Trojan horses
A Trojan horse is a computer program which carries out malicious operations without the user's knowledge. The name "Trojan horse" comes from a legend told in the Iliad (by the writer Homer) about the siege of the city of Troy by the Greeks.
Legend has it that the Greeks, unable to penetrate the city's defences, got the idea to give up the siege and instead give the city a giant wooden horse as a gift offering.
The Trojans (the people of the city of Troy) accepted this seemingly harmless gift and brought it within the city walls. However, the horse was filled with soldiers, who came out at nightfall, while the town slept, to open the city gates so that the rest of the army could enter.
Thus, a Trojan horse (in the world of computing) is a hidden program which secretly runs commands, and usually opens up access to the computer running it by opening a backdoor. For this reason, it is sometimes called a Trojan by analogy to the citizens of Troy.
Like a virus, a Trojan horse is a piece of harmful code placed within a healthy program (like a false file-listing command, which destroys files instead of displaying the list).
A Trojan horse may, for example:
- steal passwords;
- copy sensitive date;
- carry out any other harmful operations;
- etc.
Worse, such a program can create an intentional security breach within your network, so as give outside users access to protected areas on the network.
The most common Trojan horses open machine ports, allowing their designer to gain entry to your computer over the network by opening a backdoor or backorifice.
 | A Trojan horse is not necessarily a virus, as its goal is not to reproduce itself to infect other machines. On the other hand, some viruses may also be Trojan horses; that is, they might spread like viruses and open ports on infected machines! |
Detecting such a program is difficult because you must be able to determine whether an action is being carried out by the Trojan horse or by the user.
Symptoms of infection
Infection by a Trojan horse usually comes after opening a contaminated file containing the Trojan horse (see the article on protecting yourself from worms) and is indicated by the following symptoms:
- Abnormal activity by the modem, network adapter or hard drive: data is being loaded without any activity from the user;
- Strange reactions from the mouse;
- Programs opening unexpectedly;
- Repeated crashes.
Principle of a Trojan horse
As a Trojan horse is usually (and increasingly) intended to open a port on your machine so that a hacker can gain control of it (such as by stealing personal data stored on the hard drive), the hacker's goal is to first infect your machine by making you open an infected file containing the Trojan and then to access your machine through the opened port.
However, to be able to infiltrate your machine, the hacker normally has to know its IP address. So:
- Either you have a fixed IP address (as with businesses, or with individuals with a cable or similar connection, etc.) in which case your IP address can easily be discovered;
- or your IP address is dynamic (reassigned each time you connect), as with modem connections; in which case the hacker must scan IP addresses at random in order to detect those which correspond to infected machines.
Protect yourself from Trojans
Installing a firewall (a program which filters data entering and leaving your machine) is enough to protect you from this kind of intrusion. A firewall monitors both data leaving your machine (normally initiated by the programs you are using) and data entering it. However, the firewall may detect unknown outside connections even if a hacker is not specifically targeting you.. They may be tests carried out by your Internet service provider, or a hacker randomly scanning a range of IP addresses.
For Windows systems, there are two free high-performance firewalls:
- ZoneAlarm
- Tiny Personal Firewall
In case of infection
If a program whose origins you are unsure of attempts to open a connection, the firewall will ask you to confirm it before initiating the connection. It is important to not authorise connections for a program you don't recognise, because it might very well be a Trojan horse.
If this reoccurs, it may be helpful to check that your computer isn't affected by a Trojan, by using a program that detects and deletes them (called an anti-Trojan). One example is The Cleaner, which can be downloaded from http://www.moosoft.com.
For Further Reading,
0 comments:
Post a Comment