This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Trojan Horse"
m (Reverted edits by Nganbinh (Talk); changed back to last version by Weilin Zhong) |
|||
Line 3: | Line 3: | ||
==Description== | ==Description== | ||
− | ==Examples == | + | A Trojan horse is a program that uses malicious code masqueraded as a benign application. The term derives from the myth of the Greek Trojan Horse on the Trojan War. The malicious code can be injected on legitimate software to be installed by victim, or the supposed benign program itself can be the Trojan horse. The victim is usually tricked to open the Trojan horse because it appears to be received from a legitimate source. |
+ | This kind of malware looks and acts like a virus, but the difference resides on the fact that Trojan horse does not self-replicate. The infected computer experience many different symptoms similar to virus, as background configuration auto changing, mouse buttons function reversing, system crashes, the famous blue screen, computer reboots itself, Ctrl + Alt + Del stops working, and many other symptoms described later in this document. | ||
+ | The ultimate Trojan horse uses javascript to make furtive attack, free of antimalware intervention and users interception, normally used on attacks against internet banking transactions on-the-fly, resulting victim´s financial loss. | ||
+ | |||
+ | Other details can be found on [[Man-in-the-browser attack]]. | ||
+ | |||
+ | ===The 7 main types of Trojan Horse=== | ||
+ | |||
+ | 1.Remote Access Trojan (RAT) | ||
+ | |||
+ | Designed to provide the attacker full control of the infected machine. Trojan horse usually masqueraded as a utility. | ||
+ | |||
+ | 2.Data Sending Trojan | ||
+ | |||
+ | Trojan horse that uses keylogger technology to capture sensitive data like passwords, credit card and banking information, IM messages, and send back to attacker. | ||
+ | |||
+ | 3.Destructive Trojan | ||
+ | |||
+ | Trojan horse designed to destroy data stored on victim’s computer. | ||
+ | |||
+ | 4.Proxy Trojan | ||
+ | |||
+ | Trojan horse that uses the victim´s computer as a proxy server, providing attacker opportunity to execute illicit acts from the infected computer, like banking fraud, and even malicious attacks over the internet. | ||
+ | |||
+ | 5.FTP Trojan | ||
+ | |||
+ | This type of Trojan horse uses the port 21 to enable the attackers to connect to the victim´s computer using File Transfer Protocol. | ||
+ | |||
+ | 6.Security software disabler Trojan | ||
+ | |||
+ | The Trojan horse is designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim´s computer, and even to infect more the computer. | ||
+ | |||
+ | 7.Denial-of-Service attack Trojan | ||
+ | |||
+ | Trojan horse designed to give the attacker opportunity to realize Denial-of-Service attacks from victim´s computer. | ||
+ | |||
+ | |||
+ | ===Symptoms=== | ||
+ | |||
+ | A list of common symptoms is described in this section. | ||
+ | |||
+ | •Wallpaper and other background settings auto changing | ||
+ | |||
+ | •Internet browser display unknown web sites | ||
+ | |||
+ | •Mouse pointer disappear | ||
+ | |||
+ | •Sound volume auto changing | ||
+ | |||
+ | •Buttons, shortcuts and other basic resources disappear | ||
+ | |||
+ | •Programs auto loading and unloading | ||
+ | |||
+ | •Strange windows warnings, messages and question box, and options being displayed constantly | ||
+ | |||
+ | •e-mail client auto sending messages to all user´s contacts list | ||
+ | |||
+ | •Windows auto closing | ||
+ | |||
+ | •System auto rebooting | ||
+ | |||
+ | •Internet accounts information changing | ||
+ | |||
+ | •High internet bandwidth being used without user action | ||
+ | |||
+ | •Computer´s high resources consumption (computer slows down) | ||
+ | |||
+ | •Popup with adult content or illegal references appearing without user action | ||
+ | |||
+ | •Ctrl + Alt + Del stops working | ||
+ | |||
+ | •Other users connected to the computer | ||
+ | |||
+ | •Documents being sent to the printer without user action | ||
+ | |||
+ | •DVD/CD drive´s drawer auto opening and closing | ||
+ | |||
+ | |||
+ | |||
+ | ==Examples== | ||
+ | |||
+ | A Javascript Trojan Horse example can be found on: http://www.attacklabs.com/download/sniffer.rar . | ||
+ | |||
+ | An iframe pointing to a javascript which downloads malware: http://isc.sans.org/diary.html?storyid=2923&dshield=4c501ba0d99f5168ce114d3a3feab567 | ||
+ | |||
+ | |||
+ | == References== | ||
+ | |||
+ | *[[http://myappsecurity.blogspot.com/2007/01/ajax-sniffer-prrof-of-concept.html | Ajax Sniffer]] | ||
