In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious. Unexpected changes to computer settings and unusual activity, even when the computer should be idle, are strong indications that a Trojan is residing on a computer.
Typically, the Trojan horse is hidden in an innocent-looking email attachment or free download. When the user clicks on the email attachment or downloads the free program, the malware hidden inside is transferred to the user's computing device. Once inside, the malicious code can execute whatever task the attacker designed it to carry out.
Before a Trojan horse can infect a machine, the user must download the server side of the malicious application. The Trojan horse cannot manifest by itself. The executable file (.exe file) must be implemented and the program must be installed in order for the attack to be unleashed on the system. Social engineering tactics are often used to convince end users to download the malicious application. The download trap may be found in banner ads, website links or pop-up advertisements.
However, the most popular tactic for spreading Trojan horses is through seemingly unthreatening emails and email attachments. Trojan horse developers frequently use spamming techniques to send their emails to hundreds or thousands of people. As soon as the email has been opened and the attachment has been downloaded, the Trojan server will be installed and will run automatically each time the computer turns on.
It is also possible for an infected computer to continue spreading the Trojan horse to other computers, creating a botnet. This is accomplished by turning an innocent computer into a zombie computer, meaning the person using the infected computer has no idea it is being controlled by somebody else. Hackers use these zombie computers to continue dispersing additional malware to create a whole network of zombie computers.
Laptop and desktop computer users are not the only ones who are at risk of a Trojan horse infection. Trojans can also attack mobile devices, such as smartphones and tablets with mobile malware. This form of infection could result in an attacker redirecting traffic on these Wi-Fi connected devices and using them to commit cybercrimes.
The victim receives an official-looking email with an attachment. The attachment contains malicious code that is executed as soon as the victim clicks on the attachment. Because nothing bad happens and the computer continues to work as expected, the victim does not suspect that the attachment is actually a Trojan horse, and his computing device is now infected.
A Trojan horse may also be referred to as a Trojan horse virus, but is technically incorrect. Unlike a computer virus, a Trojan horse is not able to replicate itself, nor can it propagate without an end user's assistance. Attackers must use social engineering tactics to trick the end user into executing the Trojan.
Since there are so many kinds of Trojan horses, the term can be used as a general umbrella for malware delivery. Depending on the attacker's intent and application structure, the Trojan can work in a multitude of ways -- sometimes behaving as standalone malware, other times serving as a tool for other activities like delivering payloads, opening the system up to attacks or communicating with the attacker.
Since Trojan horses frequently appear disguised as legitimate system files, they are often very hard to find and destroy with conventional virus and malware scanners. Specialized software tools are often necessary for the identification and removal of discrete Trojan horses.
It is necessary to note that safe, legitimate software applications can also cause some of the uncommon behaviors listed above. Furthermore, adware and potentially unwanted programs (PUPs) are sometimes confused with Trojan horses due to their similar delivery methods. For example, adware can sneak onto a computer while hiding inside a bundle of software. However, unlike Trojan horses, adware and PUPs do not try to conceal themselves once installed on the computer.
The easiest way to protect a system from a Trojan horse is by never opening or downloading emails or attachments from unknown sources. Deleting these messages before opening will prevent the Trojan horse threat.
However, computer security begins with and depends on the installation and implementation of an internet security suite. Because the user is often unaware that a Trojan horse has been installed, antimalware software must be used to recognize malicious code, isolate it and remove it. To avoid being infected by a Trojan horse, users should keep their antivirus and antimalware software up to date and practice running periodic diagnostic scans.
If a Trojan horse is identified on a computer, the system should immediately be disconnected from the Internet and the questionable files should be removed using an antivirus or antimalware program or by reinstalling the operating system.
The hardest part of the removal process is recognizing which files are infected. Once the Trojan has been identified, the rest of the process becomes simpler. Users can sometimes find the infected files using the dynamic link library (DLL) error which is frequently presented by the computer to signify the presence of a Trojan horse. This error can be copied and searched online to find information about the affected .exe file.
