Is it a Trojan or a Trojan horse?

Trojan horse. Image copyright (c) Sophos

Katherine in our marketing department wandered over to my desk yesterday.  She’s the house-style guru, and has been busy wrestling some random words I shoved together into a form suitable for a security threat report that we will be issuing next week.

Katherine knows everything there is to know about semi-colons but were too afraid to ask.  She’s also the person who can stop anyone dead at twenty paces if they try and argue that the possessive of “Sophos” is


Sign up to our free newsletter.
Security news, advice, and tips.

rather than


Because Katherine knows best.   Okay, so now you know who Katherine is.

So, Katherine sauntered over to my desk yesterday and asked me about a few paragraphs I had written, and asked if there was a particular reason why I kept referring to “Trojan horses” rather than the (apparent) Sophos house-style of just saying “Trojans”.

Maybe I’m just old school, but I remember the days of The Dirty Dozen Trojan Horse list of the late 1980s and early 90s compiled by Tom Sirianni, and posted on many BBSes at the time.  I’ve just always thought it’s right to call malicious non-replicating programs “Trojan horses” (with a capital ‘T’), in homage to the wooden horse that the Greeks left on the doorstep all those years ago.

As I explained to Katherine, it just seems wrong to me to call them simply “Trojans” or “trojans”, with no mention of the particular odd-toed ungulate mammals. 

Think about it, if you were a Trojan – and I mean, a person from the great city of Troy – wouldn’t you be a bit miffed that the name of the place that captivated the imagination of Homer and Virgil, and inspired stories of Helen, the legendary beauty whose “face launched a thousand ships and burnt the topless towers of Ilium”, was now used just to denote malware?

Wouldn’t you get a bit heated if all that anyone ever remembered your civilisation for was that one time you partied too hard and didn’t think twice before wheeling a big wooden horse into your gaff?  

I just think, poor old people of Troy – to be associated so tightly with the reason for their downfall.  Wouldn’t it be kinder on their memory not to put salt on the wound by classifying a subspecies of malware as “Trojan”, and refer to them as those beastly “Trojan horses” instead?  In fact, wouldn’t it be more accurate to call them “Greek horses” as they were the guys who made it, and hid inside with long steely knives?

So that’s why I tend to write “Trojan horses” rather than “Trojans”.  I think it’s less offensive to the people of Troy, and doesn’t cheapen their memory.

Unfortunately, I’m not sure Katherine necessarily cares as much as me.  When you read the new edition of our threat report next week, expect to see lots of references to Trojans.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.