Synonyms: Trojan horse
The term Trojan is taken from the wooden horse used by the Greeks to sneak inside the city of Troy and capture it. The first Trojans, which appeared in the late 1980s, masqueraded as innocent programs. Once the unsuspecting user ran the program, the Trojan would deliver its harmful payload. Hence the copy-book definition of a Trojan as a non-replicating program that appears to be legitimate but is designed to carry out some harmful action on the victim computer.
One of the key factors distinguishing Trojans from viruses and worms is that they don’t spread by themselves. In the early days of PC malware, Trojans were relatively uncommon since the author had to find some way of distributing the Trojan manually. The widespread use of the Internet and the development of the Word Wide Web provided an easy mechanism for distributing Trojans far and wide.
Today, Trojans are very common. They typically install silently and carry out their function(s) invisible to the user.
Like viruses and worms, Trojans are often sub-divided into different categories based on their function.
In computing, ports are connection points.
They may be physical connection points, as in the COM (or serial) and parallel ports used by physical input or output devices. Before the advent of USB ports, monitor, keyboard, mouse and modem typically used a COM port (where data is transferred ‘serially’, one bit at a time), while printers typically used a parallel port (where data is transferred ‘in parallel’, eight bits at a time). Today, most computers are equipped with a number of USB ports. USB allows up to 127 devices to connect to a single computer and allows for rapid transfer of data.
They may also be logical connection points for data transferred via TCP/IP or UDP networks. Some port numbers are reserved: port 80, for example, is reserved for the HTTP service. Others are assigned dynamically for each connection. Ports are used by authors of malicious code to transfer data from a victim machine to the ‘master’, or to download additional malicious.
A terabyte [TB] is a unit of measurement for computer storage and is equivalent to a thousand gigabytes.
TCP/IP is the protocol that is used by the countless computers around the world that connect to each other through the Internet. ‘TCP’ splits data into packets for transmission across the Internet and re-assembles them at the other end. The ‘IP’ part of the protocol is responsible for addressing the packets to the right location.
Trojan Clickers re-direct victim machines to a specified web site. This is done either to raise the ‘hit-count’ of a site, for advertising purposes, or to organize a DDoS attack on a specified site, or to direct the victim to a web site containing other malicious code (another Trojan, for example). The Trojan does this either by sending commands to the web browser or by simply replacing system files that contain URLs (the Windows® ‘hosts file’, for example).
These Trojans function as a proxy server and provide anonymous access to the Internet: they are commonly used by spammers for large-scale distribution of spam e-mail.
Trojan Spies, as the name suggests, track user activity, save the information to the user’s hard disk and then forward it to the author or ‘master’ of the Trojan. The information collected includes keystrokes and screen-shots, used in the theft of banking data to support online fraud.
The purpose of these Trojans is to inform the author or ‘master’ that malicious code has been installed on the victim machine and to relay information about the IP address, open ports, e-mail address and so on. Trojan Notifiers are typically included in a Trojan ‘pack’ that contains other malware.