A quick question about trojans..
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: A quick question about trojans..

  1. #1
    Senior Member
    Join Date
    Feb 2004
    Posts
    620

    Question A quick question about trojans..

    Hey everyone

    I was wondering if it's possible for a trojan to "inject" its code into a trusted application, hiding it from the user and allowing it to access the net (if the application was trusted by the firewall). This would allow it to call home and the owner of the trojan could access the machine. But is it really possible? I was sort of curious about this but couldn't find anything in searches.

    Thanks!

    mjk

  2. #2
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    The only way I can think of a trojan to 'inject' its code would be to bind itself with a trusted application and then get the application to run..ofcourse the firewall would show that the trusted application had changed from the last time it accessed the net

  3. #3
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    Originally posted here by therenegade
    The only way I can think of a trojan to 'inject' its code would be to bind itself with a trusted application and then get the application to run..ofcourse the firewall would show that the trusted application had changed from the last time it accessed the net
    Ah, that's right. I forgot that it would report that the file had changed. Guess that cleared that up I felt that I was missing something but I was unsure. Thanks

    mjk

    EDIT:
    !mitationRust you make a good point too.. But if you just get a good free firewall like Sygate (what I use) or ZoneAlarm, then you won't have to worry about that.

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    Until somebody writes the an agent-smith style trojan, probably not going to happen. This highlights the purpose for file integrity checkers though. Anti-Virus Software and Firewalls are great for new arrivals to the network, but _at_least_ half your headaches are going to come from the inside at any size installation.

    Tripwire, properly configured would catch agent-smith immediately (provided it weren't games, pr0n, or some other user sludge). Then again, I have seen sites with all kinds of security measuers in place, get the pants hacked off them due to an utterly inept notification methodology.

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

  5. #5
    Junior Member
    Join Date
    May 2004
    Posts
    4
    only problem is, there are certain tools (stealth tools??) that have the ability to not only bind tojans to other files, but can also change key pieces of information that most AV's look for in detection, such as actual file size of the trojan (can add more bytes to the size of it) and the keywords in the code (which i think can also be modified somehow with tools out there...). this makes it difficult for SOME AV's to detect the trojan, but it will still most likely be caught.

    hope that is along the lines of what you were asking about, i assume "injection" in this case would be synonymous with "binding."

    -D

  6. #6
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    Or if they bind the application with the trojan. Although that would probably come up on any A/V scanner, it could be done. Cracker's/Script Kiddies try to do it all the time, binding it with game's, mp3 downloads, warez, whatever and half the time putting it on p2p network's such as Kazaa.
    Space For Rent.. =]

  7. #7
    Hence the benifit of MD5 Hashes!

  8. #8
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    The firewall that I use, Kerio, makes a MD5 hash of an application the first time it's granted access to the network. This hash is then computed every time the application accesses the network and checked against the original hash. Any changes to the application (even just a single byte) will result in a failure and a notification to the user that tells him that an application has changed.

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  9. #9
    Junior Member
    Join Date
    May 2004
    Posts
    17

    Re: A quick question about trojans..

    Originally posted here by mjk
    Hey everyone

    I was wondering if it's possible for a trojan to "inject" its code into a trusted application, hiding it from the user and allowing it to access the net (if the application was trusted by the firewall). This would allow it to call home and the owner of the trojan could access the machine. But is it really possible? I was sort of curious about this but couldn't find anything in searches.

    Thanks!

    mjk
    Check out Stenography and you will learn a ton.

    Trackit

  10. #10
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    716

    Re: A quick question about trojans..

    Originally posted here by mjk
    Hey everyone

    I was wondering if it's possible for a trojan to "inject" its code into a trusted application, hiding it from the user and allowing it to access the net (if the application was trusted by the firewall).

    mjk
    IMHO


    Trusted is a relative term, if you are wise you will personally decide what proggies. are "Trusted", or not.

    I have never read about or experienced a Trojan with the described characteristics. I have experienced many Boot Sector Virii, behave a little bit the way you describe. If you maintain current DAT. files, and actually pay for a decent, Antivirus Firewall combo. you should be in the clear, unless you are a high value target for Crackers. Which I am not. hehe

    I can not promise it is impossible, nothing is impossible.

    Heuristic technology or not.

    P:
    Get some good religion from Bad Religion.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides