The Trojan Horse Virus in computing is named after the story of the Trojan horse in the works of Virgil and Homer in which soldiers hid themselves inside the body of a large wooden horse to stealthily ambush the city of Troy (Fortinet, 2023). Similarly, a Trojan horse virus is composed of malware that is disguised as a genuine software application or file. Once the Trojan horse virus as successfully breached a system’s defenses by being accepted by a user, the malware is free to run its course within the host network.
The Inosoft VisiWin 7 2022-2.1 Trojan exploit that was documented in August of 2023 allows the creation of an insecure folder which enables the manipulation of files and can result in escalation of user privileges (Shinnai, 2023). This exploit is capable of compromising the entire system and has a CVSS severity rating of 7.8 which is high. The Inosoft VisiWin 7 2022-2.1 Trojan exploit was reported by Carlo Di Dato for Deloitte Risk Advisory Italia.
In April of 2023 a Trojan horse-powered attack in Diasoft File Replication Pro 7.5.0 was published that replaces an executable file that already has “LocalSystem” rights with a Trojan executable that is then executed allowing escalated privileges. This vulnerability has critically high severity at a 9.8/10. The exploit was documented by Andrea Intilangelo.
There is a vulnerability that is exploitable by a trojan horse virus, documented in February of 2023, which involves the installer applications of ELECOM Camera Assistant and QuickFileDealer (JVN, 2023). Similar to some other recent Trojan horse attacks, this attack includes an issue that can insecurely load Dynamic Link Libraries (DDL). The running application provides privileges to which arbitrary code may be executed. There is a solution available from the developer in the form of an updated installer application.
Yet another example of a trojan horse attack that utilizes insecurely loaded Dynamic Link Libraries involves Sony Content Transfer for Windows from the Sony Corporation (JVN, 2023). Privileges needed for arbitrary code executed are provided through the installer’s privileges. The effect and solution of this vulnerability are some what limited because the software is no longer in distribution, however potential for malicious distribution is possible.
A fifth example of a trojan horse attack that was recently documented uses a similar privilege escalation strategy with the trojan horse executable of Panini Everest Engine 2.0.4 (NIST, 2023). This vulnerability comes from the use of an unquoted path that runs the service as “SYSTEM”. The impact of this vulnerability is escalation to system privileges and is scored at 7.8/10 in severity.
References
(2023). CVE-2022-39959 Detail. National Vulnerability Database. https://nvd.nist.gov/vuln/detail/CVE-2022-39959
(2023). JVN#60263237 The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries. JVN. https://jvn.jp/en/jp/JVN60263237/
(2023). JVN#40620121 The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries. JVN. https://jvn.jp/en/jp/JVN40620121/
(2023). Trojan Horse Virus. Fortinet. https://www.fortinet.com/resources/cyberglossary/trojan-horse-virus
Intilangelo, Andrea. (2023). File Replication Pro 7.5.0 Insecure Permissions / Privilege Escalation. Packet Storm Security. https://packetstormsecurity.com/files/171879/File-Replication-Pro-7.5.0-Insecure-Permissions-Privilege-Escalation.html
Shinnai. (2023). Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions. Exploit Database. https://www.exploit-db.com/exploits/51682