Trojan Horses


Background.  One definition for a trojan horse that came from the White book is

A trojan horse is a piece of software that appears to be do one thing (and may, in fact, actually do that thing) but that hides some other functionality.

This definition really is too broad and too many pieces of software will fit this definition that informed people will not consider to be trojan horses.  But it really is difficult to come up with a succinct and clear definition so I will try a list of characteristics.

  • Trojan horses contain malicious code that is hidden within something that appears to be effective and/or harmless data or programming.
  • Trojan horses do not propagate themselves from one computer or device to another.  They are stand alone programs that must be brought inside a system by an authorized user.
  • Trojan horses are designed to be difficult to detect.

One challenge for a creator of a trojan horse is to entice a user to install (download) the program on their system.  Trojan horses can often be hidden inside something fun such as a computer game.  They can also be disguised as a special utility. 

Another way for trojan horses to be propagated is through attachments to emails.  This works very similar to how virus attachments get distributed across the Internet and other networks.

Hackers have tools that help them determine what systems are running remote control trojan horses.  These can include communications over chat networks, emails or web pages to alert attackers when a new system has been infected and is available.

The origin of the term trojan horse comes from the Iliad by Homer where the invading Greeks pretended to be giving a prize to the Trojans within their city for having held them off.  The Greeks seemed to the Trojans to have left after leaving a large wooden horse at their front gate.  Actually the trojan horse had a hidden opening and space inside sit o that Greeks could hide-away in the horse.  After the Trojans took the horse inside their walls and most went to sleep, the Greeks hidden inside emerged from their hiding places and let in the Greeks who has not really left.

Some Examples.  Some examples of some trojan horses follow.

  • Back Orifice (BO) -
    • was originally designed and developed around 1999
    • now has several versions
    • it can be attached to a number of different programs
    • once (BO) is run it will create a way for unauthorized users to take over a system remotely as if they were sitting at the console
    • designed to work on Windows based systems
  • QAZ Trojan -
    • appeared in 2000
    • used to hack into Microsoft networks and allows hackers to access source code
    • this trojan spreads through networks of shared computers
      • particularly focuses on computers on a network that are sharing a network drive
    • it infects the notepad.exe executable
      • it renames the correct notepad.exe to
      • it creates a new virus infected notepad.exe
      • it rewrites the system registry to load itself every time the computer is booted
    • it opens port 7597 which is in a block of unassigned ports to allow hackers access
    • this virus is particularly insidious because most everyone has been told that text files were safe from viruses so they did not hesitate to run a program associated with notepad

Protection.  The single best approach to protecting your system from trojan horses is to never download an/or install that has uncertain sources, security and integrity.  A good up-to-date virus scanning program should help considerably with detecting known trojan horses that have gotten installed on a system.  Such virus scanning software should also help to detect and prevent installation of trojan horses.

More will be added.