What is
a trojan horse?
From Wikipedia, the free encyclopedia.
In the computer world, a Trojan horse is a malicious computer
program which pretends to have some innocent purpose but, when run, has an
entirely different effect - one which the programmer (or the packager,
distributor, or advertiser) intended and the user didn't expect. The term is
derived from the classical myth of the Trojan Horse.
A Trojan horse differs from a virus in that it is a stand-alone program; the
Trojan does not attach to another program. It differs from a worm in that it
does not move from one computer to another on its own. A person must transfer it
intentionally, such as by email or by posting it to a download area.
A simple example of a Trojan horse is a program named "SEXY.EXE" that is posted
with a promise of "hot pix"; but, when run, it erases all the files it can find
and displays the message "arf, arf, I got you!".
On the Microsoft Windows platform, an attacker might attach a Trojan with an
innocent-looking filename to an email message which entices the recipient into
opening the file. The Trojan itself is typically a Windows executable program
file, usually with a filename extension such as .exe, .scr, .bat, or .pif to let
Windows know that it can be executed. Since Windows is configured by default to
hide filename extensions from a user, the Trojan horse's extension might be
"masked" by giving it a name such as 'Readme.txt.exe' so that the user only sees
'Readme.txt' and thinks it is a harmless text file. When the recipient
double-clicks on the attachment, the Trojan might really do what the user
expects it to do (like, opening a text file), so as to keep him unaware of its
true intentions; meanwhile, however, it secretly modifies or deletes files,
changes the configuration of his computer, or even uses his computer as a base
from which to attack his or other networks. For example, trojans are often used
to set up networks of zombie computers from which DDoS attacks can be launched,
or which can be used to send spam.
Spyware is another form of Trojan horse which is becoming much more common.
Spyware is software which pretends to have some innocent purpose, but when a
user downloads it and runs it, it changes the home page in his web browser and
sets itself up so that it can track a user as he browses the web. Similarly,
trojans may be used to phish for bank account details.
To protect yourself from Trojan horses, do not open attachments that you didn't
expect to receive, especially if you don't recognize the sender's address. Even
if you expected the attachment, scan it with updated antivirus software before
opening it. Do not download files from file-sharing services such as Kazaa or
Gnutella, because file-sharing services are known to be used to help Trojans
spread.
Some Trojans do not infect other programs and are usually easily deleted, but
others are much more dangerous. The MyDoom epidemic in early 2004 was spread by
using Trojan-horse attachments in email with a terse message saying that the
attachment could not be delivered, making users curious to open it and see what
it was. (MyDoom is technically a worm, since it spreads itself to other
computers by sending infected email attachments, but it depends on users
double-clicking on the attachments to actually infect their computers.)
An early Trojan horse was the 1975 ANIMAL program, a game to identify an animal
but which also spread itself to other users on UNIVAC Exec 8 computers.
This article is licensed
under the GNU Free
Documentation License. It uses material from the
Wikipedia
article "Trojan horse (computing)".
|
