What is a trojan program

Trojans

1. term: As a Trojan horse Trojan Horse, Trojans for short) is a computer program that is deliberately smuggled into third-party computers or gets there by chance and performs functions not mentioned. It is disguised as a useful program, for example by having the file name of a useful file or, in addition to the hidden function, actually having a useful functionality, such as "funny_screen saver.exe".

2. Origin of the term: The name is derived from the Trojan horse of the Greek world of legends. There, during the siege of Troy, it was a wooden horse with Greek soldiers hidden in its belly. The soldiers opened the city walls of Troy from the inside at night and let in the army of the Greeks. The ancient Greeks used this ruse to win the Trojan War.

3. Malware: Trojans are a hacking technique; a Trojan horse belongs to the family of unwanted or harmful programs, the so-called malware. It is often used colloquially synonymously with computer viruses (virus).

4. Types of Trojans: A distinction must be made between the following types of Trojans: a) Many Trojans secretly install malware while they are running on the computer, which runs independently on the computer and cannot be deactivated. Among other things, spy programs can get onto the computer (e.g. sniffers or components that record keystrokes, so-called keyloggers). It is also possible to secretly install a so-called backdoor program, so that the computer is controlled remotely over a network (e.g. the Internet) without being noticed.

b) Many Trojans are created by combining two independent programs into one program file. A so-called linker attaches the second program to any executable host file without affecting the functionality of the two programs. With the start of the first program, the hidden second program is also started unnoticed.

c) Trojans that secretly start an installation routine are used to install malware on a system unnoticed as soon as the Trojan is executed (so-called droppers). to drop- "store" something in the system). An autostart mechanism usually ensures that the malware is loaded automatically even after the computer has been restarted.

d) There are also Trojans that hide the secret functions in themselves. If the Trojan is terminated or deleted, the hidden functions are no longer available. One example of this are plugins, a kind of expansion module for a specific program with which further functions can be added. A Trojan horse disguised as a useful browser plug-in can run on an Internet browser, e.g. to communicate with the Internet via the browser, which can bypass a firewall.

e) It is also possible that a Trojan may take advantage of an external contact point of a program. Similar to a plug-in Trojan, such a Trojan requires an existing program by the user. The Trojan can start the browser and open an invisible window, use it to establish an Internet connection and send data to the attacker. Here, too, a firewall cannot prevent the secret connection being established if the connection to the Internet has been allowed for the browser.

5. distribution: In 2006, 55.6 percent of the malicious programs registered by the information network of the federal government in Germany were Trojan horses, while only 10 percent were viruses. Vulnerabilities in browsers and office applications are often exploited on the day they are discovered. Modern Trojans are usually difficult to detect by virus scanners.