Trojan horse (computing)

This article refers to a form of malware in computing terminology. For other meanings, see Trojan Horse (disambiguation)

In the context of computing and software, a Trojan horse, also known as a trojan, is malware that appears to perform a desirable function but in fact performs undisclosed malicious functions. Therefore, a computer worm or virus may be a Trojan horse. The term is derived from the classical story of the Trojan Horse.

Contents 1 Example 2 Types of Trojan horse payloads 3 Methods of deletion 4 See also 4.1 Notable instances 5 References 6 External links

Example

A program named "waterfalls.scr" serves as a simple example of a trojan horse. The author claims it is a free waterfall screen saver. When run, it instead unloads hidden programs, commands, scripts, or any number of commands without the user's knowledge or consent. Malicious Trojan Horse programs are used to circumvent protection systems in effect creating a vulnerable system to allow unauthorized access to the user's computer.

Types of Trojan horse payloads

Trojan horse payloads are almost always designed to cause harm, but can also be harmless. They are classified based on how they breach and damage systems. The six main types of Trojan horse payloads are:

• Remote Accessing
• Data Destruction
• Downloader
• Server Trojan(Proxy, FTP , IRC, Email, HTTP/HTTPS, etc.)
• Security software disabler
• Denial-of-service attack (DoS)

Some examples of damage are:

• Erasing or overwriting data on a computer
• Re-installing itself after being disabled
• Encrypting files in a cryptoviral extortion attack
• Corrupting files in a subtle way
• Upload and download of files
• Copying fake links, which lead to false websites, chats, or other account based websites, showing any local account name on the computer falsely engaging in untrue context
• Falsifying records of downloading software, movies, or games from websites never visited by the victim.
• Allowing remote access to the victim's computer. This is called a RAT (remote access trojan)
• Spreading other malware, such as viruses (this type of trojan horse is called a 'dropper' or 'vector')
• Setting up networks of zombie computers in order to launch DDoS attacks or send spam.
• Spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware)
• Making screenshots
• Logging keystrokes to steal information such as passwords and credit card numbers
• Phishing for bank or other account details, which can be used for criminal activities
• Installing a backdoor on a computer system
• Opening and closing CD-ROM tray
• Playing sounds, videos or displaying images
• Calling using the modem to expensive numbers, thus causing massive phone bills
• Harvesting e-mail addresses and using them for spam
• Restarting the computer whenever the infected program is started
• Deactivating or interfering with anti-virus and firewall programs
• Deactivating or interfering with other competing forms of malware
• Randomly shutting off the computer
• Installing a virus
• Slowing down your computer
• Displaying pornographic sites

Methods of deletion

Since Trojan horses have a variety of forms, there is no single method to delete them. The simplest responses involve clearing the temporary internet files file and deleting it manually. Normally, antivirus software is able to detect and remove the trojan automatically. If the antivirus cannot find it, booting the computer from alternate media, such as a live CD, may allow an antivirus program to find a trojan and delete it. Updated anti-spyware programs are also efficient against this threat. Most trojans also hide in registries, and processes.

See also

• List of trojan horses
• Privacy-invasive software
• Spy software
• Farewell Dossier
• Malware
• Secure computing
• Social engineering (security)
• Remote administration tool
• Employee monitoring software
• Botnets
• Spam
• Spyware

Notable instances

• Back Orifice
• NetBus
• Zlob
• Pest Trap
• ProRat
• Sub7
• Vundo

References

External links

• Analysis of targeted trojan e-mail attacks
• Trojan horses and how they are used en-masse in botnets Virus Bulletin's The World of Botnets by Dr Alan Solomon and Gadi Evron

Botnets Main articles Botnet · Computer worm · Malware · Malbot · Operation: Bot Roast Notable botnets Storm botnet · Kraken botnet · Srizbi botnet  · Mega-D botnet