Thank you for visiting OWASP.org. We recently migrated our community to a new web platform and regretably the content for this page needed to be programmatically ported from its previous wiki page. There’s still some work to be done.
Description
A Trojan Horse is a program that uses malicious code masqueraded as atrusted application. The malicious code can be injected on benignapplications, masqueraded in e-mail links, or sometimes hidden inJavaScript pages to make furtive attacks against vulnerable internetBrowsers.
Other details can be found in Man-in-the-browserattack.
The 7 Main Types of Trojan Horse
- Remote Access Trojan (RAT): Designed to provide the attackerfull control of the infected machine. Trojan horse usuallymasqueraded as a utility.
- Data Sending Trojan: Trojan horse that uses keylogger technologyto capture sensitive data like passwords, credit card and bankinginformation, and IM messages, and sends them back to the attacker.
- Destructive Trojan: Trojan horse designed to destroy data storedon the victim’s computer.
- Proxy Trojan: Trojan horse that uses the victim’s computer as aproxy server, providing the attacker an opportunity to executeillicit acts from the infected computer, like banking fraud, andeven malicious attacks over the internet.
- FTP Trojan: This type of Trojan horse uses the port 21 to enablethe attackers to connect to the victim’s computer using FileTransfer Protocol.
- Security software disabler Trojan: This Trojan horse is designedto disable security software like firewall and antivirus, enablingthe attacker to use many invasion techniques to invade the victim’scomputer, and even to infect more than the computer.
- Denial-of-Service attack Trojan: Trojan horse designed to givethe attacker opportunity to realize Denial-of-Service attacks fromvictim’s computer.
Symptoms
Some common symptoms:
- Wallpaper and other background settings auto-changing
- Mouse pointer disappears
- Programs auto-loading and unloading
- Strange window warnings, messages and question boxes, and optionsbeing displayed constantly
- e-mail client auto sending messages to all on the user’s contactslist
- Windows auto closing
- System auto rebooting
- Internet account information changing
- High internet bandwidth being used without user action
- Computer’s high resources consumption (computer slows down)
- Ctrl + Alt + Del stops working
Risk Factors
High: A Trojan horse can break through all security polices in anetwork, because an attacker can get access to a WorkStation with storednetwork credentials. With these credentials, an attacker can compromisethe whole network.
Examples
An iframe pointing to a javascript which downloads malware:http://isc.sans.org/diary.html?storyid=2923&dshield=4c501ba0d99f5168ce114d3a3feab567
[[Category:FIXME | link not working |
A Javascript Trojan Horse example can be found on:http://www.attacklabs.com/download/sniffer.rar .
]]
Related Attacks
- TBD
Related Controls
- TBD
References
Category:OWASP ASDR Projectneed links Category:Embedded MaliciousCodeCategory:Attack