What are Trojan Horses?
Named for the giant wooden horse the Greeks allegedly gave the Trojans as a peace offering, a modern day Trojan horse is a destructive computer program that masquerades as a benign application. Just as the trusting citizens of Troy wheeled a horse containing hidden soldiers into their walled city, Trojan horse programs also contain nasty surprises. They can destroy files, steal confidential data such as passwords and financial information, or allow an intruder to remotely control your system.
Unlike other types of malware (malicious software), such as viruses and worms, Trojan horses can't operate autonomously or spread from machine to machine by themselves. Just like the legendary horse, they need a human to activate them by opening the file in which they are hidden. This is surprisingly easy to do.
Method of infection
Trojan horses usually enter computer systems in one of two ways. The first is through legitimate software that someone has deliberately corrupted with malicious code. The second is through an independent program that is embedded in a game, image, or song. Typically they are aimed at Windows programs and bear filename extensions such as .exe, .com, .bat, .scr, or .pif.
Trojan horses can also be sent via instant message, delivered on CD-ROM, or downloaded from websites or file-sharing programs. The most common mode of delivery, however, is via e-mail attachments from unknown senders, frequently containing an attached picture within which the Trojan is embedded.
Trojan horses can exploit your system in various and creative ways including:
- Uploading or downloading files
- Erasing or overwriting data
- Creating a "backdoor" that allows an intruder to remotely access and control your machine
- Commandeering your system to distribute malware or spam to other computers
- Spying on your activities by sending screenshots of your monitor to a remote location
- Recording keystrokes to steal credit card or password information
How to protect yourself
The easiest way to save your company’s systems from a Trojan attack is to install anti-virus software that specifically protects against Trojan horses and worms, as well as viruses. Set the application to routinely check for new threat updates, and be sure the software scans all incoming e-mail messages.
A secure firewall may also keep Trojans out by blocking them from coming in, as well as preventing any sensitive data from leaking out in case of an attack. Trojan horses are often hard to detect, and by checking the firewall's log files, you may find a Trojan or other malware that snuck past your anti-virus program. A firewall gives you added protection on the front lines of your computer's gateway to the Internet.
At the firewall or server level, you can also set up filters to scan for file endings that often indicate a Trojan. On an individual user level, be sure employees set their systems to show "hidden filename extensions" so that they can determine whether the "myvacation.jpg" is really a picture from your recent getaway and not "myvacation.jpg.exe" -- a camouflaged computer program.
Avoid peer-to-peer file-sharing networks such as Kazaa, Limewire, or Gnutella, which don't filter out malicious programs hidden in shared files. Importantly, set company policies against use of these programs by employees.
Finally, protection from Trojans involves simple common sense. Be wary of attachments from unknown senders, and make sure your e-mail program isn't set to automatically open or download attached files.