‘Trojan horse’ programs are also known simply as ‘Trojans’ or ‘backdoor Trojans’. The term refers to the famous episode mentioned in Homer’s Odyssey in which the Greeks concealed themselves in a hollow wooden statue of a horse in order to enter and plunder the gated city of Troy. Electronic Trojan horses are malicious programs, which masquerade as genuine files, such as a picture or interesting document, with the purpose of infiltrating the system and causing malicious damage.
A ‘road apple’ (also a euphemism for horse manure) is essentially a physical Trojan horse. A CD-ROM, floppy disc or perhaps a USB data storage device with an intriguing label is left somewhere that it is certain to be chanced upon. The culprit relies upon the victim’s curiosity to take the media and run it on their computer – road apples often bear such luring titles as ‘Executive Salary Summaries 2007-08’, ‘Investigation Findings’ or simply ‘Strictly Confidential’. With recent reports of government data loss by means of missing CD-ROMs fresh in people’s minds, some inquisitive sorts simply cannot resist taking a look. Unfortunately, the result can be ruinous.
Viruses and Worms
In addition to its own malicious payload, a Trojan’s contents may also include viruses or worms.
A virus is a piece of code that is capable of copying itself and, with metamorphic viruses, can then modify itself and its copies to avoid the pattern recognition of anti-virus software. Viruses attach themselves to programs or files (such as Trojan horses or a document on your computer) and are spread when the program or file is shared (e.g. when someone else opens a Trojan horse or your document).
A worm is also a self-replicating program but it does not need to hitch a ride on a program or file to spread from one computer to another. Worms can use networks to send copies of itself to other computers on the network without any user intervention. When Trojan horses contain viruses or worms or both this is called a ‘blended threat’. The combination of methods of spreading and causing damage means that blended threats can cause damage that is manifold and extremely quick to spread.
File Encryption and Data Corruption
Trojan horses may be programmed to erase or overwrite data as well as encrypt or corrupt files (often in subtle difficult-to-detect ways), which could cause havoc at the practice. It is not until the user tries to open files that they find that documents are now unopenable, unrecognisable or password-locked.
Trojan horses frequently upload and download files onto computers as well as show fake dialogue boxes that say material is being uploaded or downloaded. These may include adware and spyware programs (see below) as well as risque material and other unsolicited material. This can make working impossible, as the user is frequently interrupted by messages that files are being uploaded or downloaded, and the activity also uses up bandwith and hard disk space.
Adware and Spyware
Adware is software from advertising companies that enables pertinent pop-up ads to appear at opportune moments. Spyware is truly unwelcome as it tracks users in the same way as adware but it is downloaded without the user really knowing that it is being installed. The main problem is that the software lurks on a PC and secretly communicates with its originator. This hidden software is often difficult to remove and affects the way the computer operates and, in some instances, causes it to crash or freeze. Details of your computer, keystrokes used, certain passwords, and websites that are visited can easily be transmitted back to the originators or even third parties.
Denial of Service Attacks
This occurs when an arrangement of data is sent to a system and prevents it from working as it should. A Denial of Service (DOS) has as its sole function to interrupt the recipient’s Internet connection and/or network. It works by bombarding a targeted server with requests or messages and completely overloading it, therefore precluding genuine users making legitimate requests.
An extremely worrying notion for the practice is the possibility that anyone from anywhere in the world could log on to the practice’s system. In this scenario there is untold potential for damage and costs to the practice through altering, deleting and copying information on the management system, as well as data theft. Trojan horses that allow criminals to log on to victims’ computers are called RAT horses – Remote Access Trojan horses.
Trojan Horses can take over e-mail accounts to send thousands of spam e-mails to everyone in a person’s address book. Studies have shown that over half of all spam is sent from ‘zombie computers’ – computers which have been compromised by a hacker, virus or Trojan horse.
Anti Virus Software
It should be noted that while antivirus software (like Norton) is appropriate (and essential) for the home PC, it’s not enough to protect the entire practice network. It’s therefore important to either connect only one stand-alone computer (not on the practice network) to the Internet – not ideal if more than one member of the team wants to go online at once – or to make use of a managed and professional service to connect to the World Wide Web.
Also, it is crucial that staff are aware that they should never open unsolicited e-mail, visit dubious websites or run files from unknown external media. As always, prevention is definitely better than cure!