What does the name Trojan Horse imply in way of network security, and what threats do Trojan Horses bring to a network computing system?

First let’s look at history to understand the name “Trojan Horse.” The Trojan War, as you may already know, is the ancient war between the Greeks and the city of Troy that took place during the thirteenth century. The Greeks won the war with Troy because of a very clever and deceptive trick. Greek soldiers pretended to withdraw from the battle, leaving behind a huge wooden horse. Troy, believing that they had won the war, dragged the wooden horse into their city and began to celebrate victory. However, by doing so, they walked right into the trap set by the Greeks. Greek soldiers were actually hiding inside the wooden horse. As they waited patiently inside the horse, the people of Troy celebrated heavily. When the soldiers emerged from the horse during the night, the inebriated citizens of Troy were easily defeated.

In today’s world of computer security, we now use the term “Trojan Horse” to refer to certain malicious software (or “spyware”) programs that are designed to remotely control a computer by a hacker. Much like the ancient Greeks, a hacker will attempt, in every conceivable way, to lure users to unknowingly install the Trojan Horse on their computers.

For example, hackers can start an attack by sending malicious emails inviting the recipient to download and install Trojan Horse programs that actually appear to be useful. Another way hackers lure unsuspecting users is by offering interesting or seemingly practical programs on a site as a free download. Users install these software programs containing malicious code, unknowingly giving the hacker access to their computers.

How Trojan Horses work
A Trojan Horse program works by opening a connection point in your computer (usually a designated TCP port) and waiting for the hacker to remotely connect to this port. Upon a successful connection, the hacker immediately takes control of the victim’s computer, reading and changing data inside the machine, remotely monitoring the user’s activities. Some versions of powerful Trojan Horse software can even monitor the user’s screen in real time, log his or her keyboard strokes, and remotely shut down the machine.

Since some popular Trojan Horse programs will open a well known connection port inside the victim’s computer, an attacker can regularly scan the Internet for computers being “planted” with Trojan Horse looking for opened ports. For example, popular Trojan Horse programs like Netbus uses TCP port 12345 and 12346, and Back Orifice uses 31337. You can always find popular Trojan Horse ports by doing a search on Google using the search phrase “popular ports of Trojan Horse.”

Once found, the hacker can immediately take control of the machine by connecting to these easily recognized ports. This means hackers don’t need to spend time implanting the program to the victim’s machine if someone else has previously introduced the Trojan Horse software to the user’s system.

Trojan Horse programs pose a very great threat to computer security. The user’s naiveté as to its existence gives the attacker further power to intrude on other computers within the same network associated with the victim’s machine. As you can imagine, this can cause problems in catastrophic proportions.

How to Know If Your Computer Has a Trojan Horse
You can find out if your computer is infected by performing a simple audit. Access your command prompt screen and type in the command “netstat –n”. This will show all the open local ports and remote ports.

If you are interested in determining what programs are tied to specific ports, you can use the program fport which is available here:
http://www.foundstone.com/us/resources/proddesc/fport.htm

How to Avoid Trojan Horses
A number of spyware monitoring and removal software programs are available. If you are using Windows XP, perhaps the easiest one you can attain is Windows Defender from Microsoft found here:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Also, the related spyware removal tool from Microsoft can be found here:http://www.microsoft.com/downloads/details.aspx?familyid=AD724AE0
-E72D-4F54-9AB3-75B8EB148356&displaylang=en

In addition to relying on Trojan Horse detection and removal tools, a better way to control problems with spyware is user education. A careful computer user should not casually download programs from unknown sources off the Internet or open email attachments that appear suspicious or unfamiliar.

Failure to follow simple preventative measures such as these can lead to serious security breaches. Remember in 2005, when the Atlanta-based credit card processing company CardSystems Solutions Inc. was hacked? A Trojan Horse program was implanted in the company’s network and it was estimated that the information of more than 40 million credit card customers was leaked as a result of this security incident.1 A class-action suit was then filed in the California Superior Court in San Francisco against CardSystems Solutions Inc, Visa, and MasterCard.2

You certainly don’t want you and your company to be the next victim, do you?

1 Evers, J. (2005) Details emerge on credit card breach, CNET News.com, Available from: http://www.news.com/Details-emerge-on-credit-card-breach/2100-7349_3-5754661.html [Accessed 31 March 2008]

2 Evers, J. (2005) Lawsuit seeks disclosure in credit card heist, CNET News.com, Available from: http://www.news.com/Lawsuit-seeks-disclosure-in-credit-card-heist/2100-7350_3-5765383.html [Accessed 31 March 2008]

Tags: CardSystems Solutions Inc. Spyware