0

I'll try and pose this question as simply as possible.

I would like to know which forms a trojan can take.

  1. Does it need to be an .exe file?

  2. Can it be a hidden file attached to an .mp3 file for example, and when that .mp3 file is launched, it also executes the trojan?

  3. Can it be embedded into the software code we downloaded, and once we execute the software it installes the software, but with a hidden backdoor?

  4. Other?

Hope this is clear. If there is any confusion with the questions, please let me know.

Anders
  • 64,406
  • 24
  • 178
  • 215
DrDoom
  • 445
  • 1
  • 5
  • 12
  • As in your last question, you should look at [this question](http://security.stackexchange.com/questions/98207/difference-between-virus-and-trojan), what and how a trojan work is explained. – DrakaSAN Jun 17 '16 at 08:50
  • Yes I did check that out, but this does not answer the questions I have posed. And while my previous post might be a bit confusing on what I would like to know, this one explicitly states my (sub) questions. – DrDoom Jun 17 '16 at 08:55
  • First is no a trojan can be any extension. The answer is yes to everything else, and there are other things it can do. I suggest you buy a book. – k1308517 Jun 17 '16 at 08:57
  • Possibly related, the thread [Difference between virus and trojan?](https://security.stackexchange.com/q/98207/32746) does a nice job in defining what a trojan may be. – WhiteWinterWolf Jun 17 '16 at 09:48

1 Answers1

3

First, we should look at what the name "Trojan" actually means:

In a 10 years long war between the Greeks and the city of Troy, the Greeks built a wooden horse and offered it as a gift to the city (or simply left the horse outside of the city while pretending to sail away - stories differ sometimes).

The inhabitants of the city pulled the horse inside, where nothing happened until the night. The horse actually contained soldiers, that slipped out, opened the gate to the returned sailors and murdered everyone inside the city of Troy, thus winning the decade long siege.

Therefore the metaphor for a "trojan horse" when it comes to computer security means "something that looks innocent, you put it into your computer where it stays dormant for some time until it activates something bad for its host".

Today, most trojans dont look like horses anymore, but can take totally different forms.

1) No, they dont need to be .exe-files only. They can be .bat (batchfiles) as well, MP3s and several different other formats. Especially on Windows-Systems the user can de-activate the extension to show up, so a attacker can name its trojan "InnocentWordFile.docx .bat". The user will usually only see the first part and not the .bat-part.

The "shell" does not matter, the important part is "something, that has something else hidden inside".

2) I am unaware of a MP3-trojan. There might be vulnerabilities in certain players, but there is a better way of creating a MP3-trojan. Simply look at point 1): "MyHottestMixtape.mp3 .exe". When the user clicks this file, the trojan starts a player (either its own or a system player), plays the music while it does something else in the background.

3) Yes, because that is the definition of a trojan: It looks innocent from the outside, but contains something malicious on the inside. So code / software you load from a untrusty site might contain trojans.

4) I bet there are forms for a trojan that I am not having in my mind at the moment. In general you should install software from a trusted source (dont download .apk-files from "somewhere" for your Android-phone but from the Google-Play-Store) and have a virus-scanner handy.

You also can use virtual machines / sandboxes in order to test new software without infecting your machine.

But be aware, the time that a trojan takes to do something noticably can be large!

hamena314
  • 2,007
  • 1
  • 15
  • 23
  • "InnocentWordFile.docx .exe" is still a .exe file, so I don't think it's a good example of 1). – A. Darwin Jun 17 '16 at 09:55
  • 1
    It's also true that on windows the default is to "hide known file extensions" so for most users they'll see only `InnocentWordFile.docx` and think nothing of it "Why does this file suddenly have a extension where others do not". Above all users are stupid in the grand scheme of things anyway – Barry Carlyon Jun 17 '16 at 10:01
  • @A.Darwin: Thanks for the remark, I've changed the .exe to a .bat to make it less confusing for the reader. – hamena314 Jun 17 '16 at 11:05