This content is part of the Essential Guide: Secure Web gateways, from evaluation to sealed deal

Trojan horse (computing)

In computing, a Trojan horse is a program that appears harmless, but is, in fact, malicious. Unexpected changes to computer settings and unusual activity, even when the computer should be idle, are strong indications that a Trojan is residing on a computer.

A Trojan horse may also be referred to as a Trojan horse virus, but that is technically incorrect. Unlike a computer virus, a Trojan horse is not able to replicate itself, nor can it propagate without an end user's assistance. This is why attackers must use social engineering tactics to trick the end user into executing the Trojan. Typically, the malware programming is hidden in an innocent-looking email attachment or free download. When the user clicks on the email attachment or downloads the free program, the malware that is hidden inside is transferred to the user's computing device. Once inside, the malicious code can execute whatever task the attacker designed it to carry out.

Because the user is often unaware that a Trojan horse has been installed, the computing device's security depends upon antimalware software that can recognize malicious code, isolate it and remove it. To avoid being infected by Trojan malware, users should keep their antivirus software up to date and never click on links from untrusted sources or download files from unknown senders.

The term Trojan horse stems from Greek mythology. According to legend, the Greeks built a large wooden horse that the people of Troy pulled into the city. During the night, soldiers who had been hiding inside the horse emerged, opened the city's gates to let their fellow soldiers in and overran the city.

In computing, the term was first named in a 1974 U.S. Air Force report that discussed vulnerability in computer systems. It was later made popular by Ken Thompson when he received the Turing Award in 1983 -- an award given by the Association for Computing Machinery to an individual of technical importance in the computer field.

Trojan horse

Uses of a Trojan horse

When a Trojan horse becomes active, it puts sensitive user data at risk and can negatively impact performance. Once a Trojan has been transferred, it can:

  • Give the attacker backdoor control over the computing device.
  • Record keyboard strokes to steal the user's account data and browsing history.
  • Download and install a virus or worm to exploit a vulnerability in another program.
  • Install ransomware to encrypt the user's data and extort money for the decryption key.
  • Activate the computing device's camera and recording capabilities.
  • Turn the computer into a zombie bot that can be used to carry out click fraud schemes or illegal actions.
  • Legally capture information relevant to a criminal investigation for law enforcement.

How a Trojan horse works

Here is one example of how a Trojan horse might be used to infect a personal computer:

The victim receives an official-looking email with an attachment. The attachment contains malicious code that is executed as soon as the victim clicks on the attachment. Because nothing bad happens and the computer continues to work as expected, the victim does not suspect that the attachment is actually a Trojan horse and his computing device is now infected.

The malicious code resides undetected until a specific date or until the victim carries out a specific action, such as visiting a banking website. At that time, the trigger activates the malicious code and carries out its intended action. Depending upon how the Trojan has been created, it may delete itself after it has carried out its intended function, it may return to a dormant state or it may continue to be active.

Examples of Trojan horse malware

Over the years, Trojan horses have been discovered by antimalware vendors, security researchers and private individuals. Some of the most famous discoveries include:

  • Bitfrost -- remote access Trojan (RAT) that infected Windows clients by changing, creating and altering components.
  • Tiny Banker -- allowed attackers to steal sensitive financial information. Researchers in the Center for Strategic and International Studies Security Group identified 'Tinba' in 2012 after two dozen major U.S. banks were infected.
  • FakeAV Trojan -- embedded itself in the Windows system tray and continuously delivered an official-looking pop-up window, alerting the user to a problem with the computer. When users followed directions to fix the problem, they actually downloaded more malware.
  • Magic Lantern -- a keystroke logging Trojan created by the FBI around the turn of the century to assist with criminal surveillance.
  • Zeus -- a financial services crimeware toolkit that allows a hacker to build his own Trojan horse. First detected in 2007, the Trojans built with Zeus still remain the most dangerous banking Trojans in the world, using form grabbing, keylogging and polymorphic variants of the Trojan that use drive-by downloads to capture victim credentials.
This was last updated in January 2018

Continue Reading About Trojan horse (computing)

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How invasive should system and browser warnings be about the dangers of downloading certain files to avoid a Trojan virus from being installed?
It's a fine line. It has to be invasive enough to forestall the trojans and their system infections. And it has to be unobtrusive enough to stay out of the way of the work.

Thing is, we've all be warned over and over again and yet far too many employees put themselves and their companies at risk with every download. Frankly, I'm for blaring klaxons and a screen covered with warning notices. Just before an automated shutdown of the offending system prevents even more harm. Followed by mandatory instructions and zero tolerance. 
My computer I am typing on had the Trojan Horse Virus. For me it is next to impossible, however if your system isn't invasive...   

Goodbye computer.
I have downloaded a trojan before using my wife's laptop. Then I installed ESET Antivirus and removed the trojan without deleting the files.


File Extensions and File Formats

Powered by: