In The Night of the Living Dead, zombies sucked brain matter in a frenzied hunger. In the computer world, Trojans can be used to turn your PC into their own computing matter - effectively turning it into a zombie machine. Once under the control of such an illicit program, the Trojan can be accessed by hackers possessing the master, or server, version of the Trojan. The compromised machines can then be used for any number of things. Some are victimized by benign playfulness: CD-ROM drive bays opening and closing is one such common tactic. In other cases, however, the intent is much more ominous.

Trojans have the same right on the system as does the logged in user. In other words, if the user can, the Trojan can. This includes deleting or modifying files, installing other software, uninstalling software, or sending sensitive password and login information to a remote server.

Computers affected by Trojans can be used to launch attacks against targeted Internet sites. By having thousands of computers accessing the same site at the same moment, the site servers can sometimes become overwhelmed and may no longer be able to process requests. These attacks, referred to as Distributed Denial of Service, or DDoS, attacks, are becoming increasingly common.

Just how do Trojans get on the system? Many are sent via email attachment, masquerading as a legitimate piece of software. When the user executes the attachment, the Trojan installs itself to their system. In most cases, there is no indication this has occured, and the user innocently plays the game before sending it on to the next victim. While email attachments may be the most common, there are dozens of others ruses used. Once installed, the system is referred to as a zombie as it is now under the control of hackers. Often, the hackers publish the list of victims on websites, giving free access to their collection of zombie machines by other ill-intented hackers. Hackers can also use the server portion to scan for compromised machines, now set up to send a greeting of readiness to listening ears.

Protecting against Trojans
Depending on the Trojan, firewall software such as ZoneAlarm is effective in preventing outbound connection attempts by already installed Trojans, and preventing inbound connection attempts by their servers. Think of this as the Trojan attempting to phone home. Since backdoor access and password stealing Trojans operate under the control of a master/server, if communication cannot transpire the opportunity for maliciousness cannot either. However, that's assuming the Trojan is used for backdoor access or password stealing only AND that the damage has not already been done. If the Trojan was designed to delete or modify files, or install/uninstall software, those commands could still be carried without any outside communication. In other words, PREVENTION is the key.

Don't open unanticipated file attachments from unknown sources. If you know the source, double check with them and make sure they intended to send it. Ask them exactly what it is and why you need it. If it is a game or frivilous application, delete it. Save any attachments you do plan to execute and scan with an up-to-date antivirus scanner before you launch it. Use behavior-blocking software to monitor and alert to possible hostile actions by the executed attachment.

Previous Articles