Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an email attachment disguised to appear not suspicious, (e.g., a routine form to be filled in), or by clicking on some fake advertisement on social media or anywhere else.
In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not concern the divulging of confidential information. Though it is in the interest of the health of the business to prevent trojan horse, yet it is a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme. It has also been defined as “any act that influences a person to take any action that may or may not be in their best interests.”
Many early infectious programs, including the first internet worm, were written as experiments or pranks. Today, malware is used by both black hat hackers and governments, to steal personal, financial, or business information.
Trojan horse is sometimes used broadly against the government or corporate websites to gather guarded information or to disrupt their operation in general. However, it can also be used against individuals to gain information such as personal identification numbers or details, bank or credit card numbers, and passwords.
Since the rise of widespread broadband internet access, malicious software has more frequently been designed for profit. Since 2003, the majority of widespread viruses and worms have been designed to take control of users’ computers for illicit purposes. Infected zombie computers can be used to send email spam, or to engage in distributed denial of service attacks as a form of extortion.
Programs designed to monitor users’ web browsing, display unsolicited advertisements or redirect affiliate marketing revenues are called spyware. Spyware programs do not spread like viruses; instead, they are generally installed by exploiting security holes.
What is the solution?
Though it is well understood that trojan horse like all the other malware, including computer viruses, worms, ransomware, spyware, adware, rogue software are not always created to damage the business/organizations yet it is desirable to prevent trojan horse for the sound health of the business and effective functioning of the economy.