2 Viruses, worms and Trojans

2.3 Trojans

The term Trojan comes from the Greek legend about the fall of the city of Troy. The story goes that, during the seige of the city by the Greeks, a huge, hollow wooden horse was left in front of the gates. The inhabitants thought that it was a peace offering from the Greek army and dragged it into the city. Unknown to them, it was being used to conceal Greek soldiers, who were thus able to use this Trojan horse to enter the city and open the gates for the rest of their army.

A cartoon showing a computer on whose screen is a picture of a wooden horse labelled ‘A gift from the Gods!! www.gods.com Click here!’ A voice from off-stage says ‘Hmmm,,, maybe not!'

Figure 3: A cartoon showing a computer on whose screen is a picture of a wooden horse.

The Trojan program uses the same tactics to infiltrate a host computer. It purports to be a legitimate program, but in the background it is doing something else. It may be opening a ‘back door’ for a hacker to gain entry, or deleting files, or using a mail program to pass itself on to other computers.

For example, the Happy99 Trojan was very active at the end of 1999 and in 2000-2001. In fact, it is still seen occasionally.

A screen dump showing a window titled ‘Happy New Year 1999 !!’. The window is black; white dots make a firework pattern.

Figure 4: A screen dump showing a window titled ‘Happy New Year 1999 !!’. The window is black; white dots make a firework pattern.

Happy99 (which is sometimes called Win95/Happy99.Worm, SKA or Win32.SKA.A) arrives as an attachment to an email message. When the recipient opens the file the message ‘Happy New Year 1999!!' and a fireworks graphic are displayed.

All this sounds quite harmless, but the Trojan is also doing things that the user can't see. It modifies your computer's network software so that Happy99 is attached to all outgoing email messages.

Last modified: Thursday, 2 August 2012, 12:30 PM