In the context of computing and software, a Trojan horse, also known as a trojan, is malware that appears to perform a desirable function but in fact performs undisclosed malicious functions. Therefore, a computer worm or virus may be a Trojan horse. The term is derived from the classical story of the Trojan Horse.
A program named "waterfalls.scr" serves as a simple example of a trojan horse. The author claims it is a free waterfall screensaver. When run, it instead unloads hidden programs, commands, scripts, or any number of commands without the user's knowledge or consent. Malicious Trojan Horse programs are used to circumvent protection systems in effect creating a vulnerable system to allow unauthorized access to the user's computer. Non-malicious Trojan Horse programs are used for managing and forensics.
Some examples of damage are:
Since Trojan horses have a variety of forms, there is no single method to delete them. The simplest responses involve clearing the temporary internet files file and deleting it manually. Normally, anti-virus software is able to detect and remove the trojan automatically. If the antivirus cannot find it, booting the computer from alternate media(cd) may allow an antivirus program to find a trojan and delete it. Updated anti-spyware programs are also efficient against this threat.
Trojans usually consist of two parts, a Client and a Server. The server is run on the victim's machine and listens for connections from a Client used by the attacker.
When the server is run on a machine it will listen on a specific port or multiple ports for connections from a Client. In order for an attacker to connect to the server they must have the IP Address of the computer where the server is being run. Some trojans have the IP Address of the computer they are running on sent to the attacker via email or another form of communication.
Once a connection is made to the server, the client can then send commands to the server; the server will then execute these commands on the victim's machine.
Today, with NAT infrastructure being common, most computers cannot be reached by their external ip address. Therefore many trojans now connect to the computer of the attacker, which has been set up to take the connections, instead of the attacker connecting to the victim. This is called a 'reverse-connect' trojan. Many trojans nowadays also bypass many personal firewall installed on the victims computer (eg. Poison-Ivy).