It’s Been Going On For Over Three Millenia, Why Should It Stop Now?

In the early 1980’s I taught computer engineering students to program minicomputers. They learned both assembly language and C programming on a PDP-11 running UNIX. That system was text-based – it did not have a GUI. Since there was no GUI, the login was just a message:

;login:

And the password prompt was just the word Password:.  It was therefore easy for students to replicate that login dialog in the hopes of capturing passwords. Wise users were able to kill the students’ programs, of course.

Some students wrote very simple code that just denied the login after taking the username and password, while others actually logged in the user after taking the username and password (and recording them in a file somewhere).

This type of program is called Trojan Horse. The general idea of a Trojan is to perform one function (generally malicious) while pretending to perform some other function. The name comes from an event in Virgil’s Aeneid referring to a trick that it was claimed that the Greeks used to enter the city of Troy during the Trojan War.

Trojans are in the news again this week as I write this because of a story of a proof-of-concept exploit creating a false search bar in a browser. The idea of the attack is for the attacker to get the user to navigate to a site listing compromised passwords. The user then searches for her password by typing Ctrl-F to enable the browser’s search bar and entering her password to see if it is on the list. But the bad guy has written Javascript to create a look-alike search bar that captures the password the user is seeking. The story appeared on December 2, on arstechnica.com. The article discusses ways browsers can defeat such attacks.

Today, most Trojans are installed on users’ computers by worms. The goal of most modern Trojans is to enlist the computers into a botnet. That is, to allow the computer to be controlled remotely and be used to attack other computers or networks. This is serious business and I have seen numbers indicating that around 15% of internet computers are infected with malware that makes them part of a botnet. The goal of the search bar Trojan was to steal authentication credentials.

While a conventional anti-virus tool would likely catch most or all of the Trojans designed to make a computer into a bot, it is unlikely any would find a bogus search bar. Fortunately, that Trojan has not been reported in the wild. Yet.

We discuss viruses, worms, Trojans and other malware in Learning Tree course 468. We’d love to see you there. Why not sign up now?

John McDermott

Type to search blog.learningtree.com

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.