 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, Aug 20, 2003 at 12:08:04AM -0400, J. Hunter Heinlen wrote: > > Trojan - any program described to be benign or beneficial but actually > > a worm or virus in disguise. See "Trojan Wars". > > Er.... Not quite my understanding. A trojan program is any program > that claims to do one thing, but performs another, secret, function, > either in addition to, or in lieu of, the claimed function. Often > created on purpose by a programmer, or inserted clandestinely in > someone else programs by hand (ie, through a cracked ftp server that > serves source, such as the FSF, which was cracked last year). A > backdoor is a special type of trojan function, as are mockingbirds. > May, or may not be, a virus or worm. None of the specifics you give here conflict with the general definition I gave above. In fact your first line is a simple re-statement of exactly what I said. Your merely describe more of what "might" be done by a trojan or how a trojan might be created. Backdoors are another function frequently generated by worms/virii. I think we have to be wary of defining our boxes too narrowly, or you'll end up thinking that a virus requires email and a user reading it to propagate, that a trojan needs to trick a "privileged user" into executing it, and that a "Bot" is IRC controlled and only used to create backdoors. (see Johannes B. Ullrich posts). All three of these examples completely ignore the many other ways these items can work or what they can be used to do. I can see that these perceptions exist because of the recent history of how they are being used to attack MS-WIn system over the internet but this is hardly all they are limited too. Those who forget history are doomed to repeat it. Eventually even MS-Win systems "May" become more resistant to this easy attach methods. When/if that happens, malware producers will return to using the more subtle methods pioneered for attacks on UNIX-Like systems, like the morris worm. In fact the blaster virus which attacks MS-Win via the rpc mechanism is more similar to technique used in the morris worm than it is to MS-Email based attacks. -- Jeff Kinz, Open-PC, Emergent Research, Hudson, MA. jkinz at kinz.org copyright 2003. Use is restricted. Any use is an acceptance of the offer at http://www.kinz.org/policy.html. Don't forget to change your password often.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
