Trojan horse

Trojan Horses

By: Serafin Sanchez 2/15/08

A Trojan horse is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. Contrary to popular belief, this action, usually encoded in a hidden payload, may or may not be actually malicious, but Trojan horses are notorious today for their use in the installation of backdoor programs. Simply put, a Trojan horse is not a computer virus in most cases. Unlike such malware, it does not propagate by self-replication but relies heavily on the exploitation of an end-user. It is instead a categorical attribute which can encompass many different forms of codes. Therefore, a computer worm or virus may be a Trojan horse. The term comes from Greek mythology about the Trojan War, as told in the Aeneid by Virgil and mentioned in the Odyssey by Homer. According to legend, the Greeks presented the citizens of Troy with a large wooden horse in which they had secretly hidden their warriors. During the night, the warriors emerged from the wooden horse and overran the city. In the field of computer architecture, 'Trojan Horse' can also refer to security loopholes that allow kernel code to access anything for which it is not authorized.

A simple example of a Trojan horse would be a program named "waterfalls.scr" where its author claims it is a free waterfall screensaver. When run, it instead unloads hidden programs, commands, scripts, or any number of commands with or without the user's knowledge or consent.

Trojan horse payloads are almost always designed to do various harmful things, but can also be harmless. They are broken down in classification based on how they breach and damage systems. The six main types of Trojan horse payloads are:

Remote Access

Data Destruction

Downloader

Server Trojan(Proxy, FTP , IRC, Email, HTTP/HTTPS, ect.)

Security software disabler

Denial-of-service attack (DoS)

The majority of Trojan horse infections occur because the user was tricked into running an infected program. This is why it is advised not to open unexpected attachments on emails -- the program is often a cute animation or an image, but behind the scenes it infects the computer with a Trojan. The infected program doesn't have to arrive by email; it can be sent in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk.

How do I avoid getting infected in the future? You must be certain of BOTH the source AND content of each file you download! You need to be sure that you trust not only the person or file server that gave you the file, but also the contents of the file itself.

Here are some practical tips to avoid getting infected.

1. NEVER download blindly from people or sites which you aren't 100% sure about. In other words, as the old saying goes, don't accept candy from strangers. If you do a lot of file downloading, it's often just a matter of time before you fall victim to a trojan.

2. Even if the file comes from a friend, you still must be sure what the file is before opening it, because many trojans will automatically try to spread themselves to friends in an email address book or on an IRC channel. There is seldom reason for a friend to send you a file that you didn't ask for. When in doubt, ask them first, and scan the attachment with a fully updated anti-virus program.

3. Beware of hidden file extensions! Windows by default hides the last extension of a file, so that innocuous-looking "susie.jpg" might really be "susie.jpg.exe" - an executable trojan! To reduce the chances of being tricked, unhide those pesky extensions.

4. NEVER use features in your programs that automatically get or preview files. Those features may seem convenient, but they let anybody send you anything which is extremely reckless. For example, never turn on "auto DCC get" in mIRC, instead ALWAYS screen every single file you get manually. Likewise, disable the preview mode in Outlook and other email programs.

5. Never blindly type commands that others tell you to type, or go to web addresses mentioned by strangers, or run pre-fabricated programs or scripts (not even popular ones). If you do so, you are potentially trusting a stranger with control over your computer, which can lead to trojan infection or other serious harm.

6. Don't be lulled into a false sense of security just because you run anti-virus programs. Those do not protect perfectly against many viruses and trojans, even when fully up to date. Anti-virus programs should not be your front line of security, but instead they serve as a backup in case something sneaks onto your computer.

7. Finally, don't download an executable program just to check it out, if it's a Trojan. The first time you run it, you're already infected!

Home