I came across this gem on the Visa website :
What’s a Trojan Horse virus?
A Trojan Horse is an email virus
usually released by an email
attachment. If opened, it will scour
your hard drive for any personal and
financial information such as your
social security, account, and PIN
numbers. Once it has collected your
info, it is sent to a thief’s database.
Now, there are Trojan Horses and there are
viruses, but there's no such thing as a Trojan
Horse virus. In fact, the very definition of
each precludes any chance of there being
such a thing. A Trojan does not replicate.
Viruses do. That fact alone means there can
never be a "Trojan Horse virus".
The Visa description continues with, "A
Trojan Horse is an email virus usually
released by an email attachment." Not so. A
Trojan may be sent as an attachment in
email, but it's certainly not an email virus.
(In fact there are few true email viruses, but
that's a whole other topic). So it may or may
not arrive in email, and it's equally likely to
have been downloaded from a website or
resulted from a P2P file transfer. In other
words, vector has nothing to do with whether
something is or isn't a Trojan.
Just what is a Trojan then? A Trojan is a
program that appears to be legitimate, but in
fact does something malicious. Quite often,
that something malicious involves gaining
remote, surreptitious access to a user's
system. Unlike viruses, a Trojan does not
replicate (i.e. infect other files), nor does it
make copies of itself as worms do.
There are several different types of Trojans.
Some of these include: remote access Trojans
(RATs), backdoor Trojans (backdoors), IRC
Trojans (IRCbots), and keylogging Trojans.
Many Trojan encompass multiple types. For
example, a Trojan may install both a
keylogger and a backdoor. IRC Trojans are
often combined with backdoors and RATs to
create collections of infected computers
known as botnets.
But one thing you probably won't find a
Trojan doing is scouring your hard drive for
personal details, as the Visa description
alleges. Contextually, that would be a bit of
a trick for a Trojan. Instead, this is where
the keylogging functionality most often
comes into play - capturing the user's
keystrokes as they type and sending the logs
to the attackers. Some of these keyloggers
can be pretty sophisticated, targeting only
certain websites (for example) and capturing
any keystrokes involved with that particular
session.
But why is it important to know the
difference between a virus, a worm, and a
Trojan? Because a virus infects legitimate
files, thus if antivirus software detects a
virus, that file should be cleaned . Conversely,
if antivirus software detects a worm or a
Trojan, there is no legitimate file involved
and action should be to delete the file.
No comments:
Post a Comment