BACK 

Trojan Horse

These malicious programs are named after the Trojan horse, which delivered soldiers into the city of Troy. 

Like the horse, a Trojan program is a delivery vehicle; a program that does something undocumented which the programmer intended, but that the user would not approve of if s/he knew about it. The Trojan program appears to be a useful program of some type, but when a certain event occurs, it does something nasty and often destructive to the system.

Most of the "classic" Trojan programs were delivered to users on disks which advertised themselves as something useful. As an example, a disk that was supposed to contain Aids information was once distributed. Unfortunately, when a program on the disk was run the user's hard disk was encrypted and rendered useless.

Two specific Trojan threats need to be mentioned:

ANSI Bomb. 
Early text computer applications would sometimes make use of a DOS driver called ANSI.SYS to control display colors and other computer functions. As provided in DOS, ANSI.SYS also has the capability of remapping the keyboard. In order to do this all a user had to do was load ANSI.SYS in the CONFIG.SYS file and then force a particular sequence of characters, starting with the Escape key, to the screen. These would be intercepted by ANSI.SYS and the particular key on the keyboard would then be remapped to perform some defined function. 

In the case of an ANSI bomb a Trojan would send a keystroke remapping sequence that might, for example, remap the F1 key to issue a command that might delete everything on the C: drive (or any other unwanted command). The solution, of course, is to not use ANSI.SYS in your CONFIG.SYS file (it's almost never necessary today) and make certain any ANSI simulators you might use as part of a communications program do not implement keyboard remapping.

Windows Help macros. 
The Windows Help file format allows various macros to be attached to Windows Help files. These macros can be set to run when the Help file first starts and, right now, there is no way to prevent this from happening. These macros can contain unwanted actions. As of this writing, the only example of this makes changes to your Windows INI files; but, other actions 
are possible. One researcher has postulated a possible Help file virus, but in looking at what would be necessary to create such a virus (it's not entirely clear it's even possible) Computer Knowledge feels the possibility of one in the wild is remote at best. Anti-virus programs do not generally protect against Windows Help file attacks at the moment so current backups are very important!

Some researchers consider a virus a particular case of a Trojan horse; others believe that if a virus does not do any deliberate damage it cannot be classed as a Trojan. In common use, most people (including Computer Knowledge) use Trojan to refer to a non-replicating malicious program.

In computing, Trojans are, apparently harmless programs that after reaching a computer, carry out several actions without the user noticing. Unlike other malicious code, Trojans do not replicate by infecting other computers and so their capacity to spread is limited.

Depending on the actions they carry out on the affected computers, Trojans can be classified into the following types:

- Destructive Trojans are designed to delete certain files, format the hard disk, or carry out similar destructive action.

- Backdoor Trojans are designed open a backdoor in the computer to let hackers enter and take remote control of it. For this reason they consist of two components: the server, installed on the machine under attack and the client, used by the hacker to control the computer.

- Keylogger Trojans are programmed to capture the user's keystrokes. This information is stored in a special log that can be accessed by the attacker.

- Fake Trojans, which after being run, display false error messages prompting users to enter user names and passwords which are then sent on to the creator of malicious code.