Trojan Horses (Logical Bombs)

Trojan horses are programs, doing some kind of harm, that is depending on some circumstances or with each execution destroying information on disks, crashing the system, etc.

Most part of the Trojan horses are programs, which “imitate” some other useful programs, new versions of popular utility software or software updates for them. Very often they are being sent to BBS stations or Usenet groups. In comparison with viruses Trojan horses are not widely spread. The reasons of this are quite simple – they either destroy themselves together with the rest of the data on disks, or unmask their presence and are deleted by victimized users.

Virus “droppers” may also be considered Trojan horses. There are the files infected in such way, that known anti- viruses do not determine virus presence in the file. For example a file is encrypted in some special way or packed by an rarely used archiver, preventing anti- virus from “seeing” the infection.

Hoaxes are also worth mentioning. These are programs not doing any direct harm to computers, but displaying messages falsely stating that this harm has already been done, or will be done under some circumstances, or warn user about sotome kind of nonexistent danger. Hoaxes are for example, programs which “scare” user with messages about disk formatting ( although actually no formatting takes place), detect viruses in not infected files, display strange virus like messages (CMD640X disk driver from some commercial software package) etc.- it depends on the sense of humor of the author of such program. Apparently the string “CHOLEEPA” in the second sector of Seagate hard disks is also a hoax.

 

Backdoors (remote administration hacker’s tools)

The programs that are classified as “backdoors” are network administration utilities that allows to control remove computers on the network, and they are similar to commercial network administration packages that are developed and distributed by software companies.

The only feature makes this utilities to be classified as malicious (Trojan) software – the silent installing and execution. When such program runs, it installs itself into the system and then monitors it without any requests or messages. If you already have it installed on the computer, you cannot find this application in task list in most of cases. The most of known backdoor Trojans also do not manifest their activity in any way.

Being installed on the computer the backdoors may do everything their author had embedded into their “feature list”: send/receive files to/from affected computer, execute/delete/rename files there, display message boxes, hook keyboard input, etc. As a result the backdoors are able to monitor almost everything on affected computers, steal data from them, upload and run viruses on the remote PC, erase information there, etc.