This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Trojan Horse"
(Reverting to last version not containing links to www.texttadaraltrocn.com) |
|||
(21 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
{{Template:Attack}} | {{Template:Attack}} | ||
+ | <br> | ||
+ | [[Category:OWASP ASDR Project]] | ||
− | |||
− | + | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | |
− | |||
− | |||
− | + | ==Description== | |
− | |||
− | === | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | A Trojan Horse is a program that uses malicious code masqueraded as a trusted application. The malicious code can be injected on benign applications, masqueraded in e-mail links, or sometimes hidden in JavaScript pages to make furtive attacks against vulnerable internet Browsers. | |
− | + | Other details can be found in [[Man-in-the-browser attack]]. | |
+ | ===The 7 Main Types of Trojan Horse=== | ||
+ | # '''Remote Access Trojan (RAT):''' Designed to provide the attacker full control of the infected machine. Trojan horse usually masqueraded as a utility. | ||
+ | # '''Data Sending Trojan:''' Trojan horse that uses keylogger technology to capture sensitive data like passwords, credit card and banking information, and IM messages, and sends them back to the attacker. | ||
+ | # '''Destructive Trojan:''' Trojan horse designed to destroy data stored on the victim’s computer. | ||
+ | # '''Proxy Trojan:''' Trojan horse that uses the victim's computer as a proxy server, providing the attacker an opportunity to execute illicit acts from the infected computer, like banking fraud, and even malicious attacks over the internet. | ||
+ | # '''FTP Trojan:''' This type of Trojan horse uses the port 21 to enable the attackers to connect to the victim's computer using File Transfer Protocol. | ||
+ | # '''Security software disabler Trojan:''' This Trojan horse is designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim's computer, and even to infect more than the computer. | ||
+ | # '''Denial-of-Service attack Trojan:''' Trojan horse designed to give the attacker opportunity to realize Denial-of-Service attacks from victim's computer. | ||
===Symptoms=== | ===Symptoms=== | ||
− | + | Some common symptoms: | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | * Wallpaper and other background settings auto-changing | ||
+ | * Mouse pointer disappears | ||
+ | * Programs auto-loading and unloading | ||
+ | * Strange window warnings, messages and question boxes, and options being displayed constantly | ||
+ | * e-mail client auto sending messages to all on the user's contacts list | ||
+ | * Windows auto closing | ||
+ | * System auto rebooting | ||
+ | * Internet account information changing | ||
+ | * High internet bandwidth being used without user action | ||
+ | * Computer's high resources consumption (computer slows down) | ||
+ | * Ctrl + Alt + Del stops working | ||
+ | == Risk Factors== | ||
+ | High: A Trojan horse can break through all security polices in a network, because an attacker can | ||
+ | get access to a WorkStation with stored network credentials. With these credentials, an | ||
+ | attacker can compromise the whole network. | ||
==Examples== | ==Examples== | ||
− | |||
− | |||
− | |||
An iframe pointing to a javascript which downloads malware: http://isc.sans.org/diary.html?storyid=2923&dshield=4c501ba0d99f5168ce114d3a3feab567 | An iframe pointing to a javascript which downloads malware: http://isc.sans.org/diary.html?storyid=2923&dshield=4c501ba0d99f5168ce114d3a3feab567 | ||
+ | [[Category:FIXME|link not working | ||
− | + | A Javascript Trojan Horse example can be found on: http://www.attacklabs.com/download/sniffer.rar . | |
− | |||
− | |||
− | |||
− | |||
− | |||
+ | ]] | ||
− | ==Related | + | ==Related [[Threat Agents]]== |
− | + | * [[:Category:Client-side Attacks]] | |
− | *[[:Category:Client-side Attacks]] | + | [[Category:FIXME|need links]] |
− | |||
− | |||
− | |||
+ | ==Related [[Attacks]]== | ||
* [[Spyware]] | * [[Spyware]] | ||
* [[Phishing]] | * [[Phishing]] | ||
+ | ==Related [[Vulnerabilities]]== | ||
+ | * TBD | ||
− | ==Related | + | ==Related [[Controls]]== |
+ | * TBD | ||
− | + | == References== | |
− | + | * [http://myappsecurity.blogspot.com/2007/01/ajax-sniffer-prrof-of-concept.html Ajax Sniffer] | |
− | + | * [http://hacker-eliminator.com/trojansymptoms.html Trojan Infection Symptoms] | |
− | == | + | * [http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp The Difference Between a Virus, Worm and Trojan Horse] |
− | |||
− | |||
− | |||
− | + | [[Category:Embedded Malicious Code]] | |
− | + | [[Category:Attack]] |
Latest revision as of 18:27, 27 May 2009
- This is an Attack. To view all attacks, please see the Attack Category page.
Last revision (mm/dd/yy): 05/27/2009
Description
A Trojan Horse is a program that uses malicious code masqueraded as a trusted application. The malicious code can be injected on benign applications, masqueraded in e-mail links, or sometimes hidden in JavaScript pages to make furtive attacks against vulnerable internet Browsers.
Other details can be found in Man-in-the-browser attack.
The 7 Main Types of Trojan Horse
- Remote Access Trojan (RAT): Designed to provide the attacker full control of the infected machine. Trojan horse usually masqueraded as a utility.
- Data Sending Trojan: Trojan horse that uses keylogger technology to capture sensitive data like passwords, credit card and banking information, and IM messages, and sends them back to the attacker.
- Destructive Trojan: Trojan horse designed to destroy data stored on the victim’s computer.
- Proxy Trojan: Trojan horse that uses the victim's computer as a proxy server, providing the attacker an opportunity to execute illicit acts from the infected computer, like banking fraud, and even malicious attacks over the internet.
- FTP Trojan: This type of Trojan horse uses the port 21 to enable the attackers to connect to the victim's computer using File Transfer Protocol.
- Security software disabler Trojan: This Trojan horse is designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim's computer, and even to infect more than the computer.
- Denial-of-Service attack Trojan: Trojan horse designed to give the attacker opportunity to realize Denial-of-Service attacks from victim's computer.
Symptoms
Some common symptoms:
- Wallpaper and other background settings auto-changing
- Mouse pointer disappears
- Programs auto-loading and unloading
- Strange window warnings, messages and question boxes, and options being displayed constantly
- e-mail client auto sending messages to all on the user's contacts list
- Windows auto closing
- System auto rebooting
- Internet account information changing
- High internet bandwidth being used without user action
- Computer's high resources consumption (computer slows down)
- Ctrl + Alt + Del stops working
Risk Factors
High: A Trojan horse can break through all security polices in a network, because an attacker can get access to a WorkStation with stored network credentials. With these credentials, an attacker can compromise the whole network.
Examples
An iframe pointing to a javascript which downloads malware: http://isc.sans.org/diary.html?storyid=2923&dshield=4c501ba0d99f5168ce114d3a3feab567
Related Threat Agents
Related Attacks
Related Vulnerabilities
- TBD
Related Controls
- TBD