What is a Trojan Horse?
Like the giant, hollow wooden horse used against the ancient city of Troy, Trojan Horse viruses sit harmlessly outside of your computer’s walls until they are invited in. Disguised as useful applications or as attachments sent by a colleague, the malware deploys stealthily in the background once a user downloads and opens it. Afterwards, the trojan horse unloads its malicious payload and gives cyber criminals access to your computer system.
This article will explore the type of malware known as Trojan Horses, examine how they get onto your computer, look at the damage they can cause, and offer advice on how to avoid them altogether and remove them if you’re already infected!
History of the Trojan Horse
Trojan Horses have a long history that dates back to the early days of the internet. However, their roots can be traced even further back to the inception of the computer age. After the mythological use of the Trojan Horse by the Achaean Greeks, the term ‘Trojan Horse’ has found use in a military context to describe a deceptive strategy used to infiltrate enemy lines. This concept was translated to the digital world, with the first instances of digital Trojans appearing in the 1970s. During this era, Trojans were mostly confined to research labs and were often regarded as more of a theoretical threat.
The first widely recognized Trojan, known as the “PC-Write Trojan,” appeared in the late 1980s. The PC-Write Trojan masqueraded as a free version of a popular word processing software. Users, lured by the prospect of free software, unknowingly installed the trojan, which then performed malicious activities.
How Do Trojans Work?
While some types of computer viruses, like worms, actively try to infiltrate your computer, trojan horses rely on social engineering to gain access to your computer. The trojans disguise themselves as a legitimate program, a collection of photos from a friend, or a compressed folder from a coworker. Unwary computer users then download and execute the file.
The file may or may not work correctly, but all the while in the background malicious code is at work. Once installed, a Trojan can help attackers perform various cybercrimes such as stealing sensitive information, creating a backdoor for hackers, or causing system damage.
Common Types of Trojan Malware
Trojans come in various forms, each with their own specific purpose and method of operation. Most commonly, Trojans are hybrids and use a combination of tactics to exploit your computer.
Downloader Trojan
Downloader trojans are designed to download and install new versions of malicious programs onto the victim’s computer without their knowledge. This lets the initial program appear quite small, as the bulk of the payload is downloaded silently in the background.
Backdoor Trojan
Also known as remote access trojans, these create a “backdoor” into a user’s system, allowing the attacker unrestricted access to the compromised computer. Using the backdoor, attackers can delete or modify files, monitor keystrokes and record passwords, and install other malicious software as they desire.
Distributed Denial of Service (DDoS)
DDoS Trojans can take control of the infected system and use it to launch denial of service attacks against other networks or websites. This type of Trojan is a subtype of ‘botnet’ and works by harnessing the collective power of thousands, tens of thousands, or even millions of infected devices.
Game-thief Trojan
Game-thief Trojans are designed to steal account information for online games. Oftentimes this results in significant real-world financial losses, as many games allow for in-game purchases using stored credit cards. The digital assets are then offloaded and re-sold on digital black markets.
There are literally thousands of malicious files targeting big games like Roblox, Minecraft, PUBG, FIFA, and more. Oftentimes these trojans disguise themselves within programs designed to help users cheat or in pirated versions of game software.
Mailfinder Trojan
These Trojans are designed to harvest email addresses from a victim’s computer. The Trojan can then use these email addresses to spread itself – sending emails to your contacts while posing as you!
Your contacts are more likely to open to the attachment, thinking that they are receiving a message from a trusted sender. In this way, the trojan is able to self-replicate and perpetuate the digital infection.
SMS Trojan
Trojans were once limited to PCs, but today mobile devices are equally at risk. Android and Apple iOS devices alike are vulnerable to infection. SMS trojans send unauthorized text messages from the infected smartphones, often resulting in unwanted charges.
Banker Trojan
Banking trojans use keyloggers which are specially designed to steal banking and credit card information. With this information an attacker can clear out your bank account, siphoning away life savings in minutes.
