Trojan Horses
What is a Trojan Horse?
Named after the famous Wooden Horse used by the Greeks to conquer the city of Troy, these programs basically invade your PC disguised as a piece of desirable software. Often hidden inside the installation routines of pirate software downloaded from the internet they install themselves at the same time as the actual application and modify your system settings to ensure they are automatically run every time your PC is started up.
Trojan horses themselves seldom damage the system they infect, preferring to silently allow attackers to access your machine over the internet and do almost anything from stealing your files through to destroying your hard disk. Because they normally rely on an internet connection, PC's with cable modems or other always-on connections are especially vulnerable if infected with a trojan horse.
Regular users of IRC need to be especially wary of receiving trojan horses in files they download from other users. These often exploit bugs in the Windows operating system to make themselves appear to be harmless picture, text or zip files when in reality they are executables which will install a trojan horse on your system if run.
How can I tell if I'm infected?
By far the best way is to run a scan of your system with a suitable tool. Antivirus software will detect and often remove most trojans horses as well as viruses but for more stubborn problems a dedicated anti-trojan package may be needed. We recommend Swat-IT from Lockdown Corp. which will detect and remove almost all known trojan horses. As with virus scanners, it needs to be kept updated as new trojans are being released all the time.
Other telltale signs include :
- Unexplained activity (windows opening or closing on their own, mouse moving on it's own, cd-rom opening or closing etc.)
- Unusual message boxes or strange error messages.
- Outlook or outlook express taking a long time to close or seeming to hang when you preview a specific message (can indicate an email worm).
- Corrupt files.
- Unknown programs in the task list (NT, Win2k)
- Alerts from your firewall about OUTBOUND communication from an unusual source.
