(Undo revision 28006 by 210.19.13.139 (talk)) |
m (→See also) |
||
| (14 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | == |
+ | == Definitions == |
| + | Named after the wooden horse from Greek mythology, a '''Trojan horse''' is a |
||
| ⚫ | |||
| + | |||
| ⚫ | {{Quote|[[program]] that conceals [[malicious code|malicious computer code]]. Typically, a Trojan horse masquerades as a useful [[program]] that [[user]]s would want or need to [[execute]]. It performs, or appears to perform, as expected, but also does surreptitious harm.<ref>[[Information Superhighway: An Overview of Technology Challenges]], at 20 n.7.</ref>}} |
||
| + | |||
| + | {{Quote|[[program]] that performs a desired task, but also includes unexpected (and undesirable) functions. In this respect, a Trojan horse is similar to a [[virus]], except a Trojan horse does not [[replicate]]. An example of a Trojan horse would be an [[editing]] [[program]] for a [[multi-user]] [[system]] which has been modified to randomly [[delete]] one of the [[user]]'s [[file]]s each time that [[program]] is [[used]]. The program would perform its normal, expected function ([[editing]]), but the [[deletion]]s are unexpected and undesired. A [[host program]] that has been [[infected]] by a [[virus]] is often described as a Trojan horse.<ref>[[NIST Special Publication 800-5]], at §1.3.</ref>}} |
||
== How it works == |
== How it works == |
||
| + | |||
| + | A Trojan horse program typically falls into one of the following categories: |
||
| + | |||
| + | #Legitimate [[application]] designers will often insert [[unauthorized]] instructions within their products, as either a [[backdoor]] mechanism, or as a way of collecting [[personal information]] about the [[user]]s of their product. These instructions perform these operations without the [[knowledge]] or permission of the [[user]]. |
||
| + | #A legitimate-appearing [[program]] that has been obtained from a questionable source is altered by the placement of [[unauthorized]] instructions within it. These instructions perform secondary functions unknown to the [[user]]. |
||
| + | #Any other [[program]] that appears to perform one operation or function but that, because of the unknown instructions within it (by design), performs functions unknown to the [[user]]. |
||
A Trojan horse may enter a [[user]]'s [[computer]] by presenting itself as an attractive tool of some sort, which the [[user]] [[intentional]]ly [[download]]s and [[install]]s, unaware of its ulterior purpose. Trojan horses typically build in the [[functionality]] of [[keylogging software]] and other [[spyware]] and a range of other functions to [[disable]] [[system security]]. |
A Trojan horse may enter a [[user]]'s [[computer]] by presenting itself as an attractive tool of some sort, which the [[user]] [[intentional]]ly [[download]]s and [[install]]s, unaware of its ulterior purpose. Trojan horses typically build in the [[functionality]] of [[keylogging software]] and other [[spyware]] and a range of other functions to [[disable]] [[system security]]. |
||
| − | A Trojan horse, once delivered to its [[host]] and [[execute]]d, might be activated at any time, either by [[remote control]], by a [[timer mechanism]], or through detecting certain events on the [[host]] (or a combination of all three). |
+ | A Trojan horse, once delivered to its [[host]] and [[execute]]d, might be activated at any time, either by [[remote control]], by a [[timer mechanism]], or through detecting certain events on the [[host]] (or a combination of all three). |
Some Trojan horses are intended to replace existing [[file]]s, such as [[system]] and [[application]] [[executable]]s, with malicious versions; others add another [[application]] to [[system]]s instead of overwriting existing [[file]]s. Trojan horses tend to conform to one of the following three models: |
Some Trojan horses are intended to replace existing [[file]]s, such as [[system]] and [[application]] [[executable]]s, with malicious versions; others add another [[application]] to [[system]]s instead of overwriting existing [[file]]s. Trojan horses tend to conform to one of the following three models: |
||
| − | |||
* Continuing to perform the function of the original [[program]] and also performing separate, unrelated malicious activity (e.g., a [[videogame]] that also collects [[application]] [[password]]s); |
* Continuing to perform the function of the original [[program]] and also performing separate, unrelated malicious activity (e.g., a [[videogame]] that also collects [[application]] [[password]]s); |
||
| − | |||
* Continuing to perform the function of the original [[program]] but [[modify]]ing the function to perform malicious activity (e.g., a Trojan horse version of a [[login]] [[program]] that collects [[password]]s) or to disguise other malicious activity (e.g., a Trojan horse version of a process-listing [[program]] that does not display other malicious processes); and |
