One of the most exciting aspects of the internet is the wealth of information and resources that are available for free. Many valuable applications can be downloaded to increase or support your productivity, creativity or communications. However, not all of these tools are created equal and many in fact, are to be avoided at all costs.
Trojan Horse
Like the fabled Trojan Horse left outside the gates of Troy as a supposed peace offering, today’s Trojan Horses carry a malicious and hidden payload.
As the story goes, the Trojans wheeled the great wooden beast through the gates of their city, laughing all the while at how easily the Greeks had given up the fight and they then proceeded to drink themselves into a victorious stupor which made it all too easy for the Greek soldiers to creep from the belly of the horse in the dead of the night, slaughter the Trojans and burn their city to the ground.
The aim of today’s Trojan Horses may not be to raze a city to the ground but as anyone who has ever fallen victim to one can tell you, they can carry destructive forces which cause a great deal of damage nonetheless.
Let’s take a closer look at Trojans
What is a Trojan?
A Trojan is a ‘friendly’, executable program which potentially contains a hidden and malicious payload. The internet community project StopBadWare.org defines a Trojan Horse as "applications that can secretly install additional programs on a user’s computer without telling the user. These new programs may be destructive to the user or his computer (such as spyware, adware, or other forms of badware)."
How do Trojans Infect a Computer
Trojans may be received by email, sent on innocently enough by friends who are think all they are passing along is an amusing game or useful application, as a download from a website, as an infection from a website via a browser vulnerability,or through an external drive.
Peer to peer file-sharing software makes an ideal Trojan, as does a customized toolbar. Other possible carriers are weather or sports alerts, screen savers, games or the like.
Often Trojans are dressed up to look like a software or files from a reputable source. Take any commercially trustworthy organization and it is possible to slap together a copy of its landing page and promote a virus-laden Trojan to the unsuspecting public by telling them that what they are getting is the latest Google toolbar or a free limited trial of Microsoft’s upcoming browser release. Trojans are handed out in free CDs, on pen drives, in email and dressed up to look like compressed picture files. Visit the wrong website and they can slip through unpatched browsers and onto computers unprotected by anti-virus software.
What do Trojans do
Given that Trojans are imposters designed to gain access to the system for a secondary purpose, the extent of the damage they can do depends on the malicious code that they carry. Some may be more of an annoyance than anything else, the creation of a baby hacker just cutting his teeth, akin to a kid letting rip with a couple of cans of spray paint and a big attitude. Others are far more sinister, created, according to Symantec, by full-time professional crimeware designers as part of their daily nine-to-five workday:
Symantec has performed in-depth research on how and when crimeware programs are created in order to gain a deeper understanding of the problem. Our analysis reveals that Trojans and spyware are developed as a full-time job during what might be considered a normal workday. These findings suggest that crimeware authors are creating their Trojans as a full-time profession.
Once installed on a computer they can secretly download spyware which silently gathers personal information including passwords, credit card numbers, logging your keystrokes and stealing your privacy.
One of the best known and oldest Trojans is Sub7 – a classic hacker’s tool. Once Sub7 is installed on your computer a hacker can slip in through the backdoor it creates and basically do anything on your computer that you can, including creating, modifying and deleting files, logging keystrokes and capturing your personal information. After taking all he wants from your computer the hacker can install more malicious code before he goes.
Other Trojans specialize in destroying your anti-virus protection. The Goner worm for example was such a effective virus because it included a Trojan that was designed to disable popular anti-virus software.
Then you have the Trojans that are set up to enable an attacker to connect to your machine via FTP and both download and upload information and software.
What is the Difference between a Trojan and a Virus?
Though a Trojan may hide a virus which will execute once the Trojan has been deployed, the Trojan itself is just the carrier. Whatever its end purpose, it cannot self replicate. It’s victim chooses to download it as a toolbar or application, or perhaps by clicking on an amusing file sent by a friend via email. Disguised as a ‘friendly’ file it relies on its entertainment value or appearance of usefulness to get it clicked upon or sent to friends.This method of delivery is called social engineering and it depends upon human interaction to spread and execute its payload.
How To Avoid Trojans
If you bear in mind that a Trojan is always some form of executable file, then it stands to reason that if you spend the rest of your life not downloading interesting looking programs or clicking on email attachments, not changing or updating your software or surfing uncharted internet territory you and your computer would remain safe from Trojans, worms and viruses forever, right? After all, how many Trojans did your old Olivetti pick up?
On the other hand, if you could not enjoy all the wonderful interactivity and communications options the internet offers, then you might as well have stuck with the old Olivetti in the first place so what can you do to protect yourself:
- Make sure you operating software is up to date and you have installed all the latest patches.
- Use a good anti-virus and keep it up to date.
- Install an anti-spyware and/or malware programme (Spybot Search and Destroy, Lavasoft’s Ad-Aware)
- Don’t click on attachments or links in emails from people you do not know.
- Don’t take any site at face value - landing pages can be mocked up.
- If it sounds too good to be true, it probably is, so don’t click on it.
