---

What is a Trojan horse?

The term Trojan horse is applied to malware that masquerades as a legitimate program but is in reality a malicious application. It may simply pretend to be a useful program or it may actually contain a useful function as cover for a destructive one. Screen savers are often used as a carrier. Trojan horses do not replicate themselves as do viruses and worms. However, a Trojan horse can be part of the payload of a worm and can be spread to many machines as part of a worm infestation. Many Trojan horses have been sent out as email attachments.

One favorite use of Trojan horses is to allow a malicious hacker ( more properly called a "cracker") to use systems of unsuspecting owners for attacking other machines or as zombies. Another use is for relaying spam or pornography. Yet another use is to steal account passwords and then relay them back to someone for fraudulent use. Trojans can also be destructive and wipe out files or create other damage. Recently, phishing scams have been making use of Trojans.

Sometimes social engineering is used to induce people to click on a link. Here's one that enticed people to try to download some photos:

Osama Bin Ladin was found hanged by two CNN journalists early Wednesday evening. As evidence they took several photos, some of which I have included here. As yet, this information has not hit the headlines due to Bush wanting confirmation of his identity but the journalists have released some early photos over the internet.

Instead of photos what they got was a Trojan.

Defenses

Many Trojans are recognized by the major anti-virus programs. However, not all Trojans have characteristics that trigger anti-virus programs so additional software is recommended. The spyware programs discussed on the next page should be considered as well as the references in the sidebar.

It is essential in the present conditions to have a firewall. The Internet is a two-way street. Unless your computer is properly protected, it is all too easy for unwanted visitors to gain access to your computer while you are on-line. Once into your system, a cracker can plant a Trojan or worm or do other harm. Good firewall software can make your computer invisible to all except the most determined cracker. Further, most firewalls will warn you if programs on your computer try to connect to the Internet without telling you. That will help to warn you if you get an infection. Note, however, that some Trojans may hide by piggybacking on essential services like your email client.

Unless they had a broadband Internet connection, I used to tell people that they probably did not need a firewall. However, hacking has reached the point where everyone, even those with dial-up connections, needs a firewall. My firewall keeps a log of the attempts that are made to probe my computer and once in a while I check it out of curiosity. The attempts are unceasing and come from all over the world. (I know because I look up some of the IPs.) Even my wife's dial-up AOL account is probed all the time. Many of these probes are not malicious but I see no reason to take chances on the good will of all these strangers.

The present version of Windows XP has half a firewall built in. Unfortunately, it monitors only incoming traffic and therefore is of no help in warning about programs on your computer that call up Internet sites without telling you. Also, note that that you have to specifically enable it. (Service Pack 2 turns it on by default.). I recommend a more robust program. If you want to, you can go for one of the commercial suites that include a firewall together with a variety of other programs. However, there are several very good free programs. The sidebar contains references.

Spyware and Adware

These types of pest are related to Trojans but are a little less destructive. They are discussed on the next page.