The term Trojan is taken from the wooden horse used by the Greeks to sneak inside the city of Troy and capture it. The first Trojans, which appeared in the late 1980s, masqueraded as innocent programs. Once the unsuspecting user ran the program, the Trojan would deliver its harmful payload. Hence the copy-book definition of a Trojan as a non-replicating program that appears to be legitimate but is designed to carry out some harmful action on the victim computer.

One of the key factors distinguishing Trojans from viruses and worms is that they don’t spread by themselves. In the early days of PC malware, Trojans were relatively uncommon since the author had to find some way of distributing the Trojan manually. The widespread use of the Internet and the development of the Word Wide Web provided an easy mechanism for distributing Trojans far and wide.

Today, Trojans are very common. They typically install silently and carry out their function(s) invisible to the user.

Like viruses and worms, Trojans are often sub-divided into different categories based on their function.

• Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines.
• PSW Trojans steal passwords from victim machines (although some steal other types of information also: IP address, registration details, e-mail client details, and so on).
• Trojan Clickers re-direct victim machines to a specified web site, either to raise the ‘hit-count’ of a site, or for advertising purposes, or to organize a DoS attack on a specified site, or to direct the victim to a web site containing other malicious code.
• Trojan Droppers and Trojan Downloaders install malicious code on a victim machine, either a new malicious program or a new version of some previously installed malware.
• Trojan Proxies function as a proxy server and provide anonymous access to the Internet: they are commonly used by spammers for large-scale distribution of spam e-mail.
• Trojan Spies track user activity, save the information to the user’s hard disk and then forward it to the author or ‘master’ of the Trojan.
• Trojan Notifiers inform the author or ‘master’ that malicious code has been installed on a victim machine and relay information about the IP address, open ports, e-mail address and so on.
• Archive bombs are designed to sabotage anti-virus programs. They take the form of a specially constructed archive file that ‘explodes’ when the archive is opened for scanning by the anti-virus program’s de-compressor. The result is that the machine crashes, slows down or is filled with garbage data.

• About Trojans
• About viruses