Trojans

Summary

This is another way for viruses and spyware to proliferate. It also provides compromised machines for sending spam and contributing to DDoS attacks.

Mechanism

Trojans are named after the legendary wooden horse left before the gates of Troy, and which appeared to be a gift but in fact contained hostile troops. In computer terms, a trojan is a superficially desirable piece of software which has covert negative effects. An example is the Sub7 remote access trojan. This might be disguised as something else, perhaps by renaming it, and a user persuaded to download it. Alternatively it might be emailed to a user by a person or a virus. The user is induced, by standard social engineering techniques, to execute the file which apparently does nothing. The Sub7 trojan is now running invisibly on the user' machine. It has added itself to the programs which the computer runs when starting up, so rebooting will not get rid of it.

The Sub7 trojan allows a remote attacker - anyone on the Internet - to take any action on the computer. They could read, change or delete files, turn on the computer's microphone or web camera, and install other software such as tools for spamming or running a denial of service attack. The attacker can see all the keystrokes pressed on the machine and so can read userids and passwords.

Sub7 is now several years old. There are alternative remote access trojans such as QaZ and Infector. Anti-virus software will usually detect these trojans (although the trojans try to disable such software), but trojans are often altered by attackers so that anti-virus tools do not recognise them.

Comment

Trojans present two main risks: that people's security and privacy might be compromised by a Trojan on their machine; and that spammers and DDoS attackers routinely use them to compromise large numbers of machines with which they cause damage on the wider Internet.

Example Mitigations

Education

Virus scanners

Prosecution of offenders

Firewalls