Trojan Horse

Incomplete Base

Structure: Simple

Description

A Trojan Horse vulnerability occurs when software presents itself as legitimate and useful, but secretly contains malicious functionality that bypasses security controls. This hidden code operates without the user's knowledge, violating the intended security policy of the system or its administrator.

Extended Description

This vulnerability exploits the trust relationship between users and software. Developers and users expect an application to perform only its advertised functions, but a Trojan Horse embeds additional, harmful actions within that trusted package. These hidden features might steal data, create backdoors, damage systems, or provide unauthorized access, all while the visible interface appears completely normal and benign. From a development perspective, this often stems from incorporating third-party components, libraries, or plugins without rigorous security review. It can also occur in supply chain attacks where build processes are compromised. To mitigate this risk, enforce strict code provenance controls, use software composition analysis tools to audit dependencies, and implement code signing with verification to ensure integrity from development through deployment.

Common Consequences 1

Scope: ConfidentialityIntegrityAvailability

Impact: Execute Unauthorized Code or Commands

Potential Mitigations 2

Phase: Operation

Most antivirus software scans for Trojan Horses.

Phase: Installation

Verify the integrity of the product that is being installed.

References 2

Writing Secure Code

Michael Howard and David LeBlanc

Microsoft Press

04-12-2002

https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223

ID: REF-7

A Taxonomy of Computer Program Security Flaws, with Examples

Carl E. Landwehr, Alan R. Bull, John P. McDermott, and William S. Choi

19-11-1993

https://cwe.mitre.org/documents/sources/ATaxonomyofComputerProgramSecurityFlawswithExamples%5BLandwehr93%5D.pdf(2024-11-17)

ID: REF-1431

Modes of Introduction

Implementation

Operation

Related Attack Patterns

698
Execution After Redirect (EAR)

Related Weaknesses

ChildOf:

Embedded Malicious Code (CWE-506)

Taxonomy Mapping

Landwehr

Notes

OtherPotentially malicious dynamic code compiled at runtime can conceal any number of attacks that will not appear in the baseline. The use of dynamically compiled code could also allow the injection of attacks on post-deployed applications.

Terminology Definitions of "Trojan horse" and related terms have varied widely over the years, but common usage in 2008 generally refers to software that performs a legitimate function, but also contains malicious code. Almost any malicious code can be called a Trojan horse, since the author of malicious code needs to disguise it somehow so that it will be invoked by a nonmalicious user (unless the author means also to invoke the code, in which case they presumably already possess the authorization to perform the intended sabotage). A Trojan horse that replicates itself by copying its code into other program files (see case MA1) is commonly referred to as a virus. One that replicates itself by creating new processes or files to contain its code, instead of modifying existing storage entities, is often called a worm. Denning provides a general discussion of these terms; differences of opinion about the term applicable to a particular flaw or its exploitations sometimes occur.