Call James for your Computer Problems - at least that's what they say here in Dallas!

Home

Threats

Hardware

Operating Systems

Register a Domain

     

Contact

  Adware Spyware Virus Trojans Worms      

Trojans

Definition:

Trojan Horse:

(Coined by MIT-hacker-turned-NSA-spook Dan Edwards) A malicious, security-breaking program that is disguised as something benign, such as a directory lister, archiver, game, or (in one notorious 1990 case on the Mac) a program to find and destroy viruses! A Trojan horse is similar to a back door.

(Source: The Free On-line Dictionary of Computing, © 1993-2005 Denis Howe)

This page is mostly informational to help you understand what a "Trojan" is in computer terms.

In the context of computer software, a Trojan horse is a malicious program that is disguised as legitimate software. The term is derived from the classical myth of the Trojan horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.

Often the term is shortened to simply Trojan, even though this turns the adjective into a noun, reversing the myth (Greeks were gaining malicious access, not Trojans).

There are two common types of Trojan horses. One, is otherwise useful software that has been corrupted by a cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities. The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.

Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if Trojans replicate and even distribute themselves, each new victim must run the program/Trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system's security design or configuration.

Examples

Example of a simple Trojan horse:

A simple example of a Trojan horse would be a program named "SEXY.EXE" that is posted on a website with a promise of "hot pix"; but, when run, it instead erases all the files on the computer and displays a taunting message.

Example of a somewhat advanced Trojan horse:

On the Microsoft Windows platform, an attacker might attach a Trojan horse with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan horse itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .com, .scr, .bat, or .pif. Since Windows is sometimes configured by default to hide filename extensions from a user, the Trojan horse's is an extension that might be "masked" by giving it a name such as 'Readme.txt.exe'. With file extensions hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. Icons can also be chosen to imitate a different file type. When the recipient double-clicks on the attachment, the Trojan horse might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its unknown objectives. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks - possibly joining many other similarly infected computers as part of a distributed denial-of-service attack.

Types of Trojan horses:

Trojan horses are almost always designed to do various harmful things, but could be harmless. Examples are:

1. Erasing or overwriting data on a computer
2. Upload and download files
3. Corrupting files in a subtle way
4. Spreading other malware, such as viruses. In this case the Trojan horse is called a 'dropper' or 'vector'.
5. Setting up networks of zombie computers in order to launch DDoS attacks or send spam.
6. Spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on Spyware) make screenshots
7. Logging keystrokes to steal information such as passwords and credit card numbers (also known as a keylogger) phish for bank or other account details, which can be used for criminal activities.
8. Installing a backdoor on a computer system.

Precautions against Trojan horses

Trojan horses can be protected against through end user awareness. If a user does not open unusual attachments that arrive unexpectedly, any unopened Trojan horses will not affect the computer. This is true even if you know the sender or recognize the source's address. Even if one expects an attachment, scanning it with updated antivirus software before opening it is prudent. Files downloaded from file-sharing services such as Kazaa or Gnutella are particularly suspicious, because (P2P) file-sharing services are regularly used to spread Trojan horse programs. Besides these sensible precautions, one can also install anti-Trojan software, some of which are offered free.

Methods of Infection

Infected Programs: The majority of Trojan horse infections occur because the user was tricked into running an infected program. This is why you're not supposed to open attachments on emails -- the program is often a cute animation or a sexy picture, but behind the scenes it infects the computer with a Trojan or worm. The infected program doesn't have to arrive via email, though; it can be sent to you in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. (Physical delivery is uncommon, but if you were the specific target of an attack, it would be a fairly reliable way to infect your computer.) Furthermore, an infected program could come from someone who sits down at your computer and loads it manually.

Websites:

You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of Trojans and other pests, because it contains numerous bugs, some of which improperly handle data (such as HTML or images) by executing it as a legitimate program. (Attackers who find such vulnerabilities can then specially craft a bit of malformed data so that it contains a valid program to do their bidding.) The more "features" a web browser has (for example ActiveX objects, and some older versions of Flash or Java), the higher your risk of having security holes that can be exploited by a Trojan horse.

Email:

If you use Microsoft Outlook, you're vulnerable to many of the same problems that Internet Explorer has, even if you don't use IE directly. The same vulnerabilities exist since Outlook allows email to contain HTML and images (and actually uses much of the same code to process these as Internet Explorer). Furthermore, an infected file can be included as an attachment. In some cases, an infected email will infect your system the moment it is opened in Outlook -- you don't even have to run the infected attachment.

For this reason, using Outlook lowers your security substantially, which is a good reason to keep up with all of the service packs and security updates from Microsoft.

Open ports:

Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide file-sharing capabilities such as Instant Messengers (AOL's AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured.

A firewall may be used to limit access to open ports. Firewalls are widely used in practice, and they help to mitigate the problem of remote Trojan insertion via open ports, but they are not a totally impenetrable solution, either. The firewall that is built into Windows XP Service Pack 2 helps some, but not totally.

Microsoft Windows Vista, due out in the 4th quarter of 2006 is supposed to address many of these problems.

(From the Wikipedia - The Free Encyclopedia)

Lists of common Trojans