What Is a Trojan Horse Virus?

In this tutorial, we are going to see What is a Trojan Horse Virus?

A Trojan horse is a computer program that performs malicious operations without the user’s knowledge. The name “Trojan Horse” comes from a legend told in the Iliad (by the writer Homer) about the siege of the city of Troy by the Greeks.

The legend says that the Greeks, unable to penetrate the city’s walls, so decided to give a huge wooden horse as a gift to the city, abandoning the siege.

The Trojans (people of Troy), appreciated this seemingly harmless offering and brought it back to the city walls. However, the horse was full of hidden soldiers who rushed out at nightfall, when the whole city was asleep, to open the gates of the city and give access to the rest of the army…

A Trojan horse (computer) is a program hidden inside another program that executes hidden commands and usually gives access to the computer on which it is executed by opening a backdoor. By extension, it is sometimes called Trojan by analogy with the inhabitants of the city of Troy.

Like a virus, a Trojan horse is a harmful code (program) placed inside a healthy program (imagine a fake file listing command, which destroys files instead of displaying them).

 
A Trojan horse can, for example

• Steal passwords;
• Copy sensitive data;
• Perform any other harmful action;
• etc.

Even worse, such a program can create a deliberate security gap from inside your network to allow access to protected parts of the network to people connecting from outside.

The most common Trojans are programs that open machine ports, meaning that they allow their creator to enter your machine through the network by opening a backdoor. This is why they are usually referred to as backdoor.

A Trojan horse is not necessarily a virus, as its purpose is not to reproduce itself to infect other machines. On the other hand, some viruses can also be Trojans, i.e. spread like a virus and open a port on the infected machines!

Detecting such a program is difficult because it is necessary to detect whether the action of the program (the Trojan horse) is intended by the user or not.
 
 

Symptoms of an infection

A Trojan horse infection usually follows the opening of a contaminated file containing the Trojan horse (see the article on protection against worms) and results in the following symptoms

• Abnormal activity of the modem, network card or disk: data is loaded without any activity from the user;
• Odd mouse reactions;
• Unexpected opening of programs;
• Repeated crashes;

 

Trojan horse principle

The principle of Trojans is generally (and increasingly) to open a port on your machine to allow a hacker to take control of it (for example to steal personal data stored on the disk), the goal of the hacker is first to infect your machine by making you open an infected file containing the Trojan and secondly to access your machine through the port that he opened.

However, in order to be able to penetrate your machine, the hacker usually needs to know its IP address. Thus :

• Either you have a fixed IP address (in case of a company or sometimes individuals connected by cable, etc.) in which case the IP address can be easily recovered
• Or your IP address is dynamic (assigned to each connection), which is the case for modem connections; in which case the hacker must scan IP addresses at random in order to detect IP addresses corresponding to infected machines.

 
 

Protecting yourself against Trojans

To protect yourself from this kind of intrusion, you just need to install a firewall, meaning a program that filters the communications coming in and out of your machine. A firewall allows you to see the communications coming out of your machine (normally initiated by programs you are using) or incoming communications. However, it is not excluded that the firewall detects connections coming from the outside without you being the chosen victim of a hacker. Indeed, it may be tests carried out by your ISP or a hacker randomly scanning a range of IP addresses.

For Windows users, there are very powerful free firewalls:

• ZoneAlarm
• Tiny personal firewall

 

In case of infection

If a program whose origin is unknown to you tries to open a connection, the firewall will ask you for confirmation to initiate the connection. It is important not to allow connections to programs you don’t know because it could be a Trojan horse.

In case of recurrence, it may be useful to check your computer for Trojan infections by using a program that detects and removes them.