Trojan Horses

A Trojan horse is a malware attack that disguises itself as something innocent, such as a computer game, or a YouTube search results page. A recent example of a devastating Trojan horse used an email with a link that supposedly connected the reader to a video of the Saddam Hussein hanging, but instead just infected them with malware. Once installed on a computer, the 'Saddam' Trojan horse then downloaded and installed a keylogger onto the infected computer. This keylogger was used to record every keystroke by a computer’s user, thus stealing financial account information and passwords.

The 'Saddam' Trojan horse is noteworthy only because it was so successful, but the actual methods that it used to infect computer networks are not unique. In fact, Trojans are particularly dangerous because they all appear so innocuous on the surface. Often trojans imbed themselves on a particular website (usually adult, gaming, or gambling), hide in downloaded free software, or, as in the "Saddam" Trojan horse, a person might be infected by clicking on a link sent to them in an email.

A Trojan Horse meets the definition of virus that most people use, in the sense that it attempts to infiltrate a computer without the user’s knowledge or consent. A Trojan horse, similar to its Greek mythological counterpart, often presents itself as one form while it is actually another. A recent example of malware acting as a Trojan horse is the recent e-mail version of the “Swen” virus, which falsely claimed to be a Microsoft update application.

Trojans typically do one of two things: they either destroy or modify data the moment they launch, such as erase a hard drive, or they attempt to ferret out and steal passwords, credit card numbers, and other such confidential information.

Trojan Horses can be a bigger problem than other types of viruses as they are designed to be destructive or disruptive, as opposed to viruses and worms where the coder may not intend to do any harm at all. Essentially this distinction does not matter in the real world. You can lump viruses, Trojans and worms together as "things I don't want on my computer or my network".
Prevention
Because hackers are so creative in coming up with new and different types of Trojan horses, training employees on what to look for will not prevent Trojan horses from infecting your network. Instead, you may want to consider blocking users from downloading freeware, blocking links embedded in emails, and using a whitelist to create a list of approved websites that employees may visit. Because Trojans are much easier to prevent than they are to cure, with an infected computer sometimes requiring a complete reformatting of the hard drive, taking these drastic preventative measures may be warranted for some companies.The methods for dealing with Trojans are generally the same as for those for dealing with viruses. Most virus scanners attempt to deal with some of the common Trojans with varying degrees of success, there are also specific "anti-Trojan" scanners available, and your best weapon is common sense yet again. Score another point for safe computing!