Trojan Horses Explained

What’s In a Name

A trojan horse or "trojan" is a type of malware. It’s a dangerous program that you might run without knowing the danger. It gets the name trojan horse from the Greek tale of the war with Troy. The Greeks built an idol in the shape of a large wooden horse, but hid soldiers inside it. After the Trojans brought the horse inside the walls of their city, the soldiers snuck out of the horse, opened the gates, and were able to attack and defeat Troy. Like the horse in the story, trojan horse program appears to be something safe, but an attacker is inside.

Trojan Horses

A trojan propagates by deception, unlike most other viruses or worms. The payload (or contents) of the program could consist of a root kit or back door, a memory resident virus, or any sort of direct attack on the victim user’s programs or operating system. They could be very destructive, or simply designed to try to gather information such as e-mail addresses or usernames and passwords. Spyware is often just added to a program, so the victim does get what they expected–but with spyware included! As you can imagine, the trojan malware’s content might be any sort of programming the trojan’s creator might want to include!

Often a trojan will appear to be something that an inexperienced or careless user might want. Sometimes trojans send themselves out to e-mail contacts from an infected user, so that they appear to be sent by a friend or family member. They will have deceptive names, like windowsupdate.exe, or patch.exe, and so forth. Names like this that suggest that they are updates, patches, or malware checking or removal programs are common. Since the spread of media files, some trojans are able to trick users by appearing to be humorous or interesting videos. Often users have file extensions hidden, so a trojan might even appear to be something other than an executable file.

More Information

The best defense against Trojans is not to download programs from locations that aren’t trustworthy. For example, be sure you’re downloading from the author’s Web site, or from another trusted site. Even trusted Web sites could get hacked, of course. Don’t run programs or open files if you don’t know what they are. So don’t run programs from any online sources without checking that they are valid. Open Source programs usually have MD5 checksums provided. Of course, always have anti-virus software installed and updated, and scan removable media before running new programs. To learn more about malware in general check out my articles on the differences between worms and viruses, the different types of viruses, and how people create viruses.