In the context of computer software, a Trojan horse is a malicious
program that is disguised as or embedded within legitimate software. The term is
derived from the classical myth of the Trojan Horse. They may look useful or
interesting (or at the very least harmless) to an unsuspecting user, but are
actually harmful when executed.
Often the term is shortened to simply trojan, even though this turns
the adjective into a noun, reversing the myth (Greeks, not Trojans, were gaining
There are two common types of Trojan horses. One, is otherwise useful
software that has been corrupted by a cracker inserting malicious code that
executes while the program is used. Examples include various implementations of
weather alerting programs, computer clock setting software, and peer to peer
file sharing utilities. The other type is a standalone program that masquerades
as something else, like a game or image file, in order to trick the user into
some misdirected complicity that is needed to carry out the program's
Trojan horse programs cannot operate autonomously, in contrast to some other
types of malware, like viruses or worms. Just as the Greeks needed the Trojans
to bring the horse inside for their plan to work, Trojan horse programs depend
on actions by the intended victims. As such, if trojans replicate and even
distribute themselves, each new victim must run the program/trojan. Therefore
their virulence is of a different nature, depending on successful implementation
of social engineering concepts rather than flaws in a computer system's security
design or configuration.
Example of a simple Trojan horse
A simple example of a trojan horse would be a program named
"waterfalls.scr.exe" claiming to be a free waterfall screensaver which, when
ran, instead begins erasing all the files on the victimís computer..
Example of a somewhat advanced Trojan horse
On the Microsoft Windows platform, an attacker might attach a Trojan horse
with an innocent-looking filename to an email message which entices the
recipient into opening the file. The Trojan horse itself would typically be a
Windows executable program file, and thus must have an executable filename
extension such as .exe, .com, .scr, .bat, or .pif. Since Windows is configured
by default to hide filename extensions from a user, the Trojan horse is an
extension that might be "masked" by giving it a name such as 'Readme.txt.exe'.
With file extensions hidden, the user would only see 'Readme.txt' and could
mistake it for a harmless text file. Icons can also be chosen to imitate the
icon associated with a different and benign program, or file type.
When the recipient double-clicks on the attachment, the Trojan horse might
superficially do what the user expects it to do (open a text file, for example),
so as to keep the victim unaware of its real, concealed, objectives. Meanwhile,
it might discreetly modify or delete files, change the configuration of the
computer, or even use the computer as a base from which to attack local or other
networks - possibly joining many other similarly infected computers as part of a
distributed denial-of-service attack. The Sony/BMG rootkit mentioned above both
installed a vulnerability on victim computers, but also acted as spyware,
reporting back to a central server from time to time, when any of the music CDs
carrying it were played on a Windows computer system.
Types of Trojan horses
Trojan horses are almost always designed to do various harmful things, but
could be harmless. They are broken down in classification based on how they
breach systems and the damage they cause. The seven main types of Trojan horses
- Remote Access Trojans
- Data Sending Trojans
- Destructive Trojans
- Proxy Trojans
- FTP Trojans
- security software disabler Trojans
- denial-of-service attack (DoS) Trojans
Some examples are:
- erasing or overwriting data on a computer.
- encrypting files in a cryptoviral extortion attack.
- corrupting files in a subtle way.
- upload and download files.
- allowing remote access to the victim's computer. This is called a RAT.
(remote administration tool)
- spreading other malware, such as viruses. In this case the Trojan horse is
called a 'dropper' or 'vector'.
- setting up networks of zombie computers in order to launch DDoS attacks or
- spying on the user of a computer and covertly reporting data like browsing
habits to other people
- make screenshots.
- logging keystrokes to steal information such as passwords and credit card
numbers (also known as a keylogger).
- phish for bank or other account details, which can be used for criminal
- installing a backdoor on a computer system.
- opening and closing CD-ROM tray.
- harvest e-mail addresses and use them for spam.
- Restarts the computer whenever the infected program is started.
Time bombs and logic bombs
"Time bombs" and "logic bombs" are types of trojan horses.
"Time bombs" activate on particular dates and/or times. "Logic bombs"
activate on certain conditions met by the computer.
