Trojan horse (computing)
- This article is about computer system security. For Odysseus' subterfuge in the Trojan War, see Trojan Horse.
When referring to a computer, a Trojan horse or Trojan is a computer program which claims to be innocuous but instead has a malicious effect — one which the programmer (or packager, or distributor) intended and the user didn't expect. The term is derived from the classical myth of the Trojan Horse.
A Trojan horse differs from a virus in that it is a stand-alone program — a Trojan does not attach to other programs or files. It differs from a worm in that it does not move from one computer to another on its own. A person must transfer and run it deliberately, such as by email or by posting it to a download area where it could be downloaded by a victim.
A simple example of a Trojan horse would be a program named "SEXY.EXE" that is posted with a promise of "hot pix"; but, when run, it instead erases all the files on the computer and displays a taunting message.
On the Microsoft Windows platform, an attacker might attach a Trojan with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .scr, .bat, or .pif. Since Windows is sometimes configured by default to hide filename extensions from a user, the Trojan horse's extension might be "masked" by giving it a name such as 'Readme.txt.exe'. With filenames hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. Icons can also be chosen to imitate a different file type.
When the recipient double-clicks on the attachment, the trojan might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its malicious purpose. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks.
For example, Trojans are often used to set up networks of zombie computers from which DDoS attacks can be launched, or which can be used to send spam.
Spyware is another form of Trojan horse which is becoming much more common. Spyware is software which purports to help the user or add new features, but when a user downloads it and runs it, can changes the user's home page in his web browser or track a user as he browses the web, reporting the usage information to a company which then uses this information for usually commercial purposes.
Similarly, Trojans may be used to phish for bank or other account details.
Trojan horses can be protected against through end user awareness. If a user does not open unusual attachments that arrive unexpectedly, any unopened Trojans will not affect the computer. This is true even if you know the sender or recognize the source's address. Even if one expects an attachment, scanning it with updated antivirus software before opening it is prudent. Files downloaded from file-sharing services such as Kazaa or Gnutella are particularly suspect because file-sharing services have been a known distribution method for Trojans to spread.
Some Trojans do not infect other programs and are usually easily deleted, but others are much more dangerous. The MyDoom epidemic in early 2004 was spread by using Trojan-horse attachments in email with a terse message saying that the attachment could not be delivered, making users curious to open it and see what it was. (MyDoom is technically a worm, since it spreads itself to other computers by sending infected email attachments, but it depends on users double-clicking on the attachments to actually infect their computers—a Trojan-like property.)
An early Trojan horse was the 1975 ANIMAL program, a game to identify an animal but which also spread itself to other users on UNIVAC Exec 8 computers[1].