Trojan horse malware, often shortened to a “trojan”, is a particularly nasty type of malicious software that can cause considerable damage to your charity if it gets onto your computer systems. That’s because a trojan can empty your charity’s bank accounts, enable ransomware to infect your computers, and steal, modify, or delete data about your constituents.
Why is it called a trojan?
In the ancient myth, the Greeks were able to penetrate the city of Troy’s defences by giving the citizens a huge wooden horse which was brought inside the city’s walls. Unbeknownst to the Trojans, Greek warriors were hidden inside the horse. When the Trojans brought their gift into the city they unwittingly brought in their enemies as well, and this was their undoing.
A trojan is so-called because it hides inside something – often a document or a seemingly useful program – that an unsuspecting victim downloads on to their computer. Once it is on the computer, the trojan malware can activate and cause whatever damage it is designed to do.
How do trojans work?
A classic example of how a criminal may try to smuggle a trojan on to one of your charity’s computers is by taking a well-known and useful program, such as a photo editor or a document viewer, and then adding their malicious trojan software to the program. If you download a copy of the program that has been modified in this way, your machine will be infected with the trojan.
In some cases, the host program still functions normally, so you will have no idea that your computer has been infected with a trojan. In other cases, the host program does not work at all, but by time the you discover the trojan will be inside your computer.
Another example is a trojan either hidden in a spreadsheet or document, or simply posing as one of these types of file. A criminal may email you a document which purports to be an invoice, but when you open the document the trojan is activated and runs.
Alternatively, the criminal may simply make the trojan look like a document or spreadsheet by giving it a deceptive name ending in “doc” or “xls”. If you have not configured your computer to display filename extensions then you would not be able to see that “invoice.doc” is actually “invoice.doc.exe”, where the “.exe” suffix shows that the file is actually a (malicious) program rather than a Word document.
What’s the difference between a trojan and a virus?
Viruses, along with worms and many other types of malware, are designed to spread by replicating and infecting more computers that they come into contact with. By contrast, trojans tend to remain hidden without self-replicating.
But that’s not to say that trojans isolate themselves from the rest of the world.
Most trojans use the internet to pass information from infected machines to their criminal masters. They may also update themselves over the internet, for example to evade detection by anti-virus software, or receive new instructions or capabilities from a command and control server run by the criminals.