Trojan horse (computing)

Beast, a Windows-based backdoor Trojan horse

A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system. "It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems", as Cisco describes.^[1] The term is derived from the Trojan Horse story in Greek mythology.

1 Purpose and operation
- 1.1 Adware
- 1.2 Security
2 Installation and distribution
- 2.1 Self-replication
3 Removal
4 Current use
5 See also
6 Notes
7 References
8 External links

Purpose and operation

Adware

A Trojan horse may modify the user's computer to display advertisements in undesirable places, such as the desktop or in uncontrollable pop-ups, or it may be less notorious, such as installing a toolbar on to the user's Web browser without prior mentioning. This can create the author of the Trojan revenue, despite it being against the Terms of Service of most major Internet advertising networks, such as Google AdSense. Google Adsense advertising is mostly on social networking sites such as Twitter (promoting popular tweets) Facebook, Bebo, Myspace, Blogger, etc.

Security

Trojan horses may allow a hacker remote access to a target computer system. Once a Trojan horse has been installed on a target computer system, a hacker may have access to the computer remotely and perform various operations, limited by user privileges on the target computer system and the design of the Trojan horse.

Operations that could be performed by a hacker on a target computer system include:

Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
Data theft (e.g. retrieving passwords or credit card information)
Installation of software, including third-party malware
Downloading or uploading of files on the user's computer
Modification or deletion of files
Keystroke logging
Watching the user's screen
Wasting the computer's storage space
Crashing the computer

Trojan horses in this way require interaction with a hacker to fulfill their purpose, though the hacker need not be the individual responsible for distributing the Trojan horse. It is possible for individual hackers to scan computers on a network using a port scanner in the hope of finding one with a malicious Trojan horse installed, with which the hacker can then use to control the target computer.^[2]

Installation and distribution

Trojan horses can be installed through the following methods:

Software downloads
Bundling (e.g. a Trojan horse included as part of a software application downloaded from a file sharing network)
Email attachments
Websites containing executable content (e.g., a Trojan horse in the form of an ActiveX control)
Application exploits (e.g., flaws in a Web browser, media player, instant-messaging client, or other software that can be exploited to allow installation of a Trojan horse)

Some users, particularly those in the Warez scene, may create and distribute software with or without knowing that a Trojan has been embedded inside. Compilers and higher-level software makers can be written to attach malicious software when the author compiles his code to executable form.

Self-replication

A Trojan horse may itself be a computer virus, either by asking other users on a network, such as a instant-messaging network, to install the said software, or by spreading itself through the use of application exploits.

Removal

Antivirus software is designed to detect and delete Trojan horses and prevent them from ever being installed. Although it is possible to remove a Trojan horse manually, it requires a full understanding of how that particular Trojan horse operates. In addition, if a Trojan horse has possibly been used by a hacker to access a computer system, it will be difficult to know what damage has been done and what other problems have been introduced. In situations where the security of the computer system is critical, it is advisable to simply erase all data from the hard disk and reinstall the operating system and required software.

Current use

Due to the popularity of botnets among hackers and the availability of advertising services that permit authors to violate their users' privacy, Trojan horses are becoming more common. According to a survey conducted by BitDefender from January to June 2009, "Trojan-type malware is on the rise, accounting for 83-percent of the global malware detected in the world".^[3]

Notes

References

↑ What Is the Difference: Viruses, Worms, Trojans, and Bots? - Cisco Systems
↑ Jamie Crapanzano (2003): "Deconstructing SubSeven, the Trojan Horse of Choice", SANS Institute, Retrieved on 2009-06-11
↑ BitDefender.com Malware and Spam Survey

Carnegie Mellon University (1999): "CERT Advisory CA-1999-02 Trojan Horses", Retrieved on 2009-06-10.

External links

Trojan Horses at the Open Directory Project

Malware

Infectious malware	Computer virus · Macro virus · List of computer viruses · Computer worm · List of computer worms · Timeline of notable computer viruses and worms

Concealment	Trojan horse · Rootkit · Backdoor

Malware for profit	Privacy-invasive software · Spyware · Botnet · Keystroke logging · Web threats · Fraudulent dialer · Malbot

By operating system	Linux malware · Palm OS viruses

Protection	Antivirus software · Defensive computing · Firewall · Intrusion detection system · Data loss prevention software

Law enforcement	Computer surveillance · Operation: Bot Roast