In the context of computing and software, a Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. Contrary to popular belief, this action, usually encoded in a hidden payload, may or may not be actually malicious, but Trojan horses are notorious today for their use in the installation of backdoor programs. Simply put, a Trojan horse is not a computer virus. Unlike such malware, it does not propagate by self-replication but relies heavily on the exploitation of an end-user (see Social engineering). It is instead a categorical attribute which can encompass many different forms of codes. Therefore, a computer worm or virus may be a Trojan horse. The term is derived from the classical story of the Trojan Horse. Software redirects here. ... A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. ... A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication or securing remote access to a computer, while attempting to remain hidden from casual inspection. ... A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. ... A screenshot of a malicious website attempting to install spyware via an ActiveX Control in Internet Explorer 6 Malware is software designed to infiltrate or damage a computer system without the owners informed consent. ... Self-replication is the process by which some things make copies of themselves. ... This article is about the manipulation of individuals. ... A computer worm is a self-replicating computer program. ... For other uses, see Trojan Horse (disambiguation). ...

In the field of computer architecture, 'Trojan Horse' can also refer to security loopholes that allow kernel code to access anything for which it is not authorized.

Etymology

The word 'Trojan horse' is generally attributed to Daniel Edwards of the NSA. He is given credit for identifying the attack form in the report "Computer Security Technology Planning Study".^[1] The term comes from analogy to an episode during the legendary Trojan War, as mentioned in Homer's Odyssey and Virgil's Aeneid: worn out by the long siege, the attacking Greeks built a giant wooden horse, ostensibly a peace offering, and pretended to sail away, but in fact left soldiers hidden inside the statue. After the Trojans brought the horse inside the city walls, the soldiers emerged, opened the gates to the Greek armies, and sacked the city of Troy. NSA can stand for: National Security Agency of the USA The British Librarys National Sound Archive This page concerning a three-letter acronym or abbreviation is a disambiguation page — a navigational aid which lists other pages that might otherwise share the same title. ... The fall of Troy, by Johann Georg Trautmann (1713–1769). ... Homers Odyssey is the third full length episode of The Simpsons, that originally aired January 21, 1990. ... Aeneas flees burning Troy, Federico Barocci, 1598 Galleria Borghese, Rome The Aeneid (IPA English pronunciation: ; in Latin Aeneis, pronounced — the title is Greek in form: genitive case Aeneidos) is a Latin epic written by Virgil in the 1st century BC (between 29 and 19 BC) that tells the legendary story...

A very classic example, is due to computer pioneer Ken Thompson in his 1983 ACM Turing Award lecture. Thompson noted that it is possible to add code to the UNIX "login" command that would accept either the intended encrypted password or a particular known password, allowing a back door into the system with the latter password. Furthermore, Thompson argued, the C compiler itself could be modified to automatically generate the rogue code, to make detecting the modification even harder. Because the compiler is itself a program generated from a compiler, the Trojan horse could also be automatically installed in a new compiler program, without any detectable modification to the source of the new compiler.^[2] Kenneth Thompson redirects here. ... The Association for Computing Machinery, or ACM, was founded in 1947 as the worlds first scientific and educational computing society. ... The A.M. Turing Award is given annually by the Association for Computing Machinery to a person selected for contributions of a technical nature made to the computing community. ... Filiation of Unix and Unix-like systems Unix (officially trademarked as UNIX®, sometimes also written as or ® with small caps) is a computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie and Douglas McIlroy. ... A password is a form of secret authentication data that is used to control access to a resource. ... This page is dedicated to list all current compilers, compiler generators, interpreters, translators, etc. ...

Example

The simple example of a Trojan horse would be a program named "waterfalls.scr" where its author claims it is a free waterfall screensaver. When run, it instead unloads hidden programs, commands, scripts, or any number of commands with or without the user's knowledge or consent. Malicious Trojan Horse programs are often used to circumvent protection systems in effect creating a vulnerable system to allow unauthorized access to the user's computer. Non-malicious Trojan Horse programs are used for managing and forensics.

Types of Trojan horse payloads

Trojan horse payloads are almost always designed to do various harmful things, but can also be harmless. They are broken down in classification based on how they breach and damage systems. The six main types of Trojan horse payloads are:

• Remote Access
• Data Destruction
• Downloader
• Server Trojan(Proxy, FTP , IRC, Email, HTTP/HTTPS, etc.)
• Security software disabler
• Denial-of-service attack (DoS)

Some examples of damage are: A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system. ...

