Trojan horses are programs that are installed without the knowledge of the user
Trojan horse programs can perform a wide variety of covert talks such as modifying and deleting files, transmitting files to the intruder, installing programs, installing viruses and other Trojan horse programs etc.
A malicious script can be sent and stored by a web developer on a website to be downloaded by an unsuspecting surfer
When this website is accessed by a user, the script is transferred to the local web browser
Ways of acquiring malicious scripts include “following links in web pages, email messages, or newsgroup, using interactive forms on an untrustworthy site, viewing online discussion groups, forums, or other dynamically generated pages where users can post text containing HTML tags” - CERT