Trojan horse (computing)
- This article is about computer system security. For Odysseus' subterfuge in the Trojan War, see Trojan Horse.
In the context of computer software, a Trojan horse or Trojan is a malicious program that is disguised as legitimate software. The term is derived from the classical myth of the Trojan horse. In the siege of Troy, the Greeks left a large wooden horse outside the city. The Trojans were convinced that it was a gift, and moved the horse to a place within the city walls. It turned out that the horse was hollow, containing Greek soldiers who opened the city gates of Troy at night, making it possible for the Greek army to pillage the city. Trojan horse programs work in a similar way: they may look useful or interesting to an unsuspecting user, but are actually harmful when executed.
Trojan horse programs cannot replicate themselves, in contrast to some other types of malware, like viruses or worms. A trojan horse can be deliberately attached to otherwise useful software by a programmer, or it can be spread by tricking users into believing that it is a useful program.
Example of a simple trojan
A simple example of a Trojan horse would be a program named "SEXY.EXE" that is posted on a website with a promise of "hot pix"; but, when run, it instead erases all the files on the computer and displays a taunting message.
Example of a somewhat advanced trojan
On the Microsoft Windows platform, an attacker might attach a Trojan with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .scr, .bat, or .pif. Since Windows is sometimes configured by default to hide filename extensions from a user, the Trojan horse's extension might be "masked" by giving it a name such as 'Readme.txt.exe'. With file extensions hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. Icons can also be chosen to imitate a different file type. When the recipient double-clicks on the attachment, the trojan might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its malicious purpose. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks.
Types of Trojan horses
Trojan horses can be designed to do various harmful things. Examples are
- erasing or overwriting data on a computer
- corrupting files in a subtle way
- spreading other malware, such as viruses. In this case the Trojan is called a 'dropper'.
- setting up networks of zombie computers in order to launch DDoS attacks or send spam.
- spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware)
- phish for bank or other account details, which can be used for criminal activities.
- installing a backdoor on a computer system.
Precautions against Trojan horses
Trojan horses can be protected against through end user awareness. If a user does not open unusual attachments that arrive unexpectedly, any unopened Trojans will not affect the computer. This is true even if you know the sender or recognize the source's address. Even if one expects an attachment, scanning it with updated antivirus software before opening it is prudent. Files downloaded from file-sharing services such as Kazaa or Gnutella are particularly suspect, because file-sharing services are regularly used to spread Trojan programs.