Trojan Horse

Im reading chapter 6 and trojan horse came up -

The section doesn't explicitly say if the application needs to be executed or not.

first parts explains that it's a malware program that hides as something useful. the second part describes that:

"As mentioned previously, you can also infect a system by plugging in an infected USB flash drive. The attacker can install the Trojan onto several USB drives and leave them lying around. Someone picks one up, plugs it in, and the system is infected. The system then infects other USBs, which infect other systems."

So to me, those last two sentences say it does not need to be ran, like a Virus, to infect. Or does this mean that the program is going to be executed automatically when the usb drive is inserted - with or without OS's autorun.

Find more posts tagged with

Comments

Darril

Roguetadhg wrote: »

"As mentioned previously, you can also infect a system by plugging in an infected USB flash drive. The attacker can install the Trojan onto several USB drives and leave them lying around. Someone picks one up, plugs it in, and the system is infected. The system then infects other USBs, which infect other systems."

So to me, those last two sentences say it does not need to be ran, like a Virus, to infect. Or does this mean that the program is going to be executed automatically when the usb drive is inserted - with or without OS's autorun.

First, what is most important for the exam is realizing that a Trojan appears to be something useful but instead is something malicious.

It does need to be executed and from that perspective, you can think of it as a special type of virus. Trojans are traditionally applications such as a screen saver, a utility, or a game. Rogueware, scareware, or ransomeware are examples of Trojans that have been highly visible in the past few years.

On USBs....
If autorun is enabled, the infected USB infects the system when it's plugged in because autorun executes the Trojan.
If autorun is disabled, plugging in the infected USB usually does not infect the system because the Trojan isn't executed.

Disabling autorun is a common defense implemented in many systems today. This KB article talks about an update released in 2011 disabling autorun on Windows Vista and Windows XP systems for USBs: Update to the AutoPlay functionality in Windows. It does not affect AutoPlay functionality on CD and DVD media. Autorun is not available for USBs on Windows 7.

It's easy to think that by disabling autorun for USBs, you're protected. However, that KB article includes these two sentences: "Some USB flash drives have firmware that present these USB flash drives as CD drives when you insert them into computers. These USB flash drives are not affected by this update." In other words if autorun is enabled for CDs, a Trojan on this type of USB will execute when it's plugged into the computer.

Hope this helps.

Roguetadhg

Yeah, it makes sense. I just wanted to make sure I wasn't assuming what isn't there