What may appear to be a legitimate piece of software or a friendly email could in fact be concealing a Trojan horse. Once the Trojan enters the system it will attack programs such as file systems, mail handling systems, Windows 95, Windows 98, Windows NT, and Unix/Linux systems. The attacker will then gain access to unauthorized areas. The damage done to the computer system can range anywhere from deleting files to freezing the network. This paper will address what a Trojan horse is and the damaging affects it can have on a computer system as well as the targeted individual.
Imagine a computer program that has no vulnerabilities or software that would protect computers to the fullest. Seems impossible, right? Computers apparently will always have some type of vulnerability within their programs and even within the protection software. It is then only natural that our computers are susceptible to attacks. Flaws within software programs are not the only reason why computers get attacked. What about people and their vulnerabilities? Well there is a type of attack that not only exploits software flaws, but also takes advantage of humans by way of trickery. The attacks are Trojan horses. This paper will define what a Trojan horse is, the motives, and examples of attacks.
Why call such an attack a Trojan horse? Remember the ancient Greek story about the Greek soldiers hiding inside a wooden horse so they could enter and attack the city of Troy? Well, the Trojan horses today do basically the same thing. This attack hides in what seems to be harmless software programs, attachments, emails, and websites. According to Dr. Fred Cohen, the Trojan horse can be further defined as “the unintended components or operations that are placed in hardware, firmware, software, or wetware causing unintended and/or inappropriate behavior.” [1]
Since the Trojan horse is well disguised, one may not realize an infected file was opened. Some people may not think twice about downloading programs or opening emails from friends, but this gullibility can result in an attack. It may also be thought that the anti-virus programs and the firewalls are going to protect a computer system, but Trojan horses can find ways to penetrate through these systems. Once in the system the Trojan horse itself does not replicate. On the other hand, if it contains a virus or a worm, it can then spread to other computers connected within the same network or perhaps whoever is listed in an address book.
The attacks can vary from being harmless to malicious. An example of a harmless attack could be someone sending an obscene message or someone trying to voice a political opinion. [2] A malicious attack could have additional components within the Trojan horse such as logic bombs, viruses, or worms.
Now why would anyone want to send out a Trojan horse? Individuals may want to obtain information regarding a business competitor. With a Trojan horse, the competitor could spy on their rival’s computers and obtain critical information. An example like this was seen in the beginning of October 2002. A woman, who owned her own personal business, felt there was something different with her computer, so she took her PC for a check-up. A Trojan horse virus was found. It turned out a rival company wanted to gain information about her activities and as a result, the woman lost some of her clients as well as potential clients. [3]
An attacker can also use a Trojan horse to shut down an individual’s computer system. This would limit the user from gaining any access to the system. The Trojan can even exploit flaws within some major programs. An attack like this was seen in 2001 where parts of the system shut down and flaws were exploited. The name of the Trojan horse was called Trojan.JS.Offensive and Trojan.Offensive. This particular attack was distributed through email. To activate the Trojan, all the user had to do was click on a start button within the email. From this, Windows icons would become invisible, Windows would shut down, and the user was prevented from using any additional programs. This attack also exploited a flaw found in Microsoft Java Virtual Machine. [4] The article was not specific about who was targeted, but just think of the possible destruction that may have occurred. By shutting down Windows, there could have been a potential loss of data. Also not being able to access a system means that anything stored on the computer cannot be readily available.
A Trojan attack can lead to password theft. For instance, an attacker could email the disguised Trojan. Once the files are opened, the attacker could monitor keystrokes and soon determine passwords. In a 2000 case, a woman’s computer was attacked and the Trojan horse was programmed to obtain her password from her AOL account. The attacker used her password to distribute a significant amount of spam. This caused the AOL account to be suspended. [5] The overabundance of email could have resulted in a denial of service attack. On a personal note, I also experienced the same situation in 2000. However, I do not recall the name of the Trojan horse. Passwords to three different AOL accounts were obtained by a Trojan horse attack. Spam was then generated from the three accounts. AOL also suspended the accounts until new passwords were established.
Backdoors can also be left open as a result of an attack. A backdoor is an entry point that allows the attacker easy access in and out of the network without being detected. This exposes unauthorized materials. The attacker can be in total control of the computer system and the user may not even know it until severe damage has been done. At the end of September into the beginning of October, 2002, about 200 people downloaded a Sendmail program that was modified to contain a Trojan horse. The version of the program was 8.12.6. [6] Once downloaded, a backdoor was activated and controlled by “one-letter commands: ‘A’ to kill the exploit, ‘D’ to execute a command, and ‘M’ to put the Trojan to sleep.” [7] The amount of information readily available through the backdoor depended on the access available to the user. [8]
Finally, computer systems protected by anti-virus software and firewalls are also susceptible to attacks. Since Trojan horses are frequently modified, it is difficult for computer programmers to update the anti-virus software, so it can detect all Trojan horses. A firewall's job is to be able to make the distinction between a trusted application from a non-trusted application. How? Well, "any Trojan horse can be easily renamed and can choose appropriate ports to disguise itself as a trusted application." [9]
In conclusion, Trojan horses are malicious attacks and can occasionally be a harmless prank. Files can be destroyed, information can be stolen, passwords can be swiped, and spam can be generated. People may think they are safe with anti-virus software or firewalls, but Trojan horses can find the vulnerabilities and cause havoc within the networks. The software needs to be updated regularly to protect a computer system from new Trojan horses. Better judgment also needs to be made when downloading software or even opening emails from friends or coworkers. They too may have been attacked by a Trojan horse and not even know it. Even if all these cautionary actions are followed, attackers will just find new ways to insert undetectable Trojan horses along with updated versions. Remember, things are not always what they seem.