This article series is intended to help you understand some of the terms and technologies employed by hackers. With this knowledge, you will be better able to ensure that your computer system (or network if you are a system administrator) is adequately protected and safe from prying eyes and unknown fingers.

Trojan Horses

One of the more interesting games that a hacker likes to play is convincing a computer user to install a program that they would normally not load on their system. Sometimes this consists of using a bit of social engineering, and other times it means giving people something they believe is useful. Underneath "the covers" of this useful thing is a payload which is harmful or at least undesirable in one form or another.

This seemingly useful software or product is called a "Trojan Horse", named after the famous gift of several thousand years ago. You remember the story from the Iliad (which I was forced to read in grade school) where the Greeks could not capture the city of Troy after a ten year siege. Finally, the got clever and gave the Trojans a wonderful gift, a giant wooden horse. Inside the horse was hidden a few Greek soldiers, who, once the horse was inside the walls of the city, crawled out and let in the main Greek army. The city of Troy was destroyed that same night.

A software Trojan Horse works in exactly the same way. It is disguised as something valuable, something that someone would want to install on their system. It might be camouflaged as a screen saver, an interesting document, a useful tool or even a picture or graphic. The idea is to somehow get past the users defenses, and the best and easiest way to do that is if the user himself invites it in.

That's one of the features of one of the most destructive viruses to date - "I Love You". That virus appeared to be something very desirable, a love letter from a friend, which made people want to open it once they received it. Of course, once they did so, the evil virus was unleashed to do it's terrible damage.

Another tactic might be to create a useful little product, something that people would like to install on their systems. Buried within the product might be a little bit of malicious code, it doesn't matter what it does. Users are attracted to the useful product and install it on their system in droves. Unbeknownst to them, they have also installed something which perhaps allows a hacker to gain control of their system, watch their keystrokes or use their system to attack other systems. If the hacker is very clever, people may not ever even know their systems have been compromised.

Sometimes a Trojan Horse can be extremely expensive. I've heard of certain web sites which allow you to install a special plug-in or executable in order to see their content. This is all "free" no questions asked, except that this little image looks for a modem and dials a 900 number, racking in the dollars to some company somewhere. Thus, the program looks harmless enough, and it is "free", yet it also installs a dangerous payload.

Many viruses and worms use similar tactics. The "I Love You" virus simply made it clear to everyone how vulnerable we all are to this tactic. Other virus writers have improved on or modified the scheme. A person might now receive an email message with a attachment claiming to be a photo of some nude celebrity, a confidential document or any number of other things. Worse yet, the email message is constructed so that it appears to have been sent by a friend. Thus, a naive or new internet user might open it to see what his "friend" has sent.

Oftentimes the Trojan Horse is a very small program. It must install itself (get triggered), listen for commands and download new things when desired. Thus, a hacker might send out a virus which installs itself on a thousand computers. He can then order those Trojans (more precisely known as "Zombies") to do whatever he wants. If the Trojan cannot perform the action, the hacker can literally change the code at will to include a new command set or new capabilities.

How do you prevent a Trojan Horse from infecting your system and compromising your data?

  1. Install good anti-virus software and fully enable it's capabilities. Be sure the virus definitions are updated regularly.
  2. If you use Outlook or Outlook Express, then consider using another email client such as Eudora.
  3. If you must continue using Outlook, then be sure an install Service Release 3, which contains very strong anti-virus protection. 
  4. I would not recommend Outlook Express as it has been traditionally insecure. If you insist, be sure and set the email security to restricted.
  5. Be sure and keep your system up-to-date on security patches from Microsoft.
  6. Subscribe to the newsletters from Symantec, McAfee and other anti-virus companies. This will help keep you up-to-date and informed.