David Chess, Sarah Gordon
Virus Bulletin Conference in Munich, Germany
October 1998
This paper will examine the prevalence, technical structure and impact of non-viral malicious code ("Trojan horses") on the Internet, and its relevance to the corporate and home user. Using user simulations and first-hand reports provided by real users, we will explore the Trojan experience, focusing on the type and scope of actual Trojan threats encountered on the Internet today. We will discuss the status of hostile active content, including Java and ActiveX, on the Internet, and examine its impact in the real world. We will present strategies for minimizing the risk of damage from Trojan horses on the Internet. Finally, we will discuss how simply extending anti-virus software into "bolt-on" detectors of known hostile code is no substitute for ensuring that your systems are secure against all attacks, known or unknown.