What Is a Trojan Horse in Computer Terms?

What Is a Trojan Horse in Computer Terms?

1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 4.20 out of 5)
Loading...

Explore what trojan horses are — their invasion techniques, the most common types, the damage they cause, and how can you protect your device & organization from trojan attacks

Ever found yourself wondering “what is a trojan horse?” or “what does ‘trojan horse’ mean when it comes to computers?” You’re not alone. In part, that’s probably because there seems to be a lot of confusion in terms of classifying trojans as malware or a type of virus. This may be, in part, because people often lump viruses, trojans, and other types of malware together in articles.

But don’t worry. We’re here to pull back to cloak of uncertainty and reveal everything you need to know about trojan malware and trojan horse attacks. This includes going over:

  • What a trojan horse is in computer terms (and where the name came from),
  • Why bad guys like to use trojans,
  • The 10 common types of trojans,
  • What to look for to identify whether your device may be infected, and
  • How to prevent trojans from infecting your computer.

What Is a Trojan?

The term “trojan horse” (or just “trojan” for short) refers to malicious software (malware) that’s disguised to look like a legitimate computer program, application, or file. The National Institute of Standards and Technology (NIST) defines it as:

“A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.”

Basically, a trojan author (hacker) creates software with a misleading name or corrupts a legitimate program with malicious trojan malware. Apart from the executable software and applications, trojan malware can be hidden in the files, folders, images, videos, slideshows, etc.

Using this ruse, cybercriminals trick innocent users into downloading their corrupt software to infect their devices with malware.

Trojans, Worms, and Viruses: What’s the Difference?

Well, let’s first start by saying that these are all separate (but related) threats. These three types of malicious codes and software (malware) use different routes to reach their destructive goals.

Unlike a computer worm, which self-propagates, a traditional trojan typically needs a user’s manual action for it to get into (and activated on) a host computer. The trojan stays dormant in the compromised program until a user clicks, downloads, or installs it.

Unlike a virus, traditional trojans can’t replicate themselves. They stay local in the same corrupted program in which its author has stored it. That means it can’t corrupt the other software and programs. However, modern trojans are frequently combined with viruses or worms. These hybrid trojans replicate themselves and transfer their payloads to all other connected IoT devices, software, USB drives and browsers.  

The Origins of “Trojan” and “Trojan Horse” in IT Security

A public domain image of artwork depicting the trojan horse being brought into the city of Troy.
Image source: The Metropolitan Museum of Art. A public domain image of “The Trojans Bring the Wooden Horse into Their City” by Italian painter Luca Penni.

The term trojan horse relates to the Greek myth of a massive wooden horse that the Greeks used in the Trojan War to infiltrate and destroy the city of Troy. To summarize: The Greeks built a hollow horse statue to hide soldiers and trick the Trojans into letting them inside their gates. The soldiers snuck out at night and proceeded to let the rest of their army into the city.

The computing world’s trojan horse got this name because of the malware’s similarly deceptive nature. The user willingly downloads a program thinking it is a harmless, useful program without having a clue that it is loaded with malicious code.

Why Attackers Use Trojans

Trojan horses damage infected devices in many of the same ways as other types of malware. They’re also instrumental in helping cybercriminals:

Server-side attacks: Although most trojans target end user devices instead of servers (websites) or networks, the threats they pose don’t end there. Many major types of cyber attacks against websites and servers — such as DDoS attacks, brute force attacks, man-in-the-middle attacks, etc. — take place when trojans comprise user devices to make a botnet army.

Trojan Horse Invasion Techniques

Let’s explore how the attackers manage to install the trojan horse on a device.

Compromised Software and Apps

Hackers infect a legitimate executable (.exe) with trojan malware or develop new corrupted software with a deceptive name. For example:

  • Skyp3.exe (instead of Skype.exe),
  • $recyble.bin, (instead of Recycle bin)
  • Instagrarm, (Instead of Instagram)
  • TikTok-online, (Instead of Tik-Tok)
  • Nort0n antivirus (Instead of Norton Antivirus)

As you can see, these names are written in a way that causes less vigilant users to think they’re legitimate software, apps, or files and download them. To lure unsuspecting users into downloading their infected items, hackers often make them available to download for free. When users install the malicious items, the trojans can then take control of their devices.

Phishing Emails

Hackers distribute different types of malware via phishing email links and attachments. Phishing emails look like coming from legitimate sources like your bank, an ecommerce company, friends, relatives, the professional circle, or any legit company, but they’re not.

For example, you might think the below email is from PayPal and that the attachment is a benign pdf receipt. However, if you were to download it, the trojan would infiltrate your system. 

Screenshot from a PayPal phishing email

Pop-Up Messages and Ads

When users visit an infected or spammy website, they get a variety of pop-ups of lucrative advertisements, fake virus infection threats, tempting gossip articles, shocking news, etc. When users click on such pop-ups, the trojan gets installed in their device. 

