Trojan horse software

Trojan horses are a vital tool to ensure direct surveillance over a targeted user or networks. They are sophisticated enough to penetrate common security and encryption measures and therefore able to monitor everything of importance.

Trojan horses are defined as malicious computer programs, which hide from the users they infect or mislead them regarding their true purpose. They generally need to be put in place first, which usually happens through deception and without knowledge of the target. Therefore, many Trojans are actively spread through social channels such as e-mail attachments or casual by drive-by downloads, but can also infect systems via external hard drives.

After the software is implemented, it is usually disguised as a useful program, but actually installs its hidden (malicious) function. One method consists of two parts: the “linker” (or “binder”) connects the second program to any executable host program, without changing its primary functions. If the mentioned host is started, this activates the hidden program as well. It is also possible that the Trojan installs itself remotely, always reprogramming if the PC is restarted.

Once up and running, the Trojan generally works on its own and can’t no longer be deactivated by standard methods. A Trojan horse can have various different purposes; the most common ones are backdoors (that allow the controller to access affected computers) and ransomware. Surveillance software can also play a major role when it comes to monitoring activity, entire networks or general suspects.

Utilisation and application

With the rising importance of the internet and increasing connectivity, the Trojan horse software has grown in relevance. Since more and more work, interaction or trade is done (conducted) online, conventional surveillance might not suffice to fully identify and monitor people of interest. Therefore, Trojans can monitor behaviour on the World Wide Web, get access to private data, bypass encryption or record private messages.

Trojans are frequently used for illegal purposes. Many private hackers abuse them to gain access to vital data, encrypt files for ransom or to spy on others. They can also be applied to manipulate data or even machinery, if connected to the internet.

The software can also be utilised by the government for security and crime prevention. If a Trojan is used by the government (also called “govware”), the purpose is usually focused on spying and intercepting communications of suspects or uncovering criminal and terrorist networks. Within certain legal frameworks (depending on country) this is legally possible and therefore a common practice.

Types and models

Backdoor: This software is specifically designed to enable the programmer to infiltrate the user’s computer, therefore enabling him to operate it entirely from the distance, without the consent of the victim. A less subtle approach, that gains maximum access and possibilities.

Surveillance: Trojans that enable the monitoring of chat-protocols, sensible data or general data transfer of users are also known as “sniffers”. They are usually enabled to copy and transfer entire data sets to the controller without any knowledge of the user.   

Ransomware: Ransomware is another type of malicious software that actively blocks the criminal suspect from accessing and using its data. A criminal network can therefore be perpetually blocked. This can either be done very simple (by just blocking) or in a more complex manner, can encrypt entire files, only making them accessible with further decryption of the controller.  

Target groups

Law enforcement agencies, police, government, security agencies, intelligence services

Requirements and considerations

Modern Trojan horse software generally adopts very quick. Most weak points in browsers and office applications can be exploited on the same day of publication. Even modern virus programs are generally not easy to identify on time.

Interesting facts

The term “Trojan horse” is derived from the ancient Greek mythology, where a wooden horse was used to bypass security guards of the city of Troy. This eventually led to the downfall of the city. Another common intrusive software expression is “virus”, which derives from biology, since the biological virus acts in a similar manner.

For security and espionage operations, the German government uses its own Trojan software, one of which is named after the famous droid from Star Wars “R2D2”.

There exists an entire field of studies dedicated to the use of intrusive software such as Trojan horses and viruses. It is called “Cryptovirology”.

Manufacturers, providers and brands

RCS, Odysseus