(Updated) Problems with problem 7



The definition from the textbook for a Trojan Horse focuses on a seemingly benign executable having malicious functionality, which fits the scenario I listed. The distinction I was trying to get at in my formulation of problem 7 was that the infection did not stem from the user being invited to run malicious code, but rather that an existing program was exploited to cause infection. I also envisioned that the attack happened through interaction with the web server, as opposed to being via the delivery of a file (which can also constitute a Trojan when someone attempts to open a data file that is crafted to exploit a vulnerability in the application opening it). This line can get kind of blurry when it comes to the web, since your browser runs code from webservers (javascript, flash) and gets data files (jpegs, html) all the time, so you could look at a malicious flash application or malicious jpeg as a Trojan horse. I apologize again for the trouble; I have read the book but I should have looked again before writing my question, because these definitions can be really tricky (so tricky in fact that I managed to screw it up).

In other news, the test is actually out of 130 points, so everybody gets +10 in the numerator and +10 in the denominator.

Last but not least, we will post a solutions file, but it might be a few days.

(original post follows)

Hey folks,

I’ll post more details later, but the book definition of a Trojan horse is a bit broader than my definition, so problem 7 could be considered a Trojan horse. Please see me with your test for a regrade.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: