In battle, soldiers use camouflage and stealth to evade detection by their adversaries and gain the upper hand in a conflict. Trojan horses provide a similar kind of cover in the world of computer attacks. From the simple name games we discussed at the start of this chapter to the highly sophisticated Setiri methods of coopting browsers, Trojan horses let bad guys gain access to and operate on your computer systems without your knowledge. Because they can be so effective, we see numerous attacks in the wild using the techniques described throughout this chapter. Indeed, more often than not, attackers use at least some form of Trojan horse subterfuge to hide out.
However, if you look at the Trojan horse techniques described in this chapter, they all rely on adding software to the victim machine to accomplish the attacker's goal. In our discussion so far, the attackers place new programs on the victim machine and disguise them as legitimate code. In the next chapter, we'll move beyond this use of additional disguised programs into the area of RootKits, an even nastier form of Trojan horse. With a RootKit, attackers don't add new programs to your machine. Instead, they replace the existing programs on your box, especially those associated with your operating system. By supplanting your existing programs with malicious code, RootKits are far more insidious than anything we've covered so far. So, go grab a latte, fasten your seatbelt, and get ready for RootKits.