Trojan Definition

A trojan, or trojan horse, is a type of malware (i.e., malicious software) that is disguised as legitimate program in order to entice users to download and install it. In contrast to viruses and worms, trojans are not directly self-replicating.

Trojans can be designed to do various harmful things including corrupt files (often in subtle ways), erase data and install other types of malware, such as viruses, worms, spyware and backdoors. A backdoor is any hidden method for obtaining remote access to a computer or other system.

A major tactic used by the creators of trojans is to give them names that make them look necessary, useful and/or interesting to ordinary users. Examples might include security-patch.bin, windows_update.exe, and

The Microsoft Windows operating systems are often configured by default to hide filename extensions from users. Taking advantage of this fact, some trojans have their true extensions masked by including a false extension before the real extension that makes the file appear to be an innocent text or image file rather than an executable (i.e., runnable) program. For example, a trojan might be named Information.doc.exe, and only the Information.doc part would be visible on systems which hide the extensions. Another trick employed by some trojans is to use misleading icons, such as those normally associated with text or image files, to disguise the fact that they are actually executable programs.

Trojans typically enter computers through e-mail attachments, downloaded programs and file-sharing services. But they can also enter by other means. For example, Microsoft Windows systems are vulnerable to trojans that are disguised as image files, particularly those bearing the .wmf extension.

There are several defensive measures that can be taken to minimize the chances of becoming the victim of a trojan, and they are basically the same measures that should be taken to minimize the chances of becoming infected by any type of malware. They include (1) avoiding the downloading of programs about which little is known and little or no reliable information is available, (2) avoiding the opening of unknown and unrequested e-mail attachments, particularly those with extensions such as .bat, .bin, .exe and .zip, (3) avoiding file sharing services, (4) using a separate computer that contains no critical data for use in file sharing, downloading questionable programs and other risky activities and (5) using an operating system that is highly resistant to trojans.

Even if an e-mail attachment is received from a friend, it can still be a trojan. This is because the friend might not be aware that it is trojan because (1) some trojans can appear to users to be useful or interesting programs even after they have been installed and used, and the harmful effects may occur at some later date, (2) the effects might be so subtle that they are never noticed and (3) if there are subsequent computer problems, users might not associate them with the trojan.

Linux and other Unix-like operating systems are relatively resistant to trojans and other malware, if used with normal security precautions, both because they have been designed from the ground up with security in mind and because most malware is targeted at the Microsoft Windows operating systems1. Among the standard security precautions that should be strictly adhered to for Unix-like operating systems (or any other operating systems) are using a firewall, which is usually installed by default, avoiding use of the root (i.e., administrative) account except when absolutely necessary and using secure passwords.

The name trojan is taken from the ancient Greek myth2 about the siege of Troy. The Greeks left a large wooden horse outside the city walls and then appeared to depart in their ships. The Trojans (i.e., the inhabitants of Troy), despite warnings, became convinced that the horse was a gift, and they thus moved it into the city. The horse was actually hollow, and it contained a few Greek soldiers who crept out and opened the city gates at night when the Trojans were sleeping and drunk from their victory celebration. This made it possible for the Greek army, who had only pretended to depart, to enter the city, killing all the men and taking the women and children as slaves.

1Most malware is targeted at the Microsoft Windows operating systems and relatively little is targeted at other operating systems for several reasons. One is that most computers use the Microsoft systems. Another is that computers operating any of the Microsoft Windows systems are far easier for malware to penetrate and infect than are those operating Unix-like operating systems. These two factors mean that any creator of malware can do vastly greater damage if the malware is written for the Microsoft Windows systems than for other operating systems.

2As is sometimes the case with myths, there might be an element of truth to this one. For example, in the 1870s the famed German archaeologist Heinrich Schliemann located what he claimed was Troy at a site near the coast of what is now northwest Turkey on the basis of descriptions in the Iliad and other Greek classics. His excavations confirmed that a great city had indeed existed at the site and that it had been destroyed by some sort of disaster.

Created January 17, 2006.
Copyright © 2006 The Linux Information Project. All Rights Reserved.