Malware: What are Trojans?
Introduction
The term “Trojan horse” is normally associated with the ancient Greek story of “The Iliad,” so why is there a type of malware called a Trojan horse? This is done on purpose and for good reason. Trojan horse malware acts similar to the story’s wooden horse and has the same intent — to introduce something unexpected under the guise of something else.
This article will detail what Trojan horse malware is, how it infects computers and some of the most commonly seen Trojan horse malware today. Those still in the dark about Trojan horses will soon find the illumination the are seeking.
Trojan horse?
Homer’s “The Iliad” described the Trojan War of the eastern Mediterranean in the 12th century B.C. In this epic poem, the Greek city-states went to war with Troy in response to the kidnapping of the beautiful Helen. In a successful ploy to breach the impregnable city wall of Troy, the Greeks gave the Trojans a gift of a massive, hollow horse made of wood. This horse was filled with Greek soldiers and once nightfall came, the soldiers poured out and put Troy to the sword.
But enough with the history lesson. Much like the ancient Trojan horse, modern Trojan horse malware uses the same tactic the Greeks used. It tricks users into thinking that it is legitimate software and it may very well look that way even to trained eyes. Once downloaded, opened and executed on a computer, the Trojan horse becomes activated. And much like the Greek soldiers in the horse, the creators of the Trojan horse will have inside access to your computer.
It should be noted that while some claim that Trojan horses are viruses, they are really their own classification of malware. Without getting into too many specifics here, viruses reproduce once within a computer and Trojan horses do not. This fundamental difference alone makes Trojan horses stand apart from standard computer viruses.
What can Trojan horses do?
There is no set list of actions Trojan horses can do. In reality, it depends on what the Trojan’s creators have programmed it to do. It has been said that Trojan horses can be like the Swiss Army knife of hacking. That being said, some of the more common actions Trojan horses can do include:
- Deleting information
- Modifying information
- Copying information
- Stealing information
- Blocking information
- Gain backdoor access to systems
- Request administrator privileges (and they are often granted)
How do you become infected?
Trojan horses can infect computers in different ways. However, two general methods of infection have been documented by researchers — by hiding within a piece of software and through phishing.
Software method
The software method refers to Trojan horses being attached to a software download, often found online. A popular choice to hide within is freeware and shareware games. Have you ever noticed how many extra pieces of software and apps install themselves when you just wanted to help yourself to a free game download? Remember the old adage — there is no such thing as a free lunch.
Phishing
The phishing method refers to when Trojan horses are installed from downloading a file from an email that has held itself out to be a trusted source. These sources are often a coworker or client.
This method has changed over time, and Trojan horses are now most often in Microsoft Office and PDF files to get around the fact that most have been trained to not download and install executable files from unknown or random sources.
Types of Trojans
Attackers are not at a loss for a lack of different types of Trojan horses — there are about as many different kinds of Trojan horses as there are Greek islands. Thinking about Trojan horses is easier when you can separate them into different groups based upon their type, and in this case there are two different groups — by method and by goal.
By method
This categorization is intended for Trojans that are named for how they infect computers. Some examples of these Trojan horses are:
- Backdoor Trojans: Once executed, this type of Trojan horse opens holes in the infected computer’s security that other attacks and attackers can use to gain access
- Downloader Trojans: This type takes the liberty to download malicious code, often from a hacker website, to better gain control of your computer
- Rootkit Trojans: Rootkit Trojans install a rootkit that other attackers can exploit to gain access to your computer
- Exploit Trojans: This type is based upon the vulnerabilities within the target computer and contains code or data that takes advantage of this perceived opportunity
By goal
This categorization refers to Trojans that are known for what their goal is once inside an infected system. Some examples include:
- Ransomware Trojans: Deploy ransomware when executed, meaning that your files will likely be encrypted and to get them back you will have to pay a Bitcoin ransom
- DDoS Trojans: This type takes over your computer and uses it to launch DDoS attacks against other victims
- Trojan-Dropper: Droppers use Trojan-FakeAV programs to copy antivirus software activity and then hit the user with notifications of a threat that does not exist with the goal of extorting money from the user
- Trojan-Banker: The purpose of this type is to steal banking account information, including credit and debit cards
Conclusion
Much like the original Trojan horse, Trojan horse malware is deceptive and dangerous. Relying on trickery to get within a user’s computer, Trojan horses threaten literally all the information a computer contains, including banking account information.
By watching out for freeware downloads and not trusting phishing emails/not opening suspicious email attachments, you will be safer than the ancient city of Troy.
Become a certified reverse engineer!
Sources
- Exam Pass Guarantee
- Live expert instruction
- Hands-on labs
- CREA exam voucher
In this Series
- Malware: What are Trojans?
- How AsyncRAT is escaping security defenses
- Chrome extensions used to steal users' secrets
- Luna ransomware encrypts Windows, Linux and ESXi systems
- Bahamut Android malware and its new features
- LockBit 3.0 ransomware analysis
- AstraLocker releases the ransomware decryptors
- Analysis of Nokoyawa ransomware
- Goodwill ransomware group is propagating unusual demands to get the decryption key
- Dangerous IoT EnemyBot botnet is now attacking other targets
- Fileless malware uses event logger to hide malware
- Nerbian RAT Using COVID-19 templates
- Popular evasion techniques in the malware landscape
- Sunnyday ransomware analysis
- 9 online tools for malware analysis
- Blackguard malware analysis
- Behind Conti: Leaks reveal inner workings of ransomware group
- ZLoader: What it is, how it works and how to prevent it | Malware spotlight [2022 update]
- WhisperGate: A destructive malware to destroy Ukraine computer systems
- Electron Bot Malware is disseminated via Microsoft's Official Store and is capable of controlling social media apps
- SockDetour: the backdoor impacting U.S. defense contractors
- HermeticWiper malware used against Ukraine
- MyloBot 2022: A botnet that only sends extortion emails
- Mars Stealer malware analysis
- How to remove ransomware: Best free decryption tools and resources
- Purple Fox rootkit and how it has been disseminated in the wild
- Deadbolt ransomware: The real weapon against IoT devices
- Log4j - the remote code execution vulnerability that stopped the world
- Rook ransomware analysis
- Modus operandi of BlackByte ransomware
- Emotet malware returns
- Mekotio banker trojan returns with new TTP
- Android malware BrazKing returns
- Malware instrumentation with Frida
- Malware analysis arsenal: Top 15 tools
- Redline stealer malware: Full analysis
- A full analysis of the BlackMatter ransomware
- A full analysis of Horus Eyes RAT
- REvil ransomware: Lessons learned from a major supply chain attack
- Pingback malware: How it works and how to prevent it
- Android malware worm auto-spreads via WhatsApp messages
- Malware analysis: Ragnarok ransomware
- Taidoor malware: what it is, how it works and how to prevent it | malware spotlight
- SUNBURST backdoor malware: What it is, how it works, and how to prevent it | Malware spotlight
- ZHtrap botnet: How it works and how to prevent it
- DearCry ransomware: How it works and how to prevent it
- How criminals are using Windows Background Intelligent Transfer Service
- How the Javali trojan weaponizes Avira antivirus
- HelloKitty: The ransomware affecting CD Projekt Red and Cyberpunk 2077
- DreamBus Botnet: An analysis
- Kobalos malware: A complex Linux threat
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Malware analysis
Malware analysis
Malware analysis
Malware analysis