Beware geeks bearing gifts!
Trojan-horses, or Trojans for short, get their name from the mythical
wooden horse that the Greeks gave to the
city of Troy. Trojans invade target computers
using subtle, indirect or covert means. Logically, it would have been a Greek horse,
eh?
It's likely that Trojans will become more diabolical
as time goes by. Update-2003: My prediction
has come true -- Trojans which completely hide themselves and their actions have begun to emerge. The Beast is one such process-injecting Trojan. These uber-Trojans first attach
themselves to a key process in
Windows itself.
Next, they get busy destroying
firewalls,
antivirus programs and anti-Trojan
programs.
After that the Trojan-master
has virtually
complete control of your computer.
How do Trojans get in?
Hackers often install Trojans in the computers
they break into. Email attachments and downloaded
files are the most frequent ways for Trojans
to get in though. These files often have
decoy software to mask what they're up to,
as well as the Trojan component. When you
open one, it does what it's supposed to do,
but installs the Trojan in the background.
MyParty is an example of an email worm that installs
a Trojan. Other Trojans invade through greeting
cards or other email attachments that use
a game or animated joke to mask the Trojan.
Trojans installers can also be automatically
downloaded as ActiveX controls or other malicious
content when you visit an evil or hacked
webpage. Another kind of Trojan invades your
computer when you open a Trojan bearing Word
document, Excel spreadsheet or other Microsoft
Office file. Instant Messages are another attack vector used for Trojans.
[more]
Obviously, the vectors that sneak Trojans in are not much different
from the vectors that deliver viruses, but
Trojans have a different objective. Viruses
seek to do damage, while the purpose of Trojan
is to let the Trojan master take control
of your computer. Viruses make themselves
known by causing harm. Trojans try to stay
hidden so the master can continue to have
control. Trojans and worms are often lumped with viruses.
I like to keep them separate in my mind.
What do Trojans do?
Trojans can spy on your actions or steal
valuable information from your computer.
They can steal passwords. Trojans can be
used to destroy any or all of the files on
your hard drive. Hackers often use a Trojan
to turn a computer into a zombie, and then use it to attach other computers
on the Internet. The FBI occassionally knocks
on the door of an unwitting owner because
they've traced an attack to the zombie computer.
Other people have been embarrassed when a
stash of files that somebody else put there
is discovered on their computer.
Some Trojans are actually "remote
administrative
tools" (RATs) placed on
your computer without your knowledge. Legitimate
RATs are used to install programs
or to update
files on multiple computers from
a central
location. These Trojans are illicit
RATs
used for malicious purposes.
They have various
levels of control, depending
on how powerful
they are. Some of them can do
anything you
can do with your computer, and
more. RATs
can even shut down antivirus,
anti-Trojan
and firewall programs.
Your ISP assigns a unique IP address to your
computer every time you go online. Some Trojans
"phone home" to let the Trojan-master
know your IP address. The Trojan-master can
then connect to the Trojan in your computer.
This similar to the way that you connect
to a Web site, but reversed. Other Trojans
just wait for someone to sniff them out.
There are thousands of hackers scanning the
Internet at any one time, looking for Trojans
that they can use for mischief. There are
millions upon millions of infected computers
for them to find.
How can you detect a Trojan?
It's possible you have one or more Trojans
on your computer already. It depends on how
careful you've been online. Since they try
to hide their actions, they can be very hard
to detect. See the Trojan Defenses page to learn about detecting Trojans.
Resources
Descriptions of various types of Trojans
Find defense related information on the Trojan Defenses page, and safe practices on The Hazards of Attachments and Handle Files Safely.
Overview of Trojans.
Comprehensive white paper on Trojans -- recommended reading.
|