Question about present day trojans

Discussion in 'malware problems & news' started by Billy Blaze, Mar 15, 2006.

Thread Status:
Not open for further replies.
  1. Billy Blaze

    Billy Blaze Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    79
    Location:
    Vorticon VI
    I have been out of the loop for awhile, and in my quest to catch up I have been wondering what characteristics now make up today's trojans. I know awhile ago we would think of trojans mainly as the remote access/backdoor trojans. But I understand those are now no longer very popular. And now with rootkits gaining popularity and spyware becoming more of a blended threat what do trojans leave us with? I have read a few descriptions of the latest trojan threats and they sound more like downloaders and seem to share more of the characteristics of viruses and worms in the way they spread. So basically I am curious as to what makes up today's trojan threat?

    Thank you
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Often, the distinction between them is very narrow.The backdoor.irc variants are described by Symantec as both a trojan and worm:

    "Backdoor.IRC.RPCBot.G is an Internet Relay Chat (IRC) Trojan horse. It allows an attacker to control your computer through IRC. It is also a worm that can use the DCOM RPC vulnerability."

    The recent gift.com exploit used a variant of this trojan/worm, Irc/backdoor.sdbot.

    isc.sans.org recently had an article describing the tendency of an exploit to bundle several vulnerabilities, looking for a user that has one or more of these unpatched. A recent one was postcards.com which had five.

    If you want to see how they worked, I posted analyses of these two sites in other threads.

    ---
    rich
     
Loading...
Thread Status:
Not open for further replies.