[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050811010659.1486F15F5@lists.grok.org.uk>
Date: Thu Aug 11 02:07:06 2005
From: cfullerton at fullertoninfosec.com (Chuck Fullerton)
Subject: Re: Help put a stop to incompetent
computerforensics
To Quote Ed Skoudis' "Malware: Fighting Malicious Code"
"A Trojan horse is a program that appears to have some useful or benign
purpose, but really masks some hidden malicious functionality."
"A Backdoor is a program that allows attackers to bypass normal security
controls on a system, gaining access on the attacker's own terms."
What this means is that many times they are found together but a Trojan is
not necessarily a backdoor and a backdoor is not necessarily a trojan.
In the case Jason was saying the Trojan was forcing the use of the Backdoor.
Does this clear it up at all?
Chuck Fullerton
CEH, OPST, CISSP
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Jason Coombs
Sent: Wednesday, August 10, 2005 8:59 PM
To: Donald J. Ankney
Cc: Full-Disclosure
Subject: Re: [Full-disclosure] Re: Help put a stop to incompetent
computerforensics
Donald J. Ankney wrote:
> Your definition is just a subset of the standard, broader one.
When a word causes widespread misunderstanding such that you simply can't
use it to communicate ideas clearly, the old meaning becomes archaic. I
think that's what has happened with Trojan. Proof of this can be found in
the list of malware that anti-Trojan software is designed to detect --
without double-checking this, just from memory, I'm going to say that the
list of malware detected by the typical anti-Trojan software product is
limited to malware that meets my definition and does not include the broader
definition. That causes a real problem, in practice, since if the
anti-Trojan doesn't stop spyware then how can spyware be a Trojan?
Regards,
Jason Coombs
jasonc@...ence.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists