Trojan horse (computing)
From Wikipedia, the free encyclopedia
- This article refers to a form of malware in computing terminology. For other meanings, see Trojan Horse (disambiguation)
The Trojan horse, also known as trojan, in the context of computing and software, describes a class of computer threats (malware) that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine, giving them the ability to save their files on the user's computer or even watch the user's screen and control the computer.
Trojan Horses (not technically a virus) can be easily and unwittingly downloaded. For example, if a computer game is designed such that, when executed by the user, it opens a back door that allows a hacker to control the computer of the user, then the computer game is said to be a Trojan horse. However, if the computer game is legitimate, but was infected by a virus, then it is not a Trojan horse, regardless of what the virus may do when the game is executed. The term is derived from the classical story of the Trojan Horse.
Contents |
[edit] Example
A program named "waterfalls.scr" serves as a simple example of a Trojan horse.
The author claims it is a free waterfall screen saver. When running, it instead unloads hidden programs, scripts, or any number of commands without the user's knowledge or consent. Malicious trojan horse programs conceal and drop a malicious payload on an affected computer.
[edit] Types of Trojan horse payloads
Trojan horse payloads are almost always designed to cause harm, but can also be harmless. They are classified based on how they breach and damage systems. The six main types of Trojan horse payloads are:
- Remote Access
- Data Destruction
- Downloader/dropper
- Server Trojan(Proxy, FTP , IRC, Email, HTTP/HTTPS, etc.)
- Disable security software
- Denial-of-service attack (DoS)
[edit] Methods of deletion
Since Trojan horses have a variety of forms, there is no single method to delete them, there are many different ways instead. The simplest responses involve clearing the temporary internet files file and deleting it manually. Normally, antivirus software is able to detect and remove the trojan automatically. If the antivirus cannot find it, booting the computer from alternate media, such as a live CD, may allow an antivirus program to find a trojan and delete it. Updated anti-spyware programs are also efficient against this threat. Most trojans also hide in registries and processeses.
[edit] Rogue Infiltrants
Viruses that are displayed as "Anti-Virus programs" are known as Rogue Viruses. Rogue viruses have the prime intention of collecting money from a victim, and/or harming his or her computer with infections. The infections installed with rogue viruses make the user's computer slow, so they actually believe an infection exists, which it does. Trojan viruses differ because the prime intention of trojan viruses is to damage the computer and overload the Random Access Memory of the computer.
[edit] See also
- List of trojan horses
- Privacy-invasive software
- Spy software
- Farewell Dossier
- Malware
- Secure computing
- Social engineering (security)
- Remote administration tool
- Reverse connection
- Employee monitoring software
- Botnets
- Spam
- Spyware
- Cyber spying
[edit] Notable instances
- Back Orifice
- NetBus
- Zlob
- Pest Trap
- ProRat
- Sub7
- Vundo
- Ghost Rat used in GhostNet "cyber spying" operation.
[edit] References
[edit] External links
- Analysis of targeted trojan e-mail attacks
- Trojan horses and how they are used en-masse in botnets Virus Bulletin's The World of Botnets by Dr Alan Solomon and Gadi Evron
|
||||||||