Rootkit Trojan
Unlike other types of trojans, Rootkit Trojans don’t just infect a system – they bury themselves deep within it. Once they gain root access (hence the name), they can alter system settings and change or delete system files. They can also hide their presence by modifying parts of the operating system responsible for detecting malicious activity.
A rootkit trojan’s primary objective is to remain undetected for as long as possible. To achieve this, they employ a variety of sophisticated techniques. These may include cloaking their existence, interfering with antivirus software, and mimicking legitimate system processes.
In some cases, rootkit trojans can install themselves directly to your computer’s motherboard, meaning that even replacing or formatting your harddrive will not be sufficient for removal!
It can be hard to appreciate the scale of these malware-as-a-service (MaaS) businesses – after all, how much demand could there really be for botnets? Well, darkweb customers can now find user reviews for different malware vendors and even receive customer support and help desk services from their botnet provider. In an effort to compete in the growing MaaS market the barrier to entry for inexperienced criminals has fallen to all-time lows.
Examples of Trojan Horses
Trojans have been behind some of the most significant cyberattacks in history. Here are a few notable examples.
Zeus or Zbot
Zeus, also known as Zbot, is a notorious banker trojan that has been used to steal banking information from millions of people worldwide. In addition to stealing banking information, Zbot was able to deploy ransomware, and turn infected devices into members of a botnet which it used to send spam emails and launch DDoS attacks.
While first released in 2007, Zeus is still around, albeit in slightly different forms. Over the years this trojan has infected millions of devices and is responsible for over 100 million dollars in damages.
Tiny Banker
Tiny Banker, also known as Tinba, is a highly streamlined version of Zeus and as its name implies is a banker trojan. It’s renowned for its small size and its ability to sneak past security measures.
Tinba could be as small as 20KB, making it a thousand times smaller than most executable files, and luring victims into a false sense of security.
Rakhni Trojan
The Rakhni Trojan is a particularly dangerous Trojan because it can decide whether to act as ransomware or a cryptojacker, depending on the target’s system configuration. As ransomware, Rakhni encrypts the system’s harddrive and demands a ransom, or as a cryptojacker it hijacks your computer’s resources to mine a cryptocurrency such as Monero.
This trojan is typically spread via infected .PDF files. When users enable editing on the file, the trojan prompts the user to enable permissions to run an executable file. If the user says yes, the trojan delivers an error message saying that the file is corrupt and cannot be opened. Next, Rakhni disables Microsoft Window’s built-in antivirus and firewall and then decides whether it wants to enable ransomware or cryptomining.
Identifying Trojan Malware
Identifying Trojans can be difficult due to their deceptive nature. However, signs such as system slowdowns, unexpected pop-ups, unexplained files or software, and changes in system settings can all be indicators of a Trojan infection.
In many cases, trojans disable antivirus software, making it hard to diagnose or repair infected computers. It is usually best to work with a professional to ensure that the infection is completely removed, as incomplete removal will result in reinfection.
Protecting Against Trojan Horse Attacks
Protection against trojans involves a combination of safe browsing habits, regularly updating software and operating systems, and using reliable security software. It’s also essential to be wary of email attachments, even if they come from seemingly trustworthy sources.
Always scan attachments and downloads with an antivirus before opening it. If a file asks for permissions to enable macros or run executables, do not give it permission unless you are absolutely certain that it is safe and these permissions are necessary for it to work.
Be Wary of Wooden Horses
Trojan Horses, while sneaky and often hard to detect, can generally be avoided by staying informed and vigilant. Treat all attachments with skepticism – in particular from unsolicited or unexpected emails. Only download software from trusted online sources, and keep your computer and antivirus software updated.
If you suspect that your device has been infected, contact a professional computer repair company immediately. Trojans are a serious cybersecurity risk and can allow digital attackers to gain access to your bank account and personal information.