The software appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system administrator.
Terminology Notes
Definitions of "Trojan horse" and related terms have varied widely over
the years, but common usage in 2008 generally refers to software that
performs a legitimate function, but also contains malicious code.
Almost any malicious code can be called a Trojan horse, since the author
of malicious code needs to disguise it somehow so that it will be invoked by
a nonmalicious user (unless the author means also to invoke the code, in
which case he or she presumably already possesses the authorization to
perform the intended sabotage). A Trojan horse that replicates itself by
copying its code into other program files (see case MA1) is commonly
referred to as a virus. One that replicates itself by creating new processes
or files to contain its code, instead of modifying existing storage
entities, is often called a worm. Denning provides a general discussion of
these terms; differences of opinion about the term applicable to a
particular flaw or its exploitations sometimes occur.
Time of Introduction
Implementation
Operation
Common Consequences
Scope
Effect
Confidentiality
Integrity
Availability
Technical Impact: Execute unauthorized code or
commands
Potential Mitigations
Most antivirus software scans for Trojan Horses.
Verify the integrity of the software that is being installed.
Other Notes
Potentially malicious dynamic code compiled at runtime can conceal any
number of attacks that will not appear in the baseline. The use of
dynamically compiled code could also allow the injection of attacks on
post-deployed applications.
[REF-11] M. Howard and
D. LeBlanc. "Writing Secure Code". Chapter 7, "Viruses, Trojans, and Worms In a Nutshell" Page
208. 2nd Edition. Microsoft. 2002.
Description
