An Introduction To Trojan Horse VIRUS

Author : Daniel Petri

Since "Trojan Horses" (or Backdoors) have been in the news just recently, the term probably sounds familiar to you. But perhaps you're not quite sure what a Trojan Horse is and what damage it is capable of doing to your system. Trojan Horses, of which there are now more than one thousand in circulation (including modifications and variants), are a relatively new and probably the most dangerous strain of viruses that have appeared in recent times. They also threaten to overwhelm systems that only run anti-virus applications and firewalls as a means of combating the threat. Today's Trojans as they are commonly referred to as, have now attained such a degree of sophistication that they pose a real threat to any user who hasn't taken adequate precautions to protect their data.

The name "Trojan Horse" derives itself from a page in Greek history when the Greeks had lain siege to the fortified city of Troy for over ten years. Their spy, a Greek called Sinon offered the Trojans a gift in the form of a wooden horse and convinced them that by accepting it, they would become invincible. The horse though was hollow and was occupied by a contingent of Greek soldiers. When they emerged in the dead of night and opened the city gates, the Greeks swarmed in, slaughtered its citizens and subsequently pillaged, burned and laid waste to the city.

In the IT environment, the Trojan Horse acts as a means of entering the victim's computer undetected and then allowing a remote user unrestricted access to any data stored on the user's hard disk drive whenever he or she goes online. In this way, the user gets burned and like the unfortunate citizens of Troy, may only discover that fact when it is too late.

These types of viruses were originally designed as a means of self expression by gifted programmers and did little more than to cause the system to lock up, behave abnormally in a specific way or perhaps cause loss of data on the user's machine.

Nowadays though, Trojans have a much more sinister purpose. Their primary objective is to allow a remote user a means gaining access to a victim's machine without their knowledge. Once that has been achieved, the intruder can do anything with the machine that the user can do. An intruder's usual objective is to browse the user's hard drive in order to detemine if there is anything of value stored on it. That could be almost anything such as valuable research papers, credit card details or passwords to restricted web sites for example. If anything of value is found, then the intruder can copy the data to his own hard drive in exactly the same way that the user can copy a file to a floppy disk. The worse thing is that all these processes are hidden from the user who might be sitting in front of his own machine working on an entirely different document at the time. Unusual hard drive activity for no apparent reason may be the only indication that something is happening that shouldn't be happening.

The intruder can also cause havoc to the system by deleting (system) files, erasing valuable data or ultimately destroying the hard drive. Simply adding a command to the autoexec.bat file can do that. The next time the unsuspecting victim boots the computer, it will automatically run the format command. Adding a certain flag to that command will also render the hard disk unusable.

Passwords offer no protection at all because today's Trojans are capable of recording the victim's keystrokes and then transmitting the information back to the intruder. Those passwords can subsequently be deciphered by the Trojan and even changed in order to prevent the user getting access to his own files!

How does Trojan Horse infect your computer?

In order to gain access to a user's computer, the victim has to be induced to install the Trojan himself. The usual method is to offer a seemingly useful system enhancement or perhaps a free game that has the Trojan attached to it. By installing it, the user also installs the Trojan.

The most common sources of infection are as follows:

(A) Executing any files from suspicious or unknown sources.

(B) Opening an e-mail attachment from an unknown source.

(D) By executing files received from any online activity client such as ICQ.

Virtually every Trojan virus is comprised of two main parts. These are the called the "server" and the other, the "client". It is the server part that infects a user's system.