Instead of a movie, users were presented with a SubSeven download, which when installed would provide a number of remote access capabilities. Bradley promptly notified the ISPs hosting the site, putting an end to the Trojan distribution.
SubSeven, a Remote Access Trojan or RAT, provides access to anyone with the client version of the same Trojan. SubSeven variants often advertise their availability via IRC, ICQ, and even email, letting the Trojan author know that victims are online. Antivirus software is able to detect and remove such Trojans, though it is important to keep signature files updated as new variants are often introduced.
IRC makes a particularly attractive target for infecting users, as files can be automatically pushed to users joining channels. Combined with social engineering such as in the McVeigh exploit, users can be lured into opening Trojan attachments in email as well.
Trojans are not limited to harm on the infected user's machine. Certain types of Trojans can be planted on victim's machines, which are in turn used to launch Denial of Service (DoS) attacks against others. For example, the Feb 2000 attacks against Ebay, CNN, ZDNet and Yahoo involved Trojans used for such a purpose.
Firewall protection that includes both inbound and outbound connection monitoring provides the best defense against Trojans, provided it is used properly.
