Despite its success,similarity-based collaborative filtering suffers from some limitations,such as scalability,sparsity and recommendation attack.Prior work has shown incorporating trust mechanism into traditional collaborative filtering recommender systems can improve these limitations.We argue that trust-based recommender systems are facing novel recommendation attack which is different from the profile injection attacks in traditional recommender system.To the best of our knowledge,there has not any prior study on recommendation attack in a trust-based recommender system.We analyze the attack problem,and find that victim nodes play a significant role in the attack.Furthermore,we propose a data provenance method to trace malicious users and identify the victim nodes as distrust users of recommender system.Feasibility study of the defend method is done with the dataset crawled from Epinions website.