Trojan execution

Discussion in 'malware problems & news' started by Rmus, May 6, 2005.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    If a trojan comes into the computer, does it execute immediately, or does it wait until the computer reboots?

    Thanks,

    -rich
     
  2. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    depends..but most of the time you are infected right away(run time)..not at reboot..there are a few that on reboot, like a worm, can further infect your PC and even try to infect others if it is a blended threa over the internet..but your definition of a trojan nowdays amoung vendor and even people, gets so distored from what we knew as the classic trojan.

    we now have bots, malware.. ect. some just lump them all together under the title of TROJAN>


    Now what you have to tell me..is what do you mean when you say " Comes into the PC" :D
    Many ways for that to happen..and each would determine when the code would be active on your PC>
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I was a bit vague on purpose, since I'm aware of the many definitions currently in use for trojans, and was curious as to how others thought about it. Here is one of the classic definitions:"A computer trojan horse is a program which appears to be something good, but actually conceals something bad."
    Here are two: "One way to spread a trojan horse is to hide it inside a distribution of normal software. In 2002, the sendmail and OpenSSH packages were both used to hide trojan horses."

    Another: "A more common method of spreading a trojan horse is to send it via e-mail."

    I used to think that a virus containing a script could run instantly, but that a trojan had to install itself and then would run on reboot. But there doesn't seem to be concensus on that.

    Thanks,

    -rich
     
  4. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Look into runtime packers..how they work..how they execute..and then determine if the method you can visualize to "come into the computer" really needs that reboot..as you download anything from the internet. ;)


    http://www.dslreports.com/forum/remark,12475809
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
Loading...
Thread Status:
Not open for further replies.