Droppers perform two tasks at once. A dropper performs a legitimate task but
also installs a computer virus or a computer worm on a system or disk at the
Netbooks from Amazon.co.uk
Large Range Of NetBooks available. Small, light and inexpensive laptop computers suited for general computing and accessing web-based applications
Precautions against Trojan horses
Trojan horses can be protected against through end-user awareness. Trojan
Horse viruses can cause a great deal of damage to a personal computer but even
more damage to a business, particularly a small business that usually does not
have the same virus protection capabilities as a large business. Since a Trojan
Horse virus is hidden, it is harder to protect yourself or your company from it,
but there are things that you can do.
Trojan Horses are most commonly spread through an e-mail, much like other
types of common viruses. The only difference being of course is that a Trojan
Horse is hidden. The best ways to protect yourself and your company from Trojan
Horses are as follows:
1. If you receive e-mail from someone that you do not know or you receive an
unknown attachment, never open it right away. As an e-mail user you should
confirm the source. Some hackers have the ability to steal address books, so if
you see e-mail from someone you know, it is not necessarily safe.
2. When setting up your e-mail client, make sure that you have the settings
so that attachments do not open automatically. Some e-mail clients come ready
with an anti-virus program that scans any attachments before they are opened. If
your client does not come with this, it would be best to purchase one or
download one for free.
3. Make sure your computer has an anti-virus program on it and update it
regularly. If you have an auto-update option included in your anti-virus program
you should turn it on; that way if you forget to update your software you can
still be protected from threats
4. Operating systems offer patches to protect their users from certain
threats and viruses, including Trojan Horses. Software developers like Microsoft
offer patches that in a sense "close the hole" that the Trojan horse or other
virus would use to get through to your system. If you keep your system updated
with these patches, your computer is kept much safer.
5. Avoid using peer-to-peer or P2P sharing networks like Kazaa , Limewire,
Ares, or Gnutella because they are generally unprotected from viruses and Trojan
Horse viruses spread through them especially easily. Some of these programs do
offer some virus protection, but this is often not strong enough. If you insist
on using P2P, it would be safe to not download files that claim to be "rare"
songs, books, movies, pictures, etc.
Besides these sensible precautions, one can also install anti-trojan
software, some of which is offered free.
Methods of Infection
The majority of trojan horse infections occur because the user was tricked
into running an infected program. This is why it is advised to not open
unexpected attachments on emails -- the program is often a cute animation or a
sexy picture, but behind the scenes it infects the computer with a trojan or
worm. The infected program doesn't have to arrive via email, though; it can be
sent to you in an Instant Message, downloaded from a Web site or by FTP, or even
delivered on a CD or floppy disk. (Physical delivery is uncommon, but if you
were the specific target of an attack, it would be a fairly reliable way to
infect your computer.) Furthermore, an infected program could come from someone
who sits down at your computer and loads it manually.
Websites: You can be infected by visiting a rogue website. Internet
Explorer is most often targeted by makers of trojans and other pests, because it
contains numerous bugs, some of which improperly handle data (such as HTML or
images) by executing it as a legitimate program. (Attackers who find such
vulnerabilities can then specially craft a bit of malformed data so that it
contains a valid program to do their bidding.) The more "features" a web browser
has (for example ActiveX objects, and some older versions of Flash or Java), the
higher your risk of having security holes that can be exploited by a trojan
Email: If you use Microsoft Outlook, you're vulnerable to many of the
same problems that Internet Explorer has, even if you don't use IE directly. The
same vulnerabilities exist since Outlook allows email to contain HTML and images
(and actually uses much of the same code to process these as Internet Explorer).
Furthermore, an infected file can be included as an attachment. In some cases,
an infected email will infect your system the moment it is opened in Outlook --
you don't even have to run the infected attachment.
For this reason, using Outlook lowers your security substantially.
Open ports: Computers running their own servers (HTTP, FTP, or SMTP,
for example), allowing Windows file sharing, or running programs that provide
filesharing capabilities such as Instant Messengers (AOL's AIM, MSN Messenger,
etc.) may have vulnerabilities similar to those described above. These programs
and services may open a network port giving attackers a means for interacting
with these programs from anywhere on the Internet. Vulnerabilities allowing
unauthorized remote entry are regularly found in such programs, so they should
be avoided or properly secured.
A firewall may be used to limit access to open ports. Firewalls are widely
used in practice, and they help to mitigate the problem of remote trojan
insertion via open ports, but they are not a totally impenetrable solution,
Well-known trojan horses
- Back Orifice
- Back Orifice 2000