Trojan

A Trojan or Trojan horse is a non-self-replicating malicious program that often disguises itself as legitimate software. While some Trojans have the same payloads as viruses and worms, others open backdoor ports to allow crackers access to a remote computer and to cause the computer download programs without the user's consent.

Characteristics

The term "trojan horse" or simply trojan can describe a wide range of non-spreading malicious programs. The term trojan alludes to the wooden horse of Troy that the Greeks used to gain entrance to the city. The original definition was a desirable-looking program that would entice the user to run it and do destructive or otherwise undesirable things to the computer. This definition could possibly encompass nearly all malware, as viruses usually need to be executed by the user in order to infect files, and most email, instant message and peer-to-peer worms require the user to execute them, but these take everything else into their own hands once executed. The Christmas tree worm was considered a trojan by some because it required the user to open it.

Today trojans seem to be defined by the fact that they let things into the computer, rather than by the fact that the user thought something was a good program and executed it. Worms such as Mydoom, Beagle, Vote and Mytob drop malicious backdoor programs that are referred to by Antivirus products and the media as trojans. These trojans are never touched or even seen by the user, as they are executed by the worms that drop them.

Some worms and viruses such as Oompa are also described as trojans by businesses and "fanboys" who believe (or want themselves and/or others to believe) that their particular platform is perfect. They believe that a virus or worm indicates that there is a flaw in their system, while a trojan does not. This kind of thought showed itself most clearly when Oompa first appeared, as many Macintosh users operated under the assumption that there were no viruses or worms for Mac computers and some even believed that it was impossible to create one for the Mac. In truth, a virus or worm can be coded for any platform, regardless of its vulnerabilities, and a trojan infection can be a result of a system flaw.

Backdoor Trojan

Backdoor Trojans or simply Backdoors, allow a cracker to gain access to a remote computer. The backdoor may allow the cracker to read, write to, execute, create and delete files on the computer. It may also be a gateway for worms to enter the computer.

Keystroke Loggers

"Keystroke loggers" record what the user types and send it out in some way, most likely to the email address or directly to the computer of the creator.

Other Trojans

Others may simply do something malicious to the computer, such as delete files, format the hard drive or make the computer unusable in some other way. If a program performs a malicious action and it does not replicate itself, it may be classified as a trojan.

History

In 1989, Dr. Joseph Popp released the AIDS Information Disk to attendees of a World Health Organization in London. The disk contained a program that would cause files to be scrambled after 90 boots and demand $378 to unscramble them. Popp was arrested, but later found unfit to stand trial. He went on to publish a book on evolution that would seem to confirm this.

In the era of Email worms, worms were commonly used by crackers and script kiddies as a vehicle to get their trojans installed on as many systems as possible. Their worms would be executed on a system and they would drop a trojan that would allow remote access to the system. The Storm worm which spread through email left computers with backdoors that comprised a huge botnet of millions of systems. By the late 2000's, email worms gave way to botnets not carried by worms, allowing for more targeted attacks. In March of 2005, Symantec reported that trojans were on the rise, largely due to vulnerabilities in popular browsers, including the allegedly secure Mozilla Firefox and Opera browsers. In the early 2010's worms like Stuxnet carried trojans designed to destroy physical systems with strategic military value.

Sources

John Leyden. The Register, "Drive-by Trojans Exploit Browser Flaws". 2005.03.23

The Village Voice, Dr. Popp, the First Computer Virus, and the Purpose of Human Life: Studies in Crap Gapes At Popular Evolution. 2009.04.16 This article erroneously claims the AIDS trojan was the first virus, when it was neither a virus nor was it the first.

Jahewi's Anti-Malware Information.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License