Trojan Horse Programs

Adam L. Young, Cigital, Inc.

Introduction

Laying Siege to Troy

How Trojans Differ from Viruses and Worms

History of Trojan Horses

Early Investigations into Abnormal Finite Automata

Early Military Awareness Due to Shared-Resource Machines

The Trojan Threat to Nuclear Arms Control Verification Systems

Types of Trojan Horse Attacks

Malicious versus Benign Trojan Horses

An Attempt to Categorize Trojans

Covert Trojan Horse Attacks

Covert Information Alteration

Covert Information Leakage

Covert Resource Usage

Overt Trojan Horse Attacks

Overt Information Alteration

Denial of Service

Defenses against Trojan Horse Programs

Scanners

Polymorphic Code

Heuristic Activity Monitors

Code Signing and Security Kernels

Conclusion

Glossary

Cross References

References

Further Reading

INTRODUCTION

In computer security, a Trojan horse is defined as a segment of executable code that performs some function that the user does not expect and that resides in a program. A Trojan can be placed in the program when the program is compiled or can be added to the program after it is compiled.

The term Trojan horse carries with it a very negative connotation due to the abundance of deployed Trojan horses that have been designed to subvert computer systems. At the very least, a Trojan horse may be nothing more than a nuisance, and at worst a Trojan horse can completely undermine the integrity of the machine that it resides on. An example of a Trojan that is merely an annoyance is the cookie ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.