System information
Threats to computer security 21
Unlike worms and viruses, trojan programs do not create copies of themselves.
They infect a computer, for example, via an infected e-mail attachment, or
through a web browser when the user visits an “infected” website. Trojan
programs must be launched by the user, and start performing their malicious
actions as they run.
Trojan programs can perform a range of malicious actions. The major functions
of Trojans are blocking, modifying and erasing data, and disrupting the operation
of computers or computer networks. Additionally, Trojan programs can receive
and send files, run them, display messages, access web pages, download and
install programs and restart the infected computer.
Intruders often use "sets" consisting of complementary Trojan programs.
The different types of Trojan programs and their behavior are described in the
table below.
Table 2. Types of trojan programs categorized by behavior on the infected computer
TYPE
NAME
DESCRIPTION
Trojan-
ArcBomb
Trojan programs
- archive bombs
Archives which when unpacked increase
to a size that disrupts the computer's
operation. When you attempt to unpack
the archive, the computer may start
working slowly or “freeze”, and the disk
may be filled with “empty” data. “Archive
bombs” are especially dangerous for file
and mail servers. If an automatic incoming
information processing system is used on
the server, such an “archive bomb” can
stop the server.
Backdoor
Remote
administration
Trojan programs
These programs are considered the most
dangerous among Trojan programs;
function-wise they are similar to off-the-
shelf remote administration programs.
These programs install themselves
without the user's knowledge, and give
the intruder remote management of the
computer.