- Apr 9, 2020
- 656
- Content source
- https://youtu.be/uyC11J6T6xo
"Using trojan alongside stealer, keylogger, ... is like comparing apples with cushion sofas"
Trojan Horse is not a Malware Type
- Thread starter struppigel
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Dec 23, 2014
- 8,119
I like a general definition (based on Wikipedia):
Trojan is any malware that misleads users of its true intent. So, most malware samples are Trojans. Viruses assume replication so they are considered as another group. Backdoors are related to gaining remote access and Worms assume replication over the network. In fact, one can create malware that can be a Trojan that also has got Virus & Backdoor & Worm capabilities.
The AV vendors define Trojan very similarly:
https://www.kaspersky.com/resource-center/threats/trojans
https://us.norton.com/internetsecurity-malware-what-is-a-trojan.html
https://www.avast.com/c-trojan
https://www.malwarebytes.com/trojan
Trojan is any malware that misleads users of its true intent. So, most malware samples are Trojans. Viruses assume replication so they are considered as another group. Backdoors are related to gaining remote access and Worms assume replication over the network. In fact, one can create malware that can be a Trojan that also has got Virus & Backdoor & Worm capabilities.
The AV vendors define Trojan very similarly:
https://www.kaspersky.com/resource-center/threats/trojans
https://us.norton.com/internetsecurity-malware-what-is-a-trojan.html
https://www.avast.com/c-trojan
https://www.malwarebytes.com/trojan
Last edited:
- Apr 9, 2020
- 656
The mere fact that there are several definitions for the term "Trojan" underlines my point: The term is fuzzy because it is used/understood differently.
Antivirus vendors are the ones who are responsible for terminology confusion in the first place. They are commercial organizations, not scientific institutions. As such they are bound to use and conflate marketing language with scientific language.
If we use that definition, the second problem I mentioned also still applies. It's an infection vector that's not tied to a malware family. Why do we call remote malware that provides remote control "remote access trojans" if we don't know in specific cases how it was distributed and whether malspam or software downloads or other user misleading was used to infect the systems with it in the first place? It's not dependent on the family and very often you cannot tell based on the sample alone.
- Dec 23, 2014
- 8,119
I think that you are right. 
Furthermore, the whole terminology used by AV vendors to name particular detections is a mess. Some order was introduced by MITRE ATT&CK™ framework but it is rather a beginning of the long road.
The world of malware is very complex and changing. So, it will not be easy to make good order there.
More information about the current state of this topic can be found in some articles, for example:
Malware classification and composition analysis: A survey of recent developments.
Here is an example, but it will be probably useful only for @struppigel or professionals who are interested in malware classification:
Furthermore, the whole terminology used by AV vendors to name particular detections is a mess. Some order was introduced by MITRE ATT&CK™ framework but it is rather a beginning of the long road.
The world of malware is very complex and changing. So, it will not be easy to make good order there.
More information about the current state of this topic can be found in some articles, for example:
Malware classification and composition analysis: A survey of recent developments.
Here is an example, but it will be probably useful only for @struppigel or professionals who are interested in malware classification:
Last edited by a moderator:
Similar threads
