Trojan Horse

Description

A Trojan horse is a malicious computer program hidden inside another program that masks its true purpose and appears to be legitimate. Trojan horses rely on users to install them or can be installed by intruders who have gained unauthorized access by other means. A Trojan horse can be sent as an attachment to an email message or can be placed on a website for an intruder to entice victims. A Trojan horse may be in the form of a Java applet, JavaScript, ActiveX control, or any other form of executable file. A Trojan horse is not considered to be a virus because it neither replicates nor copies itself automatically. When a Trojan horse is received in the form of an email, the program can mask its identity and do damage to the hard drive once the file has been executed. A Trojan horse is designed to cause damage to computer files or to compromise the security of the computer. Compromising a computer's security can happen when the Trojan horse provides remote control capabilities to hackers. Trojan horses can do anything that the user executing the program has the privileges to do. This includes deleting files that the user can delete, transmitting to the intruder any files that the user can read, changing any files the user can modify, and installing other programs such as programs that provide unauthorized network access including viruses and other Trojan horses. If the user has administrative access to the operating system, the Trojan horse can do anything that an administrator can. If a system on a network is compromised via a Trojan horse or any other method, the intruder may be able to install a network sniffer and record usernames and passwords or other sensitive information as it obstructs the network. Additionally, a Trojan horse could implicate a website as the source of an attack and could expose an organization to liability.

Solutions

The best advice with respect to Trojan horses is to avoid them all together. Other precautions should be initiated by the system administrators who should verify that every piece of software that is installed is from a trusted source and has not been modified. Additionally, anything sent via unsolicited electronic mail should not be executed. Some caution should also be taken when executing content such as Java applets, JavaScript, or Active X controls from web pages. It would be best to configure the web browser to disable the automatic execution of web page content. Another helpful solution

...