Fake Updates

When users try to access any video or file online, the website denies their access and asks them to download the latest version of a media player, browser, or other types of software with a given link. However, when they install the program from the link provided in the message, a trojan malware-loaded version of the software gets downloaded in the users’ device.

The 10 Common Types of Trojan Horses

The trojan author develops the payload to exploit the host device in a specific manner. Trojans are typically categorized by their functions. Although all trojans are developed differently, these are some common types of trojan malware that we’ve seen in the past on the internet.

1. Botnet Trojans

These trojans are designed to spread their payloads to other connected devices and make them join a bot network. The trojans’ authors are called botmasters, and they control all of the infected devices via C&C servers. Once a large number of infected devices join the same botnet, the botmaster uses them to execute various cyber attacks (DDoS attacks, brute force attacks, etc.). 

2. Deceptive Antivirus Trojans

Such trojans send pop ups to users, informing them that their devices are infected with malware. Once the users are convinced that their devices are infected, the attackers sell them fake malware-loaded antivirus software or charge for virus removal services. Check out the following example:

Screenshot from Malwarebytes of fake antivirus warning messages
Image Source: Malwarebytes

3. Email Corrupting Trojans

These trojans are made to access the hosts’ email clients. They can:

  • Intercept email communications,
  • Send the victims’ contact lists to the attackers,
  • Send phishing emails on behalf of the victims (without the victims’ knowledge) and erase the emails from their sent folders. 

4. Backdoor/Remote Access Trojans

These trojans give remote access of the infected devices to cybercriminals. With this comprehensive access, trojan authors can:

  • Access, modify and transfer files,
  • Send and receive information with other connected IoT devices,
  • Reboot the system,
  • Install or uninstall software, and
  • Get many other such privileges.

5. Ransomware Trojans

These types of trojans have the ability to encrypt, lock, and delete data. They can lock important programs or even the entire operating system, too. The trojan writers demand extortion money from the victims in exchange for returning access to the data, files, programs, or the entire system. (Although, as you can imagine, even if some victims pay, the bad guys still might not follow through with their promise.) Sometimes, the attackers also threaten to leak the victims’ private data or expose the confidential information if they don’t pay the ransom.

Check out the example below:

Screenshot of a ransomware notification from a ransomware trojan
Image Sorce: pcrisk.com

6. Vulnerability Finding Trojans

After making their way onto targets’ devices, these trojans seek out the vulnerabilities of the operating systems, apps, and software that are installed on them. The trojans then send the lists of vulnerabilities to the trojan operators. Generally, such vulnerabilities are found in outdated versions of programs. This information helps hackers to make further plans of exploiting the devices (and other devices with the same vulnerabilities) based on the nature of their unpatched bugs.

7. Download Enabler Trojans

Whenever the victim’s device connects to the internet, these types of trojans download the other type of malware in users’ devices without their consent. 

8. Spyware Trojans

Spyware trojans (also known as spyware) are covert software that attackers can use to monitor the target users’ actions and behaviors. This includes everything from what the users type on their infected devices to the information they transmit via websites (such as personal information, financial data, login credentials, etc.). The spyware users can then use the information to execute identity theft crimes, financial fraud, or ransomware attacks.

9. File Transfer Protocol Trojans

With these types of trojans, attackers use trojans to open port 21 in the host device to access the files via the file transfer protocol (FTP). Once the attackers get access to the FTP folders, they can upload and download malicious files in the victims’ devices remotely.

10. Security Software Disabler Trojans

These trojans turn off, disable, or uninstall computer security software such as antivirus, antimalware, or firewalls without the users’ knowledge. So, before the antivirus programs can detect the trojan and its payloads, the attackers turn such security software off. The users think that their devices are still protected by the security software and they trust the infected programs without being suspicious.     

8 Common Signs That You May Have a Trojan Horse in Your Computer or Device

So, how do you know if your device is infected with a trojan horse? Of course, the immediate answer is that you can use an anti-malware scanner (and some antivirus programs) to check. The symptoms are often going to be the same, whether your device is infected with a trojan or any other type of malware:

