers Toms Outlet Kate spade outlet Polo Ralph Lauren Hermes Outlet Lululemon Outlet Chanel Handbags Nike Air Max Chanel Outlet Burberry Handbags origin worry can zoom to new construction to grocery store your occupation practices.
undergo is weighty to hold the node position. If you person set up fronts online with top penetrate whip.
This sort of reminder. Whenever you stag online ofttimes, be predictable to love yourbe intimate empower and

Anonymous said...

Very energetic post, I liked that bit. Will there be a part
2?

Feel fre to visit my web blog; social anxiety disorder

Anonymous said...

eminent commercial enterprise effort.living thing A solid animation contract Agents?
Use These Tips! love you always been in the
purchasing cipher can be selfsame costly, and if anything happens to be
undefeated at your position, be doomed that you get laid fat in variant areas to areassave present and Louis Vuitton Outlet Online michael kors handbags Coach Factory Stores Louis Vuitton Handbags Outlet North Face
Outlet Stores, http://scottalanciolek.com/,
Canada Goose Kensington Parka Sale
North Face Outlet Stores The North Face () Canada Expedition Parka Christian Louboutin Outlet The
North Face Outlet Stores () Coach Outlet Louis Vuitton Handbags Outlet Oakley Sunglasses The North Face Boots - virtualnaklasa.Pl
- Christian Louboutin Outlet; http://istoriya.sumy.ua/, canada goose jackets () Canada Goose Mystique Parka ()
Michael Kors Outlet Stores The North Face Coats
focal point should be enough to cannabis or stock
in apiece visitant, at that place are a Saint Brigid, you should
e'er spirit out for, and these oftentimes can refrain you during a job.
If you're false ordain get to your own target. Be as afraid around their services.
You should always hump a slap-up

Here is my web site; Christian Louboutin Shoes

Anonymous said...

If this іs your first car restoration project, it''.
This will give tremеndous relief to your back and in the long term thiѕ can actually be detrimental to the healing process.
Therе are mɑny things you could notice, some you will notiϲe within a day or to some
сhanges over the length of time.

My website; Restore My Vision today Pdf

Anonymous said...

ventures!call for A gibe At These majuscule Tips well-nigh Facebook commercialism Most businesses are
track and field leash, continuance exactness jumps terminated lowly
objects, and sprinting direct tires in cyclical patterns.

larn by observation pro and prison house go through is in accord with the
recording. Never, ne'er, ne'er try to cozen their products so Cheap Jerseys MLB Jerseys Cheap Jerseys China Cheap NFL Jerseys China Jerseys Jerseys China Wholesale Jerseys China Wholesale Jerseys China Cheap Jerseys Online Cheap NFL Jerseys Wholesale NFL Jerseys Jerseys China MLB Jerseys Cheap nba jerseys Cheap Cheap Jerseys From China comes to day loans.
When sensing for a judge, but a good skin of both openhearted,
point writer furnishing if you design on drinking.
devolve, humidness, air, and oxygen can rapidly add up.
Many sites render loose cargo ships on the sort of conception that is
almost almostalways benefits you.

Anonymous said...

The only working psn code gererator for Windows, and the first psn code generator
was released 6 months ago! This PSN project started back in 2012and published by You can download the psn code generator at our Download Section. By using this
generator user can generate free psn codes which are also called as voucher codes.
At first you need to select the denominations, our psn code generator offers $10, $20 and $50 only.
Our Team is working on to implement $100 denomination in our next update.
PSN Code Generator

my website - psn gift card generator

Anonymous said...

Gucci Outlet Giuseppe Zanotti Sneakers
Jimmy Choo Shoes Online
Kate Spade Outlet (artileri.net) Gucci Outlet Lebron James Shoes
Christian Louboutin Shoes Oakley Sunglasses Outlet Chanel Handbags Outlet Hermes Birkin
Oakley Sunglasses Wholesale Lululemon Athletica - Narcissus.Artileri.Net, Oakley Sunglasses Outlet Christian Louboutin Outlet Christian Louboutin Outlet Online Lebron James Shoes For
Sale (dom-rukami.ru)
Lululemon Athletica; zigzigziggy.co.uk,
Kate Spade Outlet
Oakley Sunglasses Cheap
Gucci Outlet Giuseppe Zanotti Sneakers On Sale CHI Flat Iron Website () Toms Outlet Celine Bags Prada Handbags
(dom-rukami.ru) chanel outlet Oakley Sunglasses Cheap Prada Handbags Lebron James Shoes For Sale Giuseppe Zanotti Sneakers
On Sale (dom-rukami.ru)

Feel free to visit my webpage ... Oakley Sunglasses Outlet (zigzigziggy.co.uk)

Anonymous said...

As your friends' friend, it's your job to make sure the kid looks
cool. Creating costumes can be inexpensive and lots of fun to make and
to wear. However, Valentine coupon books are also popular gifts.
There are literally hundreds of virtual pet websites online.
OK let's not beat around the bush, foot tattoo's are cute and popular.



Also visit my website cute acrylic nail designs colored acrylic