In the early 1980’s I taught computer engineering students to program minicomputers. They learned both assembly language and C programming on a PDP-11 running UNIX. That system was text-based – it did not have a GUI. Since there was no GUI, the login was just a message:
And the password prompt was just the word Password:. It was therefore easy for students to replicate that login dialog in the hopes of capturing passwords. Wise users were able to kill the students’ programs, of course.
Some students wrote very simple code that just denied the login after taking the username and password, while others actually logged in the user after taking the username and password (and recording them in a file somewhere).
This type of program is called Trojan Horse. The general idea of a Trojan is to perform one function (generally malicious) while pretending to perform some other function. The name comes from an event in Virgil’s Aeneid referring to a trick that it was claimed that the Greeks used to enter the city of Troy during the Trojan War.
Today, most Trojans are installed on users’ computers by worms. The goal of most modern Trojans is to enlist the computers into a botnet. That is, to allow the computer to be controlled remotely and be used to attack other computers or networks. This is serious business and I have seen numbers indicating that around 15% of internet computers are infected with malware that makes them part of a botnet. The goal of the search bar Trojan was to steal authentication credentials.
While a conventional anti-virus tool would likely catch most or all of the Trojans designed to make a computer into a bot, it is unlikely any would find a bogus search bar. Fortunately, that Trojan has not been reported in the wild. Yet.
We discuss viruses, worms, Trojans and other malware in Learning Tree course 468. We’d love to see you there. Why not sign up now?