I posted a question earlier about some Trojans (they seem to be Java-related) that were found and deleted from my machine by a recent scan.
But what I don't know is whether these Trojans ever actually executed.
When you download a regular executable file to your machine, say notepad.exe, you have to double-click on the program to get it to run.
But in the case of a Trojan, what is the triggering mechanism that causes the Trojan to run?
The two principle ways in which a trojan is triggered is:
The 'trojan code' is inserted in another program and performs a task what the host program is run
The trojan replaces a legitimate file on your computer and will perform it's assigned task either when the 'fake' program is run or when the 'fake' program is called by another program or process.
Trojans can lie dormant on your system and my only be triggered when a specific event occurs, such as the those described above.
In the case of a client/server trojan, the initial client (the part that infected your PC) will make contact with a server component, usually via a hidden IRC request. When that happens, the server will usually replace the initial client with other trojan code and at that point your PC can be completely controlled from the server.
Trojans can be delivered to you PC by inadvertently running some infected server side applet or may be 'dropped' on your PC via an infected banner ad or some other innocuous web component.
We generally classify a successful attack into two components, inspired from military terminology: the Payload, which when run on the target triggers the malicious effects (hiding, turning your host into a zombie, etc...), and the Vector, which is in charge of executing the Payload. So, are you asking what kind of attack vectors exists ?
In its historical sense, a Trojan relies on the end user as a vector. Before net connectivity was widespread, it usually meant you were tricked into running directly what you would think was a useful program or cool game.
There are other ways code can be run with assistance of the user; for instance, there were a few cases of vulnerabilities in content displaying libraries, such as pdf, jpeg, or flash renderers. If you have the vulnerable program installed, all it takes is for it to attempt to display the toxic content. You could be infected simply when your browser tries to display a .jpg in the page you visit; a malicious .jpg may contain invalid data that will hit a bug in the display library, and maybe end up executing the contents.
In this case, even though you did not click on the malicious program, it is being executed unknowingly by the program calling the vulnerable library (here, your browser.)
Unfortunately we cannot bound the number of possible vectors; every time your system automatically processes content from an unreliable source, there is a risk of a vulnerability being exploited. Against this, your best bet is probably to pay attention to security updates, and practice defense in depth (such as running day-to-day programs with restricted privileges, etc...)
Same thing. Usually it looks like a game or some sort of a neat tool, which incites a user to execute it.
Usually, trojans are inserted from certain files, even on images. In this case, the trojan is specifically targeting the flaws on the system's ability to display images.
