A Trojan horse is a type of hidden program that masquerades as something harmless but actually has the potential to cause serious damage. It does this by luring unsuspecting or uninformed users into executing it without realizing they are doing so and exposing their systems and personal data to hackers.
This blog post is going to be about some of the basic types of Trojans and how people can protect themselves from them, such as antivirus software, firewalls, anti-keyloggers, multi-factor authentication, and many more.
Trojan Horse
Trojans are named after the Trojan horse, a giant wooden horse that was left on the shores of Troy by the Greeks in order to allow them to sneak into the city and conquer it. Today, a Trojan horse is any program that appears harmless but, in reality, can perform malicious functions.
There are three main types of Trojans:
Backdoor
First, let’s look at backdoor Trojans. These Trojans (like the name suggests) grant unauthorized access to a computer system and, like worms, spread from one computer to another. They have been around for a long time under various names such as Netbus and SubSeven, but they have been improved in recent years.
RATs
Next is remote access Trojans or RATs, which grant unauthorized remote access to a computer. In this case, the perpetrator downloads the software onto a victim’s system and creates a backdoor in order to remotely control it.
Phishing
Then we have the Trojan horse, which is often disguised as a legitimate program. People often give away their credit card details to these Trojans, and millions of people fall victim to them every year.
For example, tax software is often downloaded and installed on people’s computers by criminals who then use it to steal their credit card information and other personal information.
Gone are the days where Trojans were limited to being hidden files on a computer. They are now being installed silently on computers without any warnings.
These new Trojans can perform many malicious functions, such as installing keyloggers, screen-capture tools, password crackers, and much more.
Trojans can be attached to spam email messages, or they can be downloaded by browsing sites that appear legitimate but actually contain malware instead of the advertised content (such as the fake Spotify download page below).
Once installed, the Trojans will remain undetected on the computer indefinitely unless the user performs a filesystem check or it is detected by an anti-malware program.
Trojans are now being used to perform all forms of cybercrime, from stealing financial information to infecting computers with ransomware. According to Kaspersky Lab, they are used by malicious cybercriminals to steal sensitive data, attack the victims’ online investment portfolios, and even withdraw stolen funds wirelessly from ATMs.
One of the best ways to protect themselves is to run anti-malware software and use an updated firewall. It is also advisable that you always install security programs and patches when they become available and never open emails or downloads from unknown sources.
It is so easy to fall victim to a Trojan horse, so remember the golden rule: If you don’t recognize an app, don’t install it. Or if it’s too good to be true, then it probably is.
Famous Trojan Horse Virus
Docu.zip
Most Internet users will be familiar with the ‘docu.zip’ virus that has entered the public domain, having previously been released by the infamous hacker group 0x0D.
This Trojan was distributed via email messages which appeared to be an invoice for work to be done on somebody’s computer.
The attachment contained what seemed like a WORD document with macros (a piece of software that allows users to run scripts, or programs, on their computers).
Once the document was opened, the virus became active, and it revealed a hidden EXE file in order to install additional malware on a victim’s computer.
In the meantime, the WORD file itself had been used to send out thousands of spam messages from [email protected] [email protected] [email protected], which appeared to be from a law firm seeking potential clients, but were actually spreading a Trojan horse.
The EXE file installed a password stealer program that could log into any website that allowed it access. Fortunately, this was discovered and deactivated before it could spread further.
Kaspersky Lab’s case
Another example of a Trojan horse is the one downloaded onto computer systems in Kaspersky Lab’s internal network in 2011-12.
The malware was distributed through a fake Adobe Flash update, and after installation, it installed a keystroke logger, which recorded all keyboard presses on a victim’s PC, including password information for various websites.
The Trojan was written in .NET, which is a type of programming language that can be used to create websites, desktop applications, mobile apps, Windows services, web services, and more.
This means it could easily be distributed via legitimate websites or social networks. For example, in order to download the phony Flash update on my PC, I only had to go to my Gmail account and click on a link. The malware was spread globally through Kaspersky Lab’s offices and partner companies’ networks.
This was very clever malware that combined several malicious functions. It had some similarities with the infamous Stuxnet worm; both were used to attack industrial systems (although Stuxnet’s target was Iran’s nuclear power plant).
But unlike Stuxnet, this Trojan also installed a backdoor that allowed an attacker to control any computer on the internal network, even if they did not have administrator privileges.
Trojan Virus Removal
Kaspersky Lab offers a Trojan virus removal service that comprehensively removes malicious software from any computer, even when it has been infected by a Trojan program.
Kaspersky Rescue Disk provides an offline attack prevention tool, which can prevent infection when you are not connected to the Internet (either because you are at home and your network is protected, or you are using public Wi-Fi hotspot). It will automatically check for infections and remove them.
Most Famous Trojan Horse Attack
Stuxnet is by far the most famous example of Trojans being used in cyberwarfare.
The worm was discovered in 2010 on computers in Iran. It had apparently been specially designed to attack industrial systems, which is why it was referred to as “targeted malware.”
Stuxnet was designed to target systems that controlled nuclear plants and missile silos. The worm was designed to target systems that would normally be extremely difficult for hackers to penetrate, even with the best hacking tools at their disposal. The target was a very specific system with a highly customized control program. As a result, the worm would only work with this specific piece of hardware and software.
How To Prevent Trojan Horse
Below are important steps you can take to prevent being infected by the Trojan horse virus.
Enable Windows Update. You can do this in two ways. One is by using the Windows Update section in Control Panel. Click on Settings, then select Change Setting, and you will be able to choose how to install updates, which might include important security patches that could protect your computer from Trojan horses.
The second is by using the Windows Update control panel, which appears in the System and Security section on the left-hand side of the Windows 8 taskbar. Click on Check for Updates, and your system will check for available patches and, if any exist, download them to your computer.
Install applications only from trusted sources. If you don’t know where an application comes from or who developed it, or if there is no legitimate-looking website attached to it, do not install it on your computer.
Keep your operating system and browser up-to-date. This will help you to protect yourself against any online threats, including Trojans.
Create a virus-free workstation. This is a crucial step in keeping your computer safe from malware infections. Your entire workstation should be kept free of viruses, spyware, and any other unwanted pests which could compromise your system and thus risk compromising your security by turning it into a Trojan horse.
Install the Kaspersky Virus Removal Tool on your computer. This will remove all malicious software from your computer, including Trojans.
Install a personal firewall on your computer. This will block any attempts to connect to your computer from the outside without your permission; this can help prevent malicious programs from sneaking onto your machine.
Keep your antivirus software up-to-date, and always run a full scan of your hard drive.
