Lockdown.co.uk - The Home Computer Security Centre

LockDown is the source for security information and resources for the home computer user.

Trojan Horses

A program which the user thinks or believes will do one thing (the 'perceived purpose'), and which may or may not do that thing, but which also does something else which is not necessary to accomplish the perceived purpose, and of which the user would not approve (the 'payload').

Ian Whalley, IBM TJ Watson Research Centre

Trojans don't spread by themselves and many weird and wonderful ways of distributing them have been invented. One of the most popular, perhaps, is the email trick.

A typical Email Trick

The attacker prepares his Trojan program to grab personal data from a victims computer, he designs the Trojan to look like a utility that speeds up Windows by a factor of ten, or perhaps he attaches the Trojan to a game, invisibly. Then he sends an email to his victim, possibly claiming to be somebody else, and inviting the victim to run his Trojan. He's probably given it an inviting name, such as SPEEDUP.EXE, RUNME.EXE or SEXSHOW.EXE, the victim is quite pleased to receive such a cool sounding utility/game and runs it right away. Whilst the program might appear seemingly harmless enough to the victim, it has secretly taken a copy of the victims passwords and has sent an email back to the attacker containing the information. The Trojan also planted a secret command into the operating systems configuration files and the next time the machine is rebooted, important files will mysteriously go missing.

Other Methods

Other methods of attack include:

Are Trojans Dangerous?

They can be. They have the potential to do almost anything, some do very little, but others can destroy your system or reveal all your personal data if not caught in time.

Will my anti-virus software detect Trojans?

There is an interesting answer to this question: perhaps not. While most virus checking software today has the ability to detect some Trojans, the chances are that the vast majority of Trojans will not be detected at all by anti-virus software. The reasons are complex, but centre around the fact that the infinite variety of Trojans make them difficult to detect and it's hard to say what is a Trojan and what is a legitimate program.

How can I protect myself?

The most effective ways is to be aware of the problem.

If an email message arrives in your inbox with an attachment that you wasn't expecting - DON'T OPEN IT! Unless you're 100% sure that an attachment to an email message is safe you shouldn't run it.

Don't download programs from websites you don't trust.

Don't leave your machine unattended if it's vulnerable to attack.

There are also many applications available to detect and remove certain Trojans (some anti-virus software for example) but my feeling is that these are probably of limited value since they won't project you against all Trojans, they may give you a false sense of security.

Friday 10th July 2009 03:01