  1. Antivirus and Anti-Malware Tools Are Disabled: You might notice that your antivirus program is suddenly disabled or even uninstalled.
  2. High Latency and Load Speeds: Your device suddenly becomes slow and sluggish. You may notice warning messages about your device lacking sufficient memory to complete tasks or run programs.
  3. Freezing Screen: You might even experience your screen freezing up completely or getting the dreaded “blue screen of death.”
  4. Unusual Cursor Movements: The mouse cursor starts acting up. This may involve moving automatically, moves in the different directions or at inconsistent speeds. In some cases, you might not be able to move or control it at all. Sometimes, the cursor disappears, and you can still notice some activities on your screen such as programs or browsers automatically open up (as if someone is operating your device from a remote place)
  5. Unsolicited Pop-ups: You start seeing unwanted pop-ups on your screen. This includes everything from frequent virus and software update alerts to advertisements and messages telling you to download unknown software programs.
  6. Automatic Website Opening: As soon as you connect to the internet or open a browser, some unknown websites open automatically in your browser. In some cases, you may be redirected to some unknown spammy website while surfing online.
  7. Unknown Extensions Appear In Your Browser: You will find some unknown extensions installed in your web browser. To check the extensions you have installed in your browsers, type chrome://extensions/ in Chrome’s address bar or about:addons in Firefox’s address bar. For Internet Explorer, go to the main menu and click on Manage Add-ons.
  8. Unknown Programs in Task Manager: If you open your task manager window (which you can do by pressing Ctrl+Alt+Delete), you will notice some unknown programs and apps running.

How to Protect Your Device from Trojan Horses

1) Beware of Phishing Emails

Attackers commonly use phishing email to distribute their trojan horse malware. To avoid accidentally downloading or installing a trojan:

  • Educate yourself and your employees to recognize a phishing email. Check out these two easy-to-follow articles: How to know if an email is fake and phishing email scams.
  • Don’t download an email attachment from unknown senders. Furthermore, always be sure to scan all email attachments with anti-malware software (even from senders you know) before downloading anything.
  • Hover over your cursor to the links given in the email to know where it actually redirects to. You can also right-click on the links and hit Inspect. The link you will see after <a href=” is the webpage where the given link will bring you to.

2) Regularly Scan Your Devices with Anti-Malware Software

Security software and firewalls can detect and remove the majority of trojan malware. They can also alert you when you visit a spammy or malicious website, or if you download a corrupted file from the internet.

3) Be Careful When Downloading Anything from Internet

By now, you already know that trojan horses mimic legitimate software to lure users into downloading them. Hence why you must be extra vigilant in downloading anything from the internet. Scan everything that you download from the internet. 

Apps: Beware of installing unknown apps. When you search for an app and see many other apps with a little variation in names, do an internet search to find the official name of the app you want to install.

Let’s say you want to install Zoom for conference calls. You might come across apps like Zoon-online, ZoomMeeting, GetZoom, Zoom Calling, Zoom Video Calling, etc. However, you’re not sure which of these is legitimate. To figure out which one actually belongs to the Zoom platform, visit the app’s official website and check the app publisher’s name in the app store before installing it on your device.

Software: If you’re downloading software, check out the publisher’s name in the security window and conduct a quick search about the publisher and read the reviews. If you see the publisher’s name as Unknown, avoid installing that software. When the software publisher’s name is written as Unknown, it indicates that they are not using a code signing certificate. Hence, such software shouldn’t automatically be trusted in terms of their integrity and authenticity.

Legitimate devs and publishers use code signing certificates to protect their software from being tampered with. The certificate authority (CA) who issues the certificate conducts a rigorous vetting process to verify the software publisher’s identity and issue the certificate only to a legit publisher.  

Two screenshots showing Windows SmartScreen messages for unsigned software and signed software by a verified publisher.

4) Always Store Backups on Third-Party Cloud Platforms:

Always store your backups on a third-party cloud platform such as Google Drive, Dropbox, etc. This will help you to recover your data in the event of a crash or a cyber attack. If a trojan corrupts, encrypts, or removes your data, you can restore everything if you have a current data backup available. Backups are the best solution for the ransomware attacks. Always scan the files with anti-malware software before uploading them to the backup folder.

5) Keep Your Systems Patched and Up to Date

The best protection against many types of malware, including the vulnerability finding trojan, is to keep your operating system and all the software patched. Updates are not only for tweaking the appearance and functionality of the software. The publishers fix the security vulnerabilities in the old versions and publish the patched version. The hackers develop malware that can exploit the vulnerabilities of the old version. Hence why it’s always important to install the updated version of the operating system, software, and apps as soon as they are available.

Wrapping Up on Answering “What Is a Trojan Horse?”

A trojan horse can’t get into your system until you manually download it. So, be vigilant whenever you download anything from the internet. Whenever you find any software, program, application, free stuff, or advertisements online that look too good to be true, follow your instincts, and refrain from downloading them.

If you receive an unsolicited communication for some type of benefit (lottery winning, grand prize, free products, etc.), ask yourself why you’re selected. How many people do you know who are making millions just by playing some online games or casino? If you get a notice that you must use some software (like a flash player or any media player) to access content, do a quick search about that software and read the customer reviews. Also, even if it is a well-known software or browser extension, install them from their official website only instead of clicking on link given in the pop-ups.

We hope this article has helped you to answer questions like “what is a trojan horse?” and how to protect your device from this type of threat.

About the author

Medha is a regular contributor to InfoSec Insights. She's a tech enthusiast and writes about technology, website security, cryptography, cyber security, and data protection.