Trojan

Trojans Directory

A Trojan disguises itself as a useful computer program and induces users to install it. Its source can be a dubious website, mail attachment, peer-to-peer sharing software, chat software, and the list goes on.


Trojans: Hidden Malware and Backdoors

If you’re familiar with the story of Troy and how the Greek’s entered the city with a Trojan Horse, you’ll quickly understand the concept behind trojan malware. Trojans have been around for over a decade. Just like a Trojan Horse, they look like harmless programs until they are able to gain access to your computer. Trojans are one of the most dangerous of all malware, because they give hackers access to your machine and private data.


Trojan

Trojan History

Trojans are much more complex than an average virus, so they don’t have the long history like a virus. Trojans became more popular as users had access to the Internet, because they need a network connection to send files to a hacker or to allow remote control.

Two of the most notable trojans were created in the 1990s to demonstrate the security flaws in Windows operating systems, particularly Windows 95 and 98. Back Orifice was introduced during a hacker convention named DEF CON. The malware was one of the first client-server applications that installed silently on a system and let a remote user control the system over the network.

Sub7 is another famous trojan from the 1990s. Although the application hasn’t been maintained since 2004, it was compatible with the Windows operating systems including Windows 8.1. Similar to Back Orifice, Sub7 had a graphical user interface that allowed an attacker to take complete control of any infected machine from the hacker’s local computer.


Door Icon

How Trojans Work

Several trojans have been created throughout the years. While popular antivirus software attempts to detect them, they are difficult to identify when hackers continue to change the software’s fingerprint.

The most common trojan is the backdoor. In the same way trojans in the 1990s were able to take control of a computer, current trojans give virus creators the ability to take control of a PC’s resources without the owner ever noticing. The exploit is referred to as a “backdoor.” They attempt to hide from malware protection software, so users aren’t able to detect strange services running on the machine even if they browse Task Manager for a list of suspicious processes.

With complete control of the PC, the hacker can send files, delete files, reboot the PC or display information to the owner. Most hackers attempt to have control of several machines at a time. When a hacker has control of hundreds of PCs, they are often referred to as zombie PCs or botnets. Botnets give hackers access to an army of PCs that they can later use to attack servers or large corporations. Trojans allow the hacker to perform attacks from the zombie machines, which creates a tremendous amount of traffic on the target victim’s server resources. Collectively, hackers can crash big corporation web servers and disrupt service.

Part of a successful trojan is hiding from malware intrusion detection systems. Rootkits are a type of trojan that offer protection against detection. Rootkits create vulnerabilities by allowing hackers to install malware remotely without detection.

With a rootkit installed, client computers are much more vulnerable to exploits. Rootkits disable detection, so just browsing the Internet can allow a remote hacker to gain access to the PC and install even more malware.

Overall, what makes trojans dangerous is their ability to give hackers access to a machine either by adding more malware or remotely controlling the desktop. Hackers have access to everything on the PC, so identity theft is also an issue. If they are able to install other malware, they can steal passwords and private information such as credit card numbers.

Trojans come in several other flavors. Some trojans act like they are an upgrade to an existing application, but they actually leave a system vulnerable. There are even trojans that pretend to be antivirus applications, but they open vulnerabilities instead. For this reason, never download and install files from an unofficial source. Always use the official source to upgrade or install applications.

Here are a few other various trojan types:

  • Trojan-Ransom: this trojan hijacks files and requires you to pay a ransom before the files are unlocked
  • Trojan-SMS: these trojans send text messages to international numbers that cost you money
  • Trojan-GameThief: these trojans steal gaming information, so the hacker can sell online currency
  • Trojan-Mailfinder: this trojan steals your contact email addresses, and sometimes uses them to send malware to friends and family

How to Protect Yourself from Trojan Malware

Firewall Icon

While most malware just requires antivirus, the biggest protection against trojans is a firewall. Windows has a firewall installed, and firewalls on a router can also help defend against these attacks. Firewalls let you set rules for incoming and outgoing traffic. This means that if the hacker attempts to connect to the computer through your router, either the router or the Windows Firewall application blocks the incoming connection.

In the same way firewalls block incoming traffic, outbound connections can also be blocked. Some trojan malware send files and other data to the hacker. If you block this traffic at the firewall level, you’ll receive an alert that your computer is trying to connect to a blocked port. For instance, the hacker might attempt to upload private files to an FTP server. FTP uses port 21. If your firewall blocks port 21, you receive an alert when the computer attempts to send files without your knowledge. The transmission is blocked, and your private information is protected.

Antivirus software also detects most trojan malware. However, hackers continue to create new trojans as well as install rootkits on machines to give them open access to your system. Always keep your antivirus software definition files up to date. These files are used to detect a trojan’s fingerprint and stop it from infecting your machine.

Finally, to avoid trojans, only download software from the official website of the developer. For instance, a common tactic is to create a popup that tells you Flash must be updated. Adobe Flash can be updated by downloading the executables from the official Adobe website. The popup takes you to a third-party site where you can download an executable. This executable contains malware. Most malware creators give you an executable that looks like the real deal, but it is in fact packaged with any amount of malware including trojans.


Removing Trojans

Trojans are usually embedded into the system, so end users should download their latest antivirus software to clean the machine. Most users won’t be able to manually remove trojans, because it requires edits to the system registry and possibly booting into safe mode.

Instead of manually removing them, download the latest definition files for your antivirus, and run a thorough check on the machine. This is probably the safest and most reliable way to remove a trojan.

© Solvusoft Corporation 2011-2023. All Rights Reserved.