Re: Re: Help put a stop to incompetent computer forensics

[Blue Boar <BlueBoar () thievco com>]

Jason Coombs wrote:
> Whether or not the malware does other things as well, everyone I know
> considers a Trojan to be a type of malware that allows an intruder to
> gain entry to a system through the front door once the malware has
> gained entry through some other means such as tricking the user into
> installing it, forcing itself to install a la spyware, or exploiting one
> of the many vulnerabilities in Internet Explorer that enable Web sites
> to plant and execute arbitrary code.

Traditional malicious code terms going back 20+ years ago hold that a
"trojan horse" program is one that performs a function other than or in
addition to the function it is advertised to have.  The reason for this
is to trick a user into running it, under the assumption that it does
something useful, or is at least harmless.  This name comes from the
"accepting the gift" aspect of Homer's story.  Back then, the world was
DOS, and there was no generally accepted connotation of installing a
backdoor; systems were not widely networked.

Current casual usage of "trojan" or "trojaned" is synonymous with a
program that provides an unauthorized user continued access to a victim
computer.  The "trojan" portion of the term apparantly having morphed to
mean that the program usually attempts to make itself appear to be a
legitimate program, often by running as a process named the same as a
real system process, etc... or general hiding.  For this usage you could
substitute the term "backdoor".

But you guys are just arguing semantics, and the meaning(s) ought to be
clear to all of you from the context.  And now you've made me do it, too.

                                        BB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/