* Continuing to perform the function of the original [[program]] but [[modify]]ing the function to perform malicious activity (e.g., a Trojan horse version of a [[login]] [[program]] that collects [[password]]s) or to disguise other malicious activity (e.g., a Trojan horse version of a process-listing [[program]] that does not display other malicious processes); and |
||
| − | * Performing a malicious function that completely replaces the function of the original [[program]] (e.g., a [[file]] that claims to be a [[videogame]] but actually just [[delete]]s all [[system file]]s when it is [[run]]). |
+ | * Performing a malicious function that completely replaces the function of the original [[program]] (e.g., a [[file]] that claims to be a [[videogame]] but actually just [[delete]]s all [[system file]]s when it is [[run]]). |
| − | Trojan horses can be difficult to detect. Because many are specifically designed to conceal their presence on [[system]]s and perform the original [[program]]'s function properly, [[user]]s and [[system administrator]]s may not notice them. Many newer Trojan horses also make use of some of the same [[Virus obfuscation techniques|obfuscation techniques]] that [[virus]]es use to avoid detection. |
+ | Trojan horses can be difficult to detect. Because many are specifically designed to conceal their presence on [[system]]s and perform the original [[program]]'s function properly, [[user]]s and [[system administrator]]s may not notice them. Many newer Trojan horses also make use of some of the same [[Virus obfuscation techniques|obfuscation techniques]] that [[virus]]es use to avoid detection. |
| − | The use of Trojan horses to [[distribute]] [[spyware program]]s has become increasingly common. [[Spyware]] is often bundled with [[software]], such as certain [[peer-to-peer]] [[file-sharing]] client [[program]]s; when the [[user]] [[install]]s the supposedly benign [[software]], it then covertly [[install]]s [[spyware program]]s. Trojan horses also often deliver other types of attacker tools onto systems, which can provide [[unauthorized access]] to or usage of [[infected system]]s. These tools may be bundled with the Trojan horse or [[download]]ed by the Trojan horse after it is placed onto a [[system]] and [[run]]. |
+ | The use of Trojan horses to [[distribute]] [[spyware program]]s has become increasingly common. [[Spyware]] is often bundled with [[software]], such as certain [[peer-to-peer]] [[file-sharing]] client [[program]]s; when the [[user]] [[install]]s the supposedly benign [[software]], it then covertly [[install]]s [[spyware program]]s. Trojan horses also often deliver other types of attacker tools onto systems, which can provide [[unauthorized access]] to or usage of [[infected system]]s. These tools may be bundled with the Trojan horse or [[download]]ed by the Trojan horse after it is placed onto a [[system]] and [[run]]. |
| − | Trojan horses can cause serious technical issues on [[system]]s. For example, a Trojan horse that replaces legitimate [[system]] [[executable]]s may cause certain functionality to be performed incorrectly or lost altogether. [[Spyware]]-related Trojan horses have been particularly disruptive to many [[system]]s because they are often intentionally invasive, making many modifications to [[system]]s and deploying themselves so that their removal causes serious disruption to the [[system]], in some cases to the point where the [[system]] can no longer function. |
+ | Trojan horses can cause serious technical issues on [[system]]s. For example, a Trojan horse that replaces legitimate [[system]] [[executable]]s may cause certain functionality to be performed incorrectly or lost altogether. [[Spyware]]-related Trojan horses have been particularly disruptive to many [[system]]s because they are often intentionally invasive, making many modifications to [[system]]s and deploying themselves so that their removal causes serious disruption to the [[system]], in some cases to the point where the [[system]] can no longer function. |
| − | Trojan horses and the tools they [[install]] can also be resource-intensive, causing noticeable performance degradation on [[infected system]]s. Some well-known Trojan horses are [[SubSeven]], [[Back Orifice]], and [[Optix Pro]]. |
+ | Trojan horses and the tools they [[install]] can also be resource-intensive, causing noticeable performance degradation on [[infected system]]s. Some well-known Trojan horses are [[SubSeven]], [[Back Orifice]], and [[Optix Pro]]. |
== References == |
== References == |
||
<references /> |
<references /> |
||
| − | == |
+ | == Source == |
| + | |||
| + | * [[Assessing Technology, Methods, and Information for Committing and Combating Cyber Crime]]. |
||
| + | |||
| + | == External resources == |
||
| + | |||
| ⚫ | |||
| + | == See also == |
||
| ⚫ | |||
| + | * [[Bomb]] |
||
| + | * [[Recovering from Viruses, Worms, and Trojan Horses]] |
||
| + | * [[Trojan attack]] |
||
| + | * [[Trojan clicker]] |
||
| + | * [[Trojan network]] |
||
[[Category:Software]] |
[[Category:Software]] |
||
[[Category:Security]] |
[[Category:Security]] |
||
| + | [[Category:Spyware]] |
||
| + | [[Category:Malware]] |
||
| + | [[Category:Definition]] |