The term Trojan horse stems from Greek mythology. According to legend, the Greeks built a large wooden horse that the people of Troy pulled into the city. During the night, soldiers who had been hiding inside the horse emerged, opened the city's gates to let their fellow soldiers in and overran the city.
During the 1980s, an increase in bulletin board systems (BBS) contributed to the accelerated spread of Trojan horse attacks. A BBS was a computer system that ran software that permitted users to penetrate the system using a phone line. Once a user was logged into the BBS, they could proceed with actions like uploading, downloading and sharing potentially malicious data.
The first Trojan horse virus was called the pest trap or Spy Sheriff. This early Trojan horse was able to reach and infect about one million computers around the world. It appears as a mass amount of pop-up ads that mostly looked like warnings, alerting users to the necessity of an obscure software application. Once the Spy Sheriff Trojan horse is successfully installed on a computer, it becomes extremely difficult to remove. Antivirus and antimalware software are usually unable to detect Spy Sheriff and cannot remove it with a system restore. Furthermore, if a user tries to erase the Spy Sheriff software, the Trojan horse reinstalls itself using hidden infected files on the computer.
In October 2002, a man was arrested after 172 images of child pornography were found on his computer's hard drive. It took almost a year for the court to finally acquit him of charges and accept his defense declaring that the files had been downloaded without his knowledge by a Trojan horse. This is one of the first cases in which the Trojan horse defense was successful.
A Trojan is sometimes called a Trojan virus or Trojan horse virus, but those terms are technically incorrect. Unlike a virus or worm, Trojan malware cannot replicate itself or self-execute. It requires specific and deliberate action from the user.
Fun Fact: Trojans derive their name from the Greek mythical tale, Ulysses, wherein Greek warriors hid inside a hollow wooden horse. Their opponent, the Trojans, thought the horse was a blessing from the gods and brought it inside the city walls, unwittingly unleashing an attack. Much like Trojan horse in the epic, digital adversaries that deploy Trojans often rely on social engineering and trickery to deceive users into downloading and running malicious programs.
The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's Iliad, with the poem ending before the war is concluded, and it is only briefly mentioned in the Odyssey. But in the Aeneid by Virgil, after a fruitless 10-year siege, the Greeks constructed a huge wooden horse at the behest of Odysseus, and hid a select force of men inside, including Odysseus himself. The Greeks pretended to sail away, and the Trojans pulled the horse into their city as a victory trophy. That night, the Greek force crept out of the horse and opened the gates for the rest of the Greek army, which had sailed back under cover of darkness. The Greeks entered and destroyed the city, ending the war.
Metaphorically, a "Trojan horse" has come to mean any trick or stratagem that causes a target to invite a foe into a securely protected bastion or place. A malicious computer program that tricks users into willingly running it is also called a "Trojan horse" or simply a "Trojan".
Thirty of the Achaeans' best warriors hid in the Trojan horse's womb and two spies in its mouth. Other sources give different numbers: The Bibliotheca 50; Tzetzes 23; and Quintus Smyrnaeus gives the names of 30, but says there were more. In late tradition the number was standardized at 40. Their names follow:
According to Quintus Smyrnaeus, Odysseus thought of building a great wooden horse (the horse being the emblem of Troy), hiding an elite force inside, and fooling the Trojans into wheeling the horse into the city as a trophy. Under the leadership of Epeius, the Greeks built the wooden horse in three days. Odysseus's plan called for one man to remain outside the horse; he would act as though the Greeks had abandoned him, leaving the horse as a gift for the Trojans. An inscription was engraved on the horse reading: "For their return home, the Greeks dedicate this offering to Athena". Then they burned their tents and left to Tenedos by night. Greek soldier Sinon was "abandoned" and was to signal to the Greeks by lighting a beacon. 2b1af7f3a8