Chapter 1 - 03 - Define Malware and its Types - 04_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
EG-Council
Tags
Full Transcript
Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 What is a Trojan? It is a program in which the ' or is contained inside an apparently harmless program or data, which can later gain control and cause damage ©) Trojans get activated whena ' ‘ Trojans bet...
Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 What is a Trojan? It is a program in which the ' or is contained inside an apparently harmless program or data, which can later gain control and cause damage ©) Trojans get activated whena ' ‘ Trojans between the victim computer and the attacker for transferring sensitive data Change? | Destroy?......................................... Internet Malicious Files Downloads Malicious Files ! @ Victim infected with Trojan 1. All Rights Reserved. Reproduction is Strictly Prohibited Trojans What is a Trojan? According to ancient Greek mythology, the Greeks won the Trojan War with the aid of a giant wooden horse that was built to hide their soldiers. The Greeks left this horse in front of the gates of Troy. The Trojans thought that the horse was a gift from the Greeks, which they had left before apparently withdrawing from the war and brought it into their city. At night, the Greek soldiers broke out of the wooden horse and opened the city gates to let in the rest of the Greek army, who eventually destroyed the city of Troy. Inspired by this story, a computer Trojan is a program in which malicious or harmful code is contained inside an apparently harmless program or data, which can later gain control and cause damage, such as ruining the file allocation table on your hard disk. Attackers use computer Trojans to trick the victim into performing a predefined action. Trojans are activated upon users’ specific predefined actions such as unintentionally installing a malicious software, clicking on a malicious link, etc., and upon activation, they can grant attackers unrestricted access to all the data stored on the compromised information system and potentially cause severe damage. For example, users could download a file that appears to be a movie, but, when executed, unleashes a dangerous program that erases the hard drive or sends credit card numbers and passwords to the attacker. A Trojan is wrapped within or attached to a legitimate program, meaning that the program may have functionality that is not apparent to the user. Furthermore, attackers use victims as unwitting intermediaries to attack others. They can use a victim’s computer to commit illegal DoS attacks. Module 01 Page 31 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Trojans work at the same level of privileges as the victims. For example, if a victim has privileges to delete files, transmit information, modify existing files, and install other programs (such as programs that provide unauthorized network access and execute privilege elevation attacks), once the Trojan infects that system, it will possess the same privileges. Furthermore, it can attempt to exploit vulnerabilities to increase the level of access even beyond the user running it. If successful, the Trojan can use such increased privileges to install other malicious code on the victim’s machine. A compromised system can affect other systems on the network. Systems that transmit authentication credentials such as passwords over shared networks in clear text or a trivially encrypted form are particularly vulnerable. If an intruder compromises a system on such a network, he or she may be able to record usernames and passwords or other sensitive information. Additionally, a Trojan, depending on the actions it performs, may falsely implicate a remote system as the source of an attack by spoofing, thereby causing the remote system to incur a liability. Trojans enter the system by means such as email attachments, downloads, and instant messages. Change? ----------------------------------------- Downloads Malicious Attacker Files Internet propagates Trojan Malicious Files Victim infected with Trojan Figure 1.2: Depiction of a Trojan attack Module 01 Page 32 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.