||
Latest revision as of 22:49, 10 October 2019
Definitions[]
Named after the wooden horse from Greek mythology, a Trojan horse is a
| “ | program that conceals malicious computer code. Typically, a Trojan horse masquerades as a useful program that users would want or need to execute. It performs, or appears to perform, as expected, but also does surreptitious harm.[1] | ” |
| “ | program that performs a desired task, but also includes unexpected (and undesirable) functions. In this respect, a Trojan horse is similar to a virus, except a Trojan horse does not replicate. An example of a Trojan horse would be an editing program for a multi-user system which has been modified to randomly delete one of the user's files each time that program is used. The program would perform its normal, expected function (editing), but the deletions are unexpected and undesired. A host program that has been infected by a virus is often described as a Trojan horse.[2] | ” |
How it works[]
A Trojan horse program typically falls into one of the following categories:
- Legitimate application designers will often insert unauthorized instructions within their products, as either a backdoor mechanism, or as a way of collecting personal information about the users of their product. These instructions perform these operations without the knowledge or permission of the user.
- A legitimate-appearing program that has been obtained from a questionable source is altered by the placement of unauthorized instructions within it. These instructions perform secondary functions unknown to the user.
- Any other program that appears to perform one operation or function but that, because of the unknown instructions within it (by design), performs functions unknown to the user.
A Trojan horse may enter a user's computer by presenting itself as an attractive tool of some sort, which the user intentionally downloads and installs, unaware of its ulterior purpose. Trojan horses typically build in the functionality of keylogging software and other spyware and a range of other functions to disable system security.
A Trojan horse, once delivered to its host and executed, might be activated at any time, either by remote control, by a timer mechanism, or through detecting certain events on the host (or a combination of all three).
Some Trojan horses are intended to replace existing files, such as system and application executables, with malicious versions; others add another application to systems instead of overwriting existing files. Trojan horses tend to conform to one of the following three models:
- Continuing to perform the function of the original program and also performing separate, unrelated malicious activity (e.g., a videogame that also collects application passwords);
- Continuing to perform the function of the original program but modifying the function to perform malicious activity (e.g., a Trojan horse version of a login program that collects passwords) or to disguise other malicious activity (e.g., a Trojan horse version of a process-listing program that does not display other malicious processes); and
- Performing a malicious function that completely replaces the function of the original program (e.g., a file that claims to be a videogame but actually just deletes all system files when it is run).
Trojan horses can be difficult to detect. Because many are specifically designed to conceal their presence on systems and perform the original program's function properly, users and system administrators may not notice them. Many newer Trojan horses also make use of some of the same obfuscation techniques that viruses use to avoid detection.
The use of Trojan horses to distribute spyware programs has become increasingly common. Spyware is often bundled with software, such as certain peer-to-peer file-sharing client programs; when the user installs the supposedly benign software, it then covertly installs spyware programs. Trojan horses also often deliver other types of attacker tools onto systems, which can provide unauthorized access to or usage of infected systems. These tools may be bundled with the Trojan horse or downloaded by the Trojan horse after it is placed onto a system and run.
Trojan horses can cause serious technical issues on systems. For example, a Trojan horse that replaces legitimate system executables may cause certain functionality to be performed incorrectly or lost altogether. Spyware-related Trojan horses have been particularly disruptive to many systems because they are often intentionally invasive, making many modifications to systems and deploying themselves so that their removal causes serious disruption to the system, in some cases to the point where the system can no longer function.
Trojan horses and the tools they install can also be resource-intensive, causing noticeable performance degradation on infected systems. Some well-known Trojan horses are SubSeven, Back Orifice, and Optix Pro.
References[]
- ↑ Information Superhighway: An Overview of Technology Challenges, at 20 n.7.
- ↑ NIST Special Publication 800-5, at §1.3.