lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <42FA82B0.6060706@thievco.com>
Date: Wed Aug 10 23:42:13 2005
From: BlueBoar at thievco.com (Blue Boar)
Subject: Re: Help put a stop to incompetent computer
	forensics

Jason Coombs wrote:
> Whether or not the malware does other things as well, everyone I know
> considers a Trojan to be a type of malware that allows an intruder to
> gain entry to a system through the front door once the malware has
> gained entry through some other means such as tricking the user into
> installing it, forcing itself to install a la spyware, or exploiting one
> of the many vulnerabilities in Internet Explorer that enable Web sites
> to plant and execute arbitrary code.

Traditional malicious code terms going back 20+ years ago hold that a
"trojan horse" program is one that performs a function other than or in
addition to the function it is advertised to have.  The reason for this
is to trick a user into running it, under the assumption that it does
something useful, or is at least harmless.  This name comes from the
"accepting the gift" aspect of Homer's story.  Back then, the world was
DOS, and there was no generally accepted connotation of installing a
backdoor; systems were not widely networked.

Current casual usage of "trojan" or "trojaned" is synonymous with a
program that provides an unauthorized user continued access to a victim
computer.  The "trojan" portion of the term apparantly having morphed to
mean that the program usually attempts to make itself appear to be a
legitimate program, often by running as a process named the same as a
real system process, etc... or general hiding.  For this usage you could
substitute the term "backdoor".

But you guys are just arguing semantics, and the meaning(s) ought to be
clear to all of you from the context.  And now you've made me do it, too.

					BB

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