A Trojan horse is a malware that is “disguised as, or embedded within, legitimate software. It is an executable file that will install itself and run automatically once it is downloaded.” Stated differently, a Trojan horse is a program that poses as a legitimate program but performs unknown or unwanted functions.
Trojan horses are typically used as delivery systems for crimeware such as keystroke-capturing software. This software can then be used to monitor what people type, especially passwords and user names.
Social engineering is the most common way to infect a computer. Social engineering is fooling someone into giving out personal information. Once the user has activated the Trojan, the malware can delete, block, modify, or copy data from the computer.
A Trojan horse may also disrupt the performance of the computer or network. Unlike viruses and worms, Trojans are not capable of self-replication.
The first Trojan for Android mobile devices was discovered by Kaspersky Lab in 2010. The Trojan was named Trojan-SMS.AndroidOS.FakePlayer.a because it masqueraded as a media player application. Since 2010, there has been a rapid increase in the development of mobile Trojans especially targeting open-source devices.
Trojan horses create five main risks for computers and mobile devices: (1) deleting files, (2) using the computer to infect other computers, (3) watching users through the webcam, (4) logging keystrokes, and (5) recording user names, passwords, and other personal information. See Table 1 for a list of the types of Trojan horses.
Table 1 Types of Trojan Horses
| Trojan Horse | Damage | Type |
|---|---|---|
| NVP | Modified the system file of Macintosh computers so that all typed vowels disappeared. | Joke Trojan |
| Feliz | Displayed image warning users not to run any programs. | Joke Trojan |
| AOL4Free | Claimed to give users free access to AOL and then wiped out every file from the infected hard drive. | Joke Trojan |
| ProMail | Claimed to be a freeware e-mail program and then stole user data. | Data Theft Trojan |
| SubSeven | Deletes, modifies and copies files. Steals information. | Remote Access Trojan |
| Back Orifice | Accessing personal computer files. | Remote Access Trojan |
Risks Created by Trojan Horses
1. Deleting files
One of the main problems with Trojan horses is that files are deleted or corrupted in another way. This, of course, is not only inconvenient but can cause great problems if it affects work files that can’t be recovered.
2. Using your computer to infect other computers
A Trojan horse planted in a computer may access the user’s address book and send phishing e-mails to other people with the Trojan horse attached to the e-mail. Users who open the attachment unknowingly download the Trojan horse onto their computer. Once on the computer, it accesses the address book and the process starts over. This way, the Trojan horse can spread to more and more computers. For instance, the Trojan horse “Sub7” or “SubSeven” was developed to attack computers running on a Windows 9.x platform. What makes Sub7 so dangerous is the ability of the malicious writer or another person to remotely control the program and issue any command to an infected system. There are a variety of commands that can be given, such as “send an e-mail to the attacker after installation,” or “melt server after installation.” This ability makes Sub7 a very flexible Trojan. Some of the less dangerous but very irritating things that the hacker can do is reversing mouse buttons, restarting Windows constantly, or changing desktop colors. Sub7 can also cause very serious damage to an infected system, however. This includes stealing data, taking control of text messaging, and overwriting or destroying files.
3. Watching users through their webcam
Trojan horses can also be used to spy on people via spyware. An author who infects a user’s computer with a Trojan horse may watch the user through the webcam and possibly watch their security system or children, daily routines, or other things. This type of software is also available for commercial purposes. For instance, online programs may use the commercial type of software such as “Proctor” to watch students while they are taking exams.
4. Logging users’ keystrokes
A keylogger Trojan records users’ keystrokes, saves them to a file, and sends them to the author of the malicious software. The goal is to get information such as passwords, credit card numbers, or documents. Some keylogger software is more advanced and able to monitor for specific activity, such as opening a web browser pointing to a specific website (e.g., banking or credit card site). Keylogger programs are also available as commercial software for parents or employers to monitor children’s or employees’ online activity.
5. Recording usernames, passwords, and other personal information
In 2011, a Chinese Trojan horse hijacked the computer of the Japanese parliament intending to steal data. It is possible that the Chinese hackers were able to download passwords and other information stored on the government computer. These types of attacks are especially of concern for industrial companies and intellectual property, as stealing such information can result in companies going bankrupt. For instance, if a hacker could steal the blueprint for building a certain machine and then build the machine cheaper, the company that invented the machine could lose all its business.
