edit-icon download-icon

Trojan horse attacks and defense

Last Updated: Nov 23, 2017

What is a Trojan horse attack

A Trojan horse attack indicates that an attacker embeds malicious code (usually through IFrame and Script reference) to webpages of a website that the attacker has gained control over.

When users access the webpage, the embedded malicious code exploits the vulnerability of the browser itself, third-party ActiveX vulnerabilities, or vulnerabilities in other plug-ins (such as Flash and PDF plug-ins) to download and run malicious Trojans without the knowledge of the users.

What is the hazard of Trojan horse attacks

When a website has been infected with a Trojan horse, it indicates that the website has been successfully intruded. Hackers can have access to the user account and password, business data, and other sensitive data. In serious cases, hackers can make the server a bot, which causes great harm.

How to prevent Trojan horse attacks

  • Implement code security policies (black box penetration tests and white box code audits) before releasing an application online.

  • Regularly check and fix various vulnerabilities in the website and the server environments of the website in daily operation and maintenance. Update the operating system and application software in a timely manner.

  • Use Alibaba Cloud Security Web Application Firewall (WAF) to protect your website.

Thank you! We've received your feedback.