• Erasing or overwriting data on a computer
• Encrypting files in a cryptoviral extortion attack
• Corrupting files in a subtle way
• Upload and download files
• Copying fake links, which lead to false websites, chats, or other account based websites, showing any local account name on the computer falsely engaging in untrue context
• Allowing remote access to the victim's computer. This is called a RAT (remote access trojan)
• Spreading other malware, such as viruses: this type of Trojan horse is called a 'dropper' or 'vector'
• Setting up networks of zombie computers in order to launch DDoS attacks or send spam.
• Spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware)
• Making screenshots
• Logging keystrokes to steal information such as passwords and credit card numbers
• Phishing for bank or other account details, which can be used for criminal activities
• Installing a backdoor on a computer system
• Opening and closing CD-ROM tray
• Playing sounds, videos or displaying images.
• Calling using the modem to expensive numbers, thus causing massive phone bills.
• Harvesting e-mail addresses and using them for spam
• Restarting the computer whenever the infected program is started
• Deactivating or interfering with anti-virus and firewall programs
• Deactivating or interfering with other competing forms of malware
• Randomly shutting off the computer

Cryptovirology is a field that studies how to use cryptography to design powerful malicious software. ... A Remote administration tool is used to remotely connect and manage a single or multiple computers with a variety of tools, such as: Screen/camera capture or control File management (download/upload/execute/etc. ... A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. ... This article is about computers that have been compromised by malware. ... A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system. ... A KMail folder full of spam emails collected over a few days. ... A large number of toolbars, some added by spyware, overwhelm an Internet Explorer session. ... Screenshot of a KDE desktop. ... Keystroke logging (often called keylogging) is a diagnostic tool used in software development that captures the users keystrokes. ... This article is about the payment system. ... An example of a phishing email, disguised as an official email from a (fictional) bank. ... A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication or securing remote access to a computer, while attempting to remain hidden from casual inspection. ... A KMail folder full of spam emails collected over a few days. ...

Methods of deletion

Since Trojan horses have a variety of forms, there is no single method to delete them. The simplest responses involve clearing the temporary internet files on a computer, or finding the file and deleting it manually ( safe mode is recommended ). Normally, anti-virus software is able to detect and remove the trojan automatically. If the antivirus cannot find it, booting the computer from alternate media(cd) may allow an antivirus program to find a trojan and delete it. Updated anti-spyware programs are also very efficient against this threat. Anti spyware is a tool to detect and remove spyware. ...

Disguises

Most varieties of Trojan horses are hidden on the computer without the user's awareness. Trojan horses sometimes use the Registry, adding entries that cause programs to run every time the computer boots up. Trojan horses may also work by combining with legitimate files on the computer. When the legitimate file is opened, the Trojan horse opens as well.

See also

• List of trojan horses
• Privacy-invasive software
• Spy software
• Farewell Dossier
• Malware
• Secure computing
• Social engineering (security)
• Remote administration tool
• Employee monitoring software
• Botnets
• Spam
• Spyware

This is a list of trojan horses. ... Privacy-invasive software is a category of software that ignores users’ right to be let alone and that is distributed with a specific intent, often of a commercial nature. ... Spy Software (also known as Computer Monitoring Software or Keylogger) secretly records a computer user by capturing all keystrokes, websites visited, and chat conversations. ... The Farewell Dossier was a collection of documents containing intelligence gathered and handed over to NATO by the KGB defector Colonel Vladimir Vetrov (code-named Farewell) in 1981-1982, during the Cold War. ... A screenshot of a malicious website attempting to install spyware via an ActiveX Control in Internet Explorer 6 Malware is software designed to infiltrate or damage a computer system without the owners informed consent. ... Secure Computing Corporation, or SCC, is a public company (NASDAQ: SCUR) that develops and sells computer security products, such as: Network Gateway Security Solutions including Sidewinder, and SnapGear Messaging Gateway Security Solutions including IronMail Email Security , IronIM IM Security Appliance, IronNet Policy/Compliance Security Appliance, Edge Perimeter Email Security Appliances... This article is about the manipulation of individuals. ... A Remote administration tool is used to remotely connect and manage a single or multiple computers with a variety of tools, such as: Screen/camera capture or control File management (download/upload/execute/etc. ... Employee monitoring software allows company administrators to monitor and supervise all their employee computers from a central location. ... This article needs cleanup. ... This article is about electronic spam. ... A large number of toolbars, some added by spyware, overwhelm an Internet Explorer session. ...

Notable instances

• Back Orifice
• NetBus
• Pest Trap
• Prorat
• Sub7
• Vundo trojan
• Trojanizary

Back Orifice (often shortened to BO) is a controversial computer program designed for remote system administration. ... NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. ... Please wikify (format) this article or section as suggested in the Guide to layout and the Manual of Style. ... ProRat client ProRat is a Microsoft Windows based backdoor trojan horse, more commonly known to the Hacker community as a RAT (Remote Administration Tool). ... Sub7, or SubSeven, is the name of a popular backdoor program. ... The Vundo Trojan is a trojan horse that may cause popups advertising rogue antispyware programs. ...

References

PDF is an abbreviation with several meanings: Portable Document Format Post-doctoral fellowship Probability density function There also is an electronic design automation company named PDF Solutions. ...

External links

• Analysis of targeted trojan e-mail attacks
• Trojan horses and how they are used en-masse in botnets Virus Bulletin's The World of Botnets by Dr Alan Solomon and Gadi Evron
• How to manually get rid of a trojan backdoor Symantec
• Trojan Horse Facts