Difference between revisions of "Trojan Horse"

From OWASP
Jump to: navigation, search
(References)
(Description)
Line 3: Line 3:
 
==Description==
 
==Description==
  
A Trojan Horse is a program that uses malicious code masqueraded as a trusted applications. The malicious code can be injected on benign applications, masqueraded in e-mails links or sometimes hidden in JavaScript  pages to make furtive attacks against vulnerable internet Browsers.
+
A Trojan Horse is a program that uses malicious code masqueraded as a trusted application. The malicious code can be injected on benign applications, masqueraded in e-mails links or sometimes hidden in JavaScript  pages to make furtive attacks against vulnerable internet Browsers.
  
 
Other details can be found on [[Man-in-the-browser attack]].
 
Other details can be found on [[Man-in-the-browser attack]].
Line 23: Line 23:
 
4.Proxy Trojan
 
4.Proxy Trojan
  
Trojan horse that uses the victim´s computer as a proxy server, providing attacker opportunity to execute illicit acts from the infected computer, like banking fraud, and even malicious attacks over the internet.
+
Trojan horse that uses the victim´s computer as a proxy server, providing the attacker an opportunity to execute illicit acts from the infected computer, like banking fraud, and even malicious attacks over the internet.
  
 
5.FTP Trojan
 
5.FTP Trojan
Line 31: Line 31:
 
6.Security software disabler Trojan
 
6.Security software disabler Trojan
  
The Trojan horse is designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim´s computer, and even to infect more the computer.
+
The Trojan horse is designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim's computer, and even to infect more than the computer.
  
 
7.Denial-of-Service attack Trojan
 
7.Denial-of-Service attack Trojan
Line 49: Line 49:
 
•Strange windows warnings, messages and question box, and options being displayed constantly
 
•Strange windows warnings, messages and question box, and options being displayed constantly
  
•e-mail client auto sending messages to all user´s contacts list
+
•e-mail client auto sending messages to all user's contacts list
  
 
•Windows auto closing
 
•Windows auto closing
Line 59: Line 59:
 
•High internet bandwidth being used without user action
 
•High internet bandwidth being used without user action
  
•Computer´s high resources consumption (computer slows down)
+
•Computer's high resources consumption (computer slows down)
  
 
•Ctrl + Alt + Del stops working
 
•Ctrl + Alt + Del stops working

Revision as of 09:39, 4 August 2008

This is an Attack. To view all attacks, please see the Attack Category page.


Description

A Trojan Horse is a program that uses malicious code masqueraded as a trusted application. The malicious code can be injected on benign applications, masqueraded in e-mails links or sometimes hidden in JavaScript pages to make furtive attacks against vulnerable internet Browsers.

Other details can be found on Man-in-the-browser attack.

The 7 main types of Trojan Horse

1.Remote Access Trojan (RAT)

Designed to provide the attacker full control of the infected machine. Trojan horse usually masqueraded as a utility.

2.Data Sending Trojan

Trojan horse that uses keylogger technology to capture sensitive data like passwords, credit card and banking information, IM messages, and send back to attacker.

3.Destructive Trojan

Trojan horse designed to destroy data stored on victim’s computer.

4.Proxy Trojan

Trojan horse that uses the victim´s computer as a proxy server, providing the attacker an opportunity to execute illicit acts from the infected computer, like banking fraud, and even malicious attacks over the internet.

5.FTP Trojan

This type of Trojan horse uses the port 21 to enable the attackers to connect to the victim´s computer using File Transfer Protocol.

6.Security software disabler Trojan

The Trojan horse is designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim's computer, and even to infect more than the computer.

7.Denial-of-Service attack Trojan

Trojan horse designed to give the attacker opportunity to realize Denial-of-Service attacks from victim´s computer.

Symptoms

A list of common symptoms is described in this section.

•Wallpaper and other background settings auto changing

•Mouse pointer disappear

•Programs auto loading and unloading

•Strange windows warnings, messages and question box, and options being displayed constantly

•e-mail client auto sending messages to all user's contacts list

•Windows auto closing

•System auto rebooting

•Internet accounts information changing

•High internet bandwidth being used without user action

•Computer's high resources consumption (computer slows down)

•Ctrl + Alt + Del stops working

Risk Factor

High

A Trojan horse can break througt all the security polices in a network, because a attacker can get access to a WorkStation that can have network credentials stored in. With this credentials a attacker can compromise all the network.


Examples

A Javascript Trojan Horse example can be found on: http://www.attacklabs.com/download/sniffer.rar .

An iframe pointing to a javascript which downloads malware: http://isc.sans.org/diary.html?storyid=2923&dshield=4c501ba0d99f5168ce114d3a3feab567

References

Related Threats

Related Attacks

Related Vulnerabilities

TBD

Related Countermeasures

TBD