Forget spyware--"Trojan Horse" programs make the consumer threat posed by unsolicited ad-supported software sound tame by comparison. Named for the gift of surrender that duped the Trojans and won
the war for the Greeks in Homer's Iliad, "Trojan Horse" programs infiltrate consumers' PCs when they download other applications. The programs monitor Internet users' Web behavior and send personal
information back to hackers.
For example, a user downloads what appears to be a benign music or movie file, but clicking on it unleashes a program that erases the computer hard disk; sends credit
card, user name, or password information to a stranger; or lets a hijacker commit denial of service attacks on other networks. Increasingly, hackers are focused on stealing money.
Last week,
Citibank, Barclays Bank, Canadian Imperial Bank of Commerce, and Deutsche Bank, among others, were affected by a Trojan program that installed itself on users' computers. It happened as 'Net users'
viewed a pop-up ad that could read keystrokes and steal passwords when they visited any one of nearly 50 banking sites.
Trojan Horses represent a threat to all operating systems, but "by far
most of the damage is done to Windows users due to its vast popularity and many weaknesses," writes Joseph Lo of IRChelp.org, an information site for the expansive online community, Internet Relay
Chat.
According to Lo, Trojans can be spread "in the guise of literally anything people find desirable," from free downloadable games to movies or songs--even ringtones. Lo writes that victims
typically download Trojans from an archive of WWW or FTP links, via peer-to-peer file exchanges, instant messaging programs, or through email attachments. He noted that one of the first signs of
infection occurs when "others tell you that you are attacking them or trying to infect them."
Often, people confuse terms like "virus," "Trojan Horse," "worm," and "hacking," but they do not mean
the same thing.
"Trojan Horse" is a general term denoting a program that appears harmless but is not. The Asia-Oceanic Electronic Marketplace Association says there are three main types. "Remote
access tools" (RATs) allow hackers to hack into a computer, giving them access to any information stored on it, "key-loggers" save every keystroke made on a computer and send it to hackers, and
"password retrievers" collect passwords and send along password files.
Trojan Horses are executable programs, meaning that the file performs an action once a user opens it. Tom Liston, a
researcher with the SANS Institute Internet Storm Center and author of a report on the financial site threat, wrote that "as the proliferation of ad/spyware shows, installing executable software on a
user's machines is far too easy." He added: "I believe that this particular type of malware represents a huge threat to the online financial industry."
On the web site, IRC's Lo stressed that
consumers be certain of both the source and content of each file they download and to "unhide" the full extension of each file downloaded (Windows by default hides the last extension of a file). He
also warned that consumers not be lulled into a false sense of security just because they run an anti-virus program.
Security experts have long noted the vulnerability of Microsoft's Internet
Explorer, citing flaws in the browser that enable hackers to install malicious programs. The recent financial site infections didn't affect Macintosh versions of Internet Explorer.