Trojan Horse : Definition, Prevention & Removal

DEFINITION

A trojan horse is a type of computer software that gets its name from the ancient Greek legend of the fall of Troy. Simply put, a trojan horse is a malicious piece of software which requires users to invite it in, and is therefore disguised as something else. Unsuspecting users will allow the trojan in to their machine through a seemingly harmless and routine task, only to have their computer compromised.

A typical trojan horse will be presented as something useful such as an email alert regarding a new security patch. The email might provide a link, inviting the user to click on it to download and install the patch. When the link is followed the trojan gains access to the user's computer and executes its programmed task. By design, a trojan horse is used by hackers to gain remote control of a large network or secure system so as to put it to use for its own purposes.

Other means employed by hackers to distribute their trojan horses rely on stealth rather than deceit. For example, a hacker can break into a web site and leave behind a trojan horse disguised as an ActiveX control. Some trojans have been embedded in email attachments or files obtained from a file sharing service. One creative hacker even went so far as to write a compiler which, as part of its normal operation, also included a trojan horse in the finished product.

Some of the more widespread uses of trojans include data theft through mining of information stored on a hard drive, intercepting secured data before it's sent to a legitimate server, or even recording keystrokes as the user goes about his normal activities. Trojan horses can be programmed to delete specific files, modify an operating system, download additional files including other malicious software, launch Denial of Service attacks, and set up zombie machines for later use. Trojan horses are among the favorite tools for hackers and thieves alike. Like a worm, the trojan horse can be designed to scan networks looking for vulnerable computers.

PREVENTION

Unlike a virus or worm, the trojan cannot reproduce itself within an infected machine. It is a single function program that is inadvertently executed by the user but goes no further. This design makes prevention of trojan attacks easier than that of other threats. To begin with, trojans frequently utilize the .exe file extension in the Windows environment. Never run an .exe file unless you are absolutely sure it comes from a trusted source. Security patches should always be downloaded directly from a vendor's website, never through a link in an email or a third-party website.

Next, turn off your computer when not in use. Since trojans have the ability to scan the internet or local networks looking for vulnerable machines, it's wise to minimize the risk by shutting down. A firewall should also be used to monitor all incoming requests and deny any that might be a threat. Anti-virus software is always part of the prevention of malicious attacks, so make sure yours is always up to date and running whenever the computer is on.

REMOVAL

Trojan horses are easily detectable by most anti-virus programs as long as they are kept current. As long as the trojan hasn't been executed, removal is fairly simple as well. Anti-virus software should be able to quarantine and then delete the unwanted trojan. If one makes it past the anti-virus and is allowed to execute it's difficult to know how much damage has been done and unfortunately, simply removing the trojan will not end the threat. Opened communications ports will need to be closed; an altered registry will need to be cleaned; all of the system's security software will need to be examined to make sure it hasn't been compromised.

Anti-virus software vendors will sometimes offer removal tools, but complete removal will almost always require manual steps as well. Check your vendor's website for tools and instructions. If damage has gone deep enough into a machine it may be necessary to return it to a previous restore point after removal is complete. In extreme cases a trojan can cause enough damage to require a clean re-installation of the operating system.