Updated on 2023-01-13 GMT+08:00

Trojan

Overview

A Trojan horse, or just "Trojan", is any malicious computer program which misleads users of its true intent. It acts like a legitimate application program or file to deceive victims into executing or spreading it. When victims execute it, attackers gain unauthorized access to target hosts to steal data, such as usernames, passwords, and encrypted files. Trojan typically serves as a foundation for further attacks.

SA can detect 5 types of Trojans. The professional edition can detect them all. The standard edition can detect one type of Trojan. The standard edition cannot detect Trojans.

Suggestion

If a Trojan is detected and the ECS instance has network requests coming from Trojans, the ECS instance has been infected. For example, the ECS instance cloud attempt to send DNS resolution requests related to WannaCry ransomware or to download .exe Trojans. The severity of this type of threat is High. You are advised to perform the following operations:

  1. Disable the ECS instance that is infected.
  2. Check whether other hosts on the subnet where the instance resides are infected.
  3. Purchase HSS.