All Products
Search
Document Center

Trojan attacks

Last Updated: Sep 29, 2020

This topic describes trojan attacks, how to find and delete trojan files, and how to defend against trojan attacks.

Introduction

In a trojan attack, an attacker obtains control of your website and injects malicious code into web pages. The attacker may inject malicious code to the web pages by using an iframe, JavaScript, an HTML body, CSS, or a method harder to detect.

When a user visits an attacked web page, the injected malicious code exploits vulnerabilities of the browser, third-party ActiveX controls, and plug-ins, such as Flash and PDF plug-ins, to secretly download and execute the trojan virus.

Hazards of trojan attacks

If a trojan attack occurs, the attacker intrudes into your website and can obtain sensitive user data, such accounts, passwords, and business data. If a user visits the attacked website, the computer of the user may be implanted with a trojan virus. The virus can steal data such as bank accounts, social network accounts, and passwords. The trojan virus can also damage data on disks of the computer. This can cause huge losses of information assets for the user. Therefore, trojan attacks may affect the reputation of your website, damage the computer systems of your users, and cause data leaks of the users.

Find and clear a trojan file

If a trojan attack occurs on your website, the attacker intrudes into the website by exploiting vulnerabilities and implants malicious code into the file system or code of your web server. You can find and clear the trojan file by using the following methods:

  • If the malicious code is already detected by Security Center, find the trojan file based on the URL directory and delete the file.

  • Use Security Center to automatically detect and remove the trojan file. The number of code files for an operating system or application is large, so it is difficult to manually identify trojan files.

Defend against trojan attacks

Fix the vulnerabilities in your website system and on your web servers in a timely manner to prevent your website from being attacked. Trojan attacks bring severe damage to websites. Attackers can exploit vulnerabilities in tampered web pages, browsers, and operating systems as well as download and execute trojan viruses and malicious programs to expand the scope of attacks. You must protect your website against trojan attacks at all levels. The following figure shows the architecture of a general website system.

We recommend that you defend against trojan attacks at the following levels:

  • Network security level

  • Host system level

    • Use Bastionhost to manage methods to log on to ECS instances and grant O&M personnel only necessary permissions.

    • Configure a strong password for your Alibaba Cloud account. The password is at least eight characters in length and must contain uppercase letters, lowercase letters, digits, and special characters. Change your password every few months to ensure security. We recommend that you use multi-factor authentication (MFA) or SSH key credentials to log on to ECS instances.

    • Obtain security vulnerability information, for example, from the security vulnerability notice on the Alibaba Cloud official website. Regularly detect and fix vulnerabilities on your website and web servers. Install patches to operating systems and application software in a timely manner.

    • Activate Security Center to detect and handle security risks, insecure configuration items, operating system vulnerabilities, and middleware vulnerabilities on your servers.

    • Strictly control file access permissions. Restrict permissions to access sensitive directories and permissions to execute scripts that modify these directories. Grant only necessary permissions to access and modify the file system.

    For more information, see Harden operating system security for Windows.

  • Database level

    • Do not use web-based management tools to manage databases and do not open your web management system directly to the Internet.

    • Configure access control policies to allow only application servers to access database services. Do not open database service ports to the Internet.

    • Configure strong passwords for the database services. For more information, see Database service security hardening.

  • Application security level

    • Enhance security of web application middleware. For more information, see Web application security hardening.

    • Perform code security tests and white-box tests. Fix detected vulnerabilities before you bring the service code online. This prevents attackers from exploiting the vulnerabilities to intrude into your service system.

    • Use Cloud Security Scanner to regularly scan for vulnerabilities of your website and web system. Fix these vulnerabilities before you bring the service system online.

    • Check for program vulnerabilities and fix them in a timely manner. You can use Emergency Response Service to identify vulnerabilities and causes of intrusions. You can use Web Application Firewall (WAF) to protect your web applications against external attacks.