Before a Trojan horse program can attack, it must first find a way to entice the victim to copy, download, and run it. Since few people knowingly run a malicious program, Trojan horses must disguise themselves as other programs that the victim believes to be harmless (such as games, utilities, or popular applications).
Besides disguising themselves as harmless programs, Trojan horses can also disguise themselves inside a legitimate program, such as Adobe Photoshop or Microsoft Excel. To do this, malicious hackers have created special wrapper or binder programs with names like Saran Wrap, Silk Rope, or The Joiner, which can package any Trojan horse inside another program, thereby reducing the likelihood that someone will discover it. Since most users won't suspect that a program from a large, well-known publisher would contain a Trojan horse, the victim is likely to run the linked program containing the Trojan horse.
Once someone has written a Trojan horse, the next step is to spread it by copying it onto a victim's computer, posting it on a website for others to download, sending it as a file attachment via email, distributing it through IRC and online service chat rooms, or sending it through ICQ and other instant messaging services.
If someone has physical access to your computer, he can simply copy a Trojan horse to your hard disk. If the attacker is particularly skilled, he can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer, such as a corporate log-in screen or a company database program. Not only would such a Trojan horse be more likely to trick its victim, but the Trojan horse could also perform an action specific to that particular computer, such as stealing a company's list of credit card numbers or copying the source code of a game company's unreleased products and posting them on the Internet.
Trojan horses are commonly found on websites that offer free software, such as shareware programs. These communal gathering spots on the Web give Trojan horse writers a degree of anonymity along with the chance of attacking as many random victims as possible. Since website operators rarely have time to thoroughly examine every file posted, an occasional Trojan horse can slip through the checking procedures unnoticed.
Of course, as soon as the website administrator discovers the existence of the Trojan horse, she can delete it to prevent others from downloading it. However, between the time that the Trojan horse was posted and the time the website administrator deletes it, many people could have downloaded the Trojan horse and passed it along to others. So, even though deleting a Trojan horse may be easy, finding and deleting all copies of that Trojan horse will be time-consuming, difficult, and nearly impossible.
Rather than post a Trojan horse to somebody else's website, some people set up their own websites and pretend to offer hacker tools or pornographic files for others to download. Naturally, some of these files will be Trojan horses, so the moment an unwary user downloads and runs them, the programs are free to cause whatever damage their writer intended.
Another common way to spread a Trojan horse is to attach the program file to an email message. To get you to open the file attachment, it may be disguised as a message from a legitimate organization (such as Microsoft or America Online); as a tempting program, such as a hacker tool for gaining illegal access or privileges to a well-known computer; or as a contest announcement, pornographic file, or similar message designed to pique your curiosity.
Many people send Trojan horses to people visiting online chat rooms because they can do so without having to find an email address. The hacker typically strikes up a friendly conversation with a potential victim and then offers to send the person a hacker program or pornographic file. When the victim accepts the file and tries to open it, the Trojan horse attacks.
Hackers also send Trojan horses to people who use an instant messaging service such as ICQ or AOL Instant Messenger. Like email, instant messaging services allow an attacker to send a Trojan horse directly to a particular person, based on the person's instant messaging ID, which is readily available through member directories.