1 Malicious Software in Ubiquitous Computing 3
A particularly interesting variant of trojan is the
which isconﬁdentiality violating by allowing access to the target system by the hacker.It is one thing to hold the credentials to access a system, but as these canbe revoked, it is far better for the malicious hacker to create a backdoorcircumventing the security to begin with.As with many trojans, the line between legitimate programs and backdoorsis very thin. Witness various remote access programs, such as VNC
that areviewed as legitimate, and BackOriﬁce 2000
which usually is not. However,both programs have similar functionalities.
is a name for a speciﬁc kind of conﬁdentiality violating trojan thatspies on the user’s activity or account contents and relays this data to theattacker. It is diﬀerent from the backdoor trojan in that the attacker doesnot access the machine themselves. Spyware is also diﬀerent from typical tro- jans in that they try to gain some legitimacy by surreptitiously stating theirintentions in the EULA
. However, they are still considered trojans as thespyware functionality is usual quite unrelated to the primary functionality of the software.
A further type of trojan is purely of the type malware dropping. This can beuseful for various reasons. For one, some malware cannot exist naturally as aﬁle and must be inserted into memory by the dropper so that they can run aswas the case with the CodeRed worm. Another reason to use a dropper is toheavily obfuscate the contained malware payload to avoid detection. Droppersare always local-acting.
Deﬁnition 3 (local-acting).
if its target is on thesame machine as itself.
We use the term
to mean those programs that inject code into a runningprogram. The job of the exploit is to establish communication with the targetprogram and bring it to the point where the code can be inserted usuallyvia a buﬀer-overﬂow vulnerability. The insertion requires padding the code
End User License Agreement