Trojan horse

In the computer world, a Trojan horse is a malicious computer program which pretends to have some innocent purpose but, when run, has an entirely different effect - one which the programmer (or the packager, distributor, or advertiser) intended and the user didn't expect. The term is derived from the classical myth of the Trojan Horse. A Trojan horse differs from a virus in that it is a stand-alone program; the Trojan does not attach to another program. It differs from a worm in that it does not move from one computer to another on its own. A person must transfer it intentionally, such as by email or by posting it to a download area.

A simple example of a Trojan horse is a program named "SEXY.EXE" that is posted with a promise of "hot pix"; but, when run, it erases all the files it can find and displays the message "arf, arf, I got you!".

On the Microsoft Windows platform, an attacker might attach a Trojan with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan itself is typically a Windows executable program file, usually with a filename extension such as .exe, .scr, .bat, or .pif to let Windows know that it can be executed. Since Windows is configured by default to hide filename extensions from a user, the Trojan horse's extension might be "masked" by giving it a name such as 'Readme.txt.exe' so that the user only sees 'Readme.txt' and thinks it is a harmless text file. When the recipient double-clicks on the attachment, the Trojan might really do what the user expects it to do (like, opening a text file), so as to keep him unaware of its true intentions; meanwhile, however, it secretly modifies or deletes files, changes the configuration of his computer, or even uses his computer as a base from which to attack his or other networks. For example, trojans are often used to set up networks of zombie computers from which DDoS attacks can be launched, or which can be used to send spam.

Some Trojans do not infect other programs and are usually easily deleted, but others are much more dangerous. The MyDoom epidemic in early 2004 was spread by using Trojan-horse attachments in email with a terse message saying that the attachment could not be delivered, making users curious to open it and see what it was. (MyDoom is technically a worm, since it spreads itself to other computers by sending infected email attachments, but it depends on users double-clicking on the attachments to actually infect their computers.)

An early Trojan horse was the 1975 ANIMAL program, a game to identify an animal but which also spread itself to other users on UNIVAC Exec 8 computers