Trojan Horses: What They Are and How to Avoid Them
CREDIT: George Bailey/Shutterstock.com
A Trojan horse, or Trojan for short, is a piece of malware that pretends to be something benign, such a media player, an emailed file, a smartphone app or even a Web page. Users are deceived into opening the file, which in most cases installs the malware.
A Trojan can masquerade as almost any sort of file. Image files, office documents, sound files or online games are some other common examples.
There are two main differences between Trojans and viruses or worms. Trojans can't replicate themselves or spread independently, as both viruses and worms do, and they are always created with malicious intent, while viruses and worms are sometimes benign or accidental.
What they do
A Trojan horse can be written to do almost anything on your computer, and is typically set up to run every time your computer is restarted. It can create a remote backdoor to your system, allowing a cybercriminal in Eastern Europe to control your computer. It runs silently and secretly, often evading or even disabling anti-virus software.
Some Trojans install keyloggers or other forms of spyware, which record keyboard activity, monitor Internet usage and sometimes collect personal information. Other Trojans install botnet software, which enrolls a computer in a "zombie army" of computers linked together and secretly controlled by cybercriminals without the owners' knowledge.
Botnets are used for many purposes, including launching distributed denial-of-service (DDoS) attacks to jam websites, pumping out spam emails, cracking encrypted passwords or storing stolen credit-card numbers.
Many Trojans are installed via "drive-by downloads," in which hackers subtly change an unsuspected Web page's code so that visiting browsers automatically download malware. If the user account that unknowingly downloads the Trojan has permission to modify software, the Trojan often will automatically install itself.
Mobile Trojans are often found in third-party app stores, where they pretend to be cheaper versions of popular smartphone apps. Android users need to examine the permissions each app demands before it's installed; iPhone and iPad users are probably safe as long as they don't "jailbreak" their devices.
Once Trojans are installed, detecting them can be difficult. The best method is to use a "packet sniffer" that analyzes network traffic for signs of communication with cybercriminal-controlled servers. However, most good anti-virus software will block the installation of known Trojans.
What you can do
As with other forms of malware, a few simple steps can greatly reduce your chances of infection by Trojans.
First, structure the user-accounts permissions on your computer so that accounts with full administrative rights are used rarely, and only to install or update software. For all other tasks, including Internet use and regular office work, use limited accounts that cannot modify applications.
Second, turn on whatever firewalls are available on your home network. Windows 7, Vista and the latest version of XP have built-in firewall options, as does Mac OS X. So will your wireless router.
Third, install a robust anti-virus software product, make sure you keep it constantly updated, and set it up to regularly perform automatic system scans. Many free anti-virus products are available from several vendors, including Microsoft, but the paid ones do a better job of protecting Web browsers and email clients from drive-by downloads and Trojanized attachments.