+ | |||
+ | *[[http://hacker-eliminator.com/trojansymptoms.html | Trojan Infection Symptoms]] | ||
+ | |||
+ | *[[http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp | The Difference Between a Virus, Worm and Trojan Horse]] | ||
+ | |||
==Related Threats== | ==Related Threats== | ||
+ | |||
+ | *[[:Category:Client-side Attacks]] | ||
+ | |||
==Related Attacks== | ==Related Attacks== | ||
+ | |||
+ | * [[Spyware]] | ||
+ | * [[Phishing]] | ||
+ | |||
==Related Vulnerabilities== | ==Related Vulnerabilities== | ||
+ | |||
+ | TBD | ||
+ | |||
==Related Countermeasures== | ==Related Countermeasures== | ||
+ | |||
+ | TBD | ||
+ | |||
==Categories== | ==Categories== | ||
− | + | * [[:Category:Resource Manipulation]] | |
− | [[Category:Malicious Code Attack]] | + | * [[:Category:Malicious Code Attack]] |
Revision as of 17:15, 30 October 2007
- This is an Attack. To view all attacks, please see the Attack Category page.
Description
A Trojan horse is a program that uses malicious code masqueraded as a benign application. The term derives from the myth of the Greek Trojan Horse on the Trojan War. The malicious code can be injected on legitimate software to be installed by victim, or the supposed benign program itself can be the Trojan horse. The victim is usually tricked to open the Trojan horse because it appears to be received from a legitimate source. This kind of malware looks and acts like a virus, but the difference resides on the fact that Trojan horse does not self-replicate. The infected computer experience many different symptoms similar to virus, as background configuration auto changing, mouse buttons function reversing, system crashes, the famous blue screen, computer reboots itself, Ctrl + Alt + Del stops working, and many other symptoms described later in this document. The ultimate Trojan horse uses javascript to make furtive attack, free of antimalware intervention and users interception, normally used on attacks against internet banking transactions on-the-fly, resulting victim´s financial loss.
Other details can be found on Man-in-the-browser attack.
The 7 main types of Trojan Horse
1.Remote Access Trojan (RAT)
Designed to provide the attacker full control of the infected machine. Trojan horse usually masqueraded as a utility.
2.Data Sending Trojan
Trojan horse that uses keylogger technology to capture sensitive data like passwords, credit card and banking information, IM messages, and send back to attacker.
3.Destructive Trojan
Trojan horse designed to destroy data stored on victim’s computer.
4.Proxy Trojan
Trojan horse that uses the victim´s computer as a proxy server, providing attacker opportunity to execute illicit acts from the infected computer, like banking fraud, and even malicious attacks over the internet.
5.FTP Trojan
This type of Trojan horse uses the port 21 to enable the attackers to connect to the victim´s computer using File Transfer Protocol.
6.Security software disabler Trojan
The Trojan horse is designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim´s computer, and even to infect more the computer.
7.Denial-of-Service attack Trojan
Trojan horse designed to give the attacker opportunity to realize Denial-of-Service attacks from victim´s computer.
Symptoms
A list of common symptoms is described in this section.
•Wallpaper and other background settings auto changing
•Internet browser display unknown web sites
•Mouse pointer disappear
•Sound volume auto changing
•Buttons, shortcuts and other basic resources disappear
•Programs auto loading and unloading
•Strange windows warnings, messages and question box, and options being displayed constantly
•e-mail client auto sending messages to all user´s contacts list
•Windows auto closing
•System auto rebooting
•Internet accounts information changing
•High internet bandwidth being used without user action
•Computer´s high resources consumption (computer slows down)
•Popup with adult content or illegal references appearing without user action
•Ctrl + Alt + Del stops working
•Other users connected to the computer
•Documents being sent to the printer without user action
•DVD/CD drive´s drawer auto opening and closing
Examples
A Javascript Trojan Horse example can be found on: http://www.attacklabs.com/download/sniffer.rar .
An iframe pointing to a javascript which downloads malware: http://isc.sans.org/diary.html?storyid=2923&dshield=4c501ba0d99f5168ce114d3a3feab567
References
Related Threats
Related Attacks
Related Vulnerabilities
TBD
Related Countermeasures
TBD