Make your own free website on Tripod.com
Home
Services
Contacts
FAQ's
Download
Info

Vista
" ........Available Soon Under Construction........"
2006-2007 Frontier-Entrust Corporation, All rights reserved.
Search
Trojan horse (Computing) :-

    This article is about computer system security. For Odysseus' subterfuge in the Trojan War, see Trojan Horse.

In the context of computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.

Often the term is shortened to simply trojan, even though this turns the adjective into a noun, reversing the myth (Greeks, not Trojans, were gaining malicious access).

There are two common types of Trojan horses. One, is otherwise useful software that has been corrupted by a cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities. The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.

Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system's security design or configuration.
Contents
[hide]

    * 1 Definition
    * 2 Examples
          o 2.1 Example of a simple Trojan horse
          o 2.2 Example of a somewhat advanced Trojan horse
    * 3 Types of Trojan horses
          o 3.1 Time bombs and logic bombs
          o 3.2 Droppers
    * 4 Precautions against Trojan horses
    * 5 Methods of Infection
    * 6 Well-known trojan horses
    * 7 See also

[edit]

Definition

A Trojan horse program has a useful and desired function, or at least it has the appearance of having such. Trojans use false and fake names to trick users into dismissing the processes. These strategies are often collectively termed social engineering. In most cases the program performs other, undesired functions, but not always. The useful, or seemingly useful, functions serve as camouflage for these undesired functions. A trojan is designed to operate with functions unknown to the victim. The kind of undesired functions are not part of the definition of a Trojan Horse; they can be of any kind, but typically they have malicious intent.

In practice, Trojan Horses often contain spying functions (such as a packet sniffer) or backdoor functions that allow a computer to be remotely controlled from the network without the owner's knowledge, creating a "zombie computer". The Sony/BMG rootkit Trojan, distributed on millions of music CDs through 2005, did both of these things. Because Trojan horses often have these harmful behaviors, there often arises the misunderstanding that such functions define a Trojan Horse.

In the context of Computer Security, the term 'Trojan horse' was first used in a seminal report edited/written by JP Anderson (aka 'The Anderson Report' (Computer Security Technology Planning, Technical Report ESD-TR-73-51, USAF Electronic Sysstem Division, Hanscom AFB, Oct, 1972), which credits Daniel J Edwards then of NSA for both the coinage and the concept. One of the earliest known Trojans was a binary Trojan distributed in the binary Multics distribution; it was described by PA Karger and RR Schell in 1974 (Multics Security Evaluation, Technical Report ESD-TR-74-193 vol II, HQ Electronic Systems Division, Hanscom AFB, June 1974).

The basic difference from computer viruses is that a Trojan horse is technically a normal computer program and does not possess the means to spread itself. The earliest known Trojan horses were not designed to spread themselves. They relied on fooling people to allow the program to perform actions that they would otherwise not have voluntarily performed.

Trojans implementing backdoors typically setup a hidden server, from which a hacker with a client can then log on to. They have become polymorphic, process injecting, prevention disabling, easy to use without authorization, and therefore are abusive.

Trojans of recent times also come as computer worm payloads. It is important to note that the defining characteristics of Trojans are that they require some user interaction, and cannot function entirely on their own nor do they self-propagate/replicate.
[edit]

Examples
[edit]

Example of a simple Trojan horse

A simple example of a trojan horse would be a program named "waterfalls.scr.exe" claiming to be a free waterfall screensaver which, when run, instead begins erasing all the files on the computer.
[edit]

Example of a somewhat advanced Trojan horse

On the Microsoft Windows platform, an attacker might attach a Trojan horse with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan horse itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .com, .scr, .bat, or .pif. Since Windows is configured by default to hide filename extensions from a user, the Trojan horse is an extension that might be "masked" by giving it a name such as 'Readme.txt.exe'. With file extensions hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. Icons can also be chosen to imitate the icon associated with a different and benign program, or file type.

When the recipient double-clicks on the attachment, the Trojan horse might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its real, concealed, objectives. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks - possibly joining many other similarly infected computers as part of a distributed denial-of-service attack. The Sony/BMG rootkit mentioned above both installed a vulnerability on victim computers, but also acted as spyware, reporting back to a central server from time to time, when any of the music CDs carrying it were played on a Windows computer system.
[edit]

Types of Trojan horses

Trojan horses are almost always designed to do various harmful things, but could be harmless. Examples are

    * erasing or overwriting data on a computer.
    * encrypting files in a cryptoviral extortion attack.
    * corrupting files in a subtle way.
    * upload and download files.
    * allowing remote access to the victim's computer. This is called a RAT. (remote administration tool)
    * spreading other malware, such as viruses. In this case the Trojan horse is called a 'dropper' or 'vector'.
    * setting up networks of zombie computers in order to launch DDoS attacks or send spam.
    * spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware).
    * make screenshots.
    * logging keystrokes to steal information such as passwords and credit card numbers (also known as a keylogger).
    * phish for bank or other account details, which can be used for criminal activities.
    * installing a backdoor on a computer system.
    * opening and closing CD-ROM tray