Reader's advisory: Wired News has been unable to confirm some sources for a number of stories written by this author. If you have any information about sources cited in this article, please send an e-mail to sourceinfo[AT]wired.com.
There may be a ghost in your machine -- a hidden program known as a Trojan horse -- that allows a malicious hacker to spy on you, ruin your data and computer and, in extreme cases, wreck your business or your life.
Attackers have used Trojans to surreptitiously observe the users of infected machines over their webcams, and can also listen to conversations transmitted via the infected computer's microphone.
Trojans have also been used to siphon funds out of electronic bank accounts, stalk ex-lovers, spy on business associates and rifle through the contents of hard drives in search of sensitive information.
Viruses, with their sexy names and ability to spread around the globe in a matter of hours, get a lot of media attention. But viruses are usually easy to detect and eradicate. Security experts say that the real threat to system security and users' sanity are the hard-to-spot Trojan programs.
David Kroll of Finjan Software, a firm that develops security applications, calls Trojans the "silent killer."
"Last year there was a bank in California, (that) I cannot identify by name, that was extorted for approximately $500,000 by a hacker who had BackOrifice installed on a vice president's PC. The bank had no idea how this extortionist was getting all this inside information on the bank," Kroll said.
Kroll said the Trojan had slipped through the bank's regular antiviral software scans, and only a manual inspection of the executive team's PCs revealed the Trojan -- despite the fact that BackOrifice is probably the world's most famous Trojan horse program and many antiviral programs claim to be able to identify it.
"The Trojan situation is probably worse than a lot of people know," said Marquis Grove, of Security News Portal, a hacking news site. "There are a lot of infected computers around the world and most of the owners of those machines don't know they are infected."
Unlike viruses, Trojans don't e-mail hundreds of copies of themselves out, nor do they necessarily interfere with a computer's performance. And antiviral programs don't always catch them; therefore, many infected users have no idea their computers harbor a Trojan.
Named after the mythological Trojan horse, which helped Greek soldiers sneak into the city of Troy, computer Trojans are tiny but powerful programs that are hidden inside other programs or files. Trojans typically sneak into systems via booby-trapped screensavers, games, audio files, Web pages or e-mails.
When a user runs the innocent-looking program that he or she has downloaded, or clicks on a link on a malicious website or in an HTML-formatted e-mail, a Trojan program like BackOrifice or SubSeven infects their system.
Within the past week security firms have issued warnings about two Trojans: Y3K Rat 1.6, and W32.Eurosol.
Y3K Rat is a revamped version of an old Trojan, now capable of ruining computer hard drives, breaking through many firewalls and transmitting cached passwords and copies of all activity on an infected computer to the attacker by e-mail.
W32.Eurosol steals users' account information from a WebMoney account, an international banking system that allows those not wanting to expose their credit card numbers, or those who don't have credit, to make purchases online.
"More than 300 users are already in the situation where, in the near future, their accounts in WebMoney could be discovered to have no funds available," said Denis Zenkin, head of corporate communications for Kaspersky Labs. "And the Trojan remains unnoticed on many computers to this very moment."
Jessica Wondkar, a freelance fabric designer, said she would have been happy if her Trojan had only stolen her money.
Wondkar had a Trojan on her computer for seven months. Planted on her system by an ex-boyfriend, the Trojan allowed him to watch Jessica on her webcam and sabotage her business by sending e-mails under her name and intercepting her client's e-mails.
She sent her computer for repairs three times, but the display would still occasionally flash on and off, the contents of her screen sometimes flipped upside down, her CD drive often popped open and she sometimes turned on her machine and found that her desktop wallpaper had been changed.
And then Wondkar's computer started talking to her.
"It would tell me what I was wearing or doing. Sometimes it would act sexy, or sometimes it would threaten me. I cannot even explain how terrifying it was."
Wondkar later learned that her ex-boyfriend was remotely accessing the text-to-speech application on her machine, which allowed him to type in things that the computer would then "speak" to Wondkar.
"He used information from the webcam and e-mails to really spook me, to make it seem almost like there was someone in my house with me," Wondkar said.
Trojans are also used to gather information from target machines by business competitors or nosy employees.
"We had a case last year where a junior employee had installed a remote-access Trojan onto one of the salary departments' machines," said Mikko Hypponen of F-Secure, a security firm. "He then used the Trojan to listen in on all the discussions in that department via the infected computer's microphone. Everyone else thought he was just listening to music with his headsets."
Hypponen said that most antiviral programs are "effective enough" at catching Trojans.
But he also said that Trojans have infected many machines, especially those belonging to people who are fond of downloading audio files, games and pirated software programs -- all typical hiding places for Trojans.
Trojans are sometimes used to launch denial-of-service (DoS) attacks. Malicious hackers can use a collection of Trojan-infected machines to bolster the effects of DoS attacks. Hackers can also hide their location by funneling their attacks through others' computers.
A recent study on DoS attacks conducted by Asta Networks and the University of California at San Diego reported that 12,805 attacks had been launched within a three-week period in April against more than 5,000 targets. The attacks were aimed at large commercial sites such as Amazon and AOL as well as users on private home machines who were connecting to the Internet from a dialup modem.
Frank Huerta, president and CEO of Recourse Technologies, said the Asta study confirmed the widespread danger of DoS attacks and said that users need to protect their machines from Trojan programs.
"Home computers can be taken over to launch attacks at other sites," Huerta said. "If enough home computers are taken over this way, an end site can be taken down. Home computer users need to minimally have a personal firewall. If they have a DSL line, users need to turn it off when not in use."
The best defense is a multi-tiered offense, said Ken Dunham of AtomicTangerine, who recommends using multiple tools, an antiviral program, an anti-Trojan program, and a firewall to reduce the risk of infection.
Removing a Trojan from an infected system is a difficult -- if not almost impossible -- task, said Gerry Freese of security risk assessment firm Vigilinx.
"Trojans often hide multiple copies of themselves in multiple locations, and can be very hard to find and remove completely," Freeze said. "Many times the best or only answer is to go back to a known clean backup or the original installation media and completely delete and reinstall clean copies of all the software."
Wondkar said that her computer's demon was finally exorcised when a tech-savvy client suggested that she might have a Trojan, and advised her to reformat her hard drive and reinstall her operating system and software.
"It was an awful experience to be stalked and spied on. I had never heard of a Trojan before. I thought that hackers just wrote viruses that messed up your e-mail. I didn't know that they were capable of messing up your entire life."
