lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050811010659.1486F15F5@lists.grok.org.uk>
Date: Thu Aug 11 02:07:06 2005
From: cfullerton at fullertoninfosec.com (Chuck Fullerton)
Subject: Re: Help put a stop to incompetent
	computerforensics

To Quote Ed Skoudis' "Malware: Fighting Malicious Code"

"A Trojan horse is a program that appears to have some useful or benign
purpose, but really masks some hidden malicious functionality."

"A Backdoor is a program that allows attackers to bypass normal security
controls on a system, gaining access on the attacker's own terms." 

What this means is that many times they are found together but a Trojan is
not necessarily a backdoor and a backdoor is not necessarily a trojan.

In the case Jason was saying the Trojan was forcing the use of the Backdoor.

Does this clear it up at all?

Chuck Fullerton
CEH, OPST, CISSP

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Jason Coombs
Sent: Wednesday, August 10, 2005 8:59 PM
To: Donald J. Ankney
Cc: Full-Disclosure
Subject: Re: [Full-disclosure] Re: Help put a stop to incompetent
computerforensics

Donald J. Ankney wrote:
> Your definition is just a subset of the standard, broader one. 

When a word causes widespread misunderstanding such that you simply can't
use it to communicate ideas clearly, the old meaning becomes archaic. I
think that's what has happened with Trojan. Proof of this can be found in
the list of malware that anti-Trojan software is designed to detect --
without double-checking this, just from memory, I'm going to say that the
list of malware detected by the typical anti-Trojan software product is
limited to malware that meets my definition and does not include the broader
definition. That causes a real problem, in practice, since if the
anti-Trojan doesn't stop spyware then how can spyware be a Trojan?

Regards,

Jason Coombs
jasonc@...ence.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