What Is a Trojan?<\/h2>\n\n\n\n
The term \u201ctrojan horse\u201d (or just \u201ctrojan\u201d for short) refers to malicious software (malware) that\u2019s disguised to look like a legitimate computer program, application, or file. The National Institute of Standards and Technology<\/a> (NIST) defines it as:<\/p>\n\n\n\n \u201cA computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.\u201d<\/em><\/p><\/blockquote>\n\n\n\n Basically, a trojan author (hacker) creates software with a misleading name<\/a> or corrupts a legitimate program with malicious trojan malware. The trojan malware can be hidden in the files, folders, images, videos, slideshows, etc., too.<\/p>\n\n\n\n Using this ruse, cybercriminals trick innocent users into downloading their corrupt software to infect their devices with malware.<\/p>\n\n\n\n Well, let\u2019s first start by saying that these are all separate (but related) threats. These three types of malicious codes use different routes to reach their destructive goals.<\/p>\n\n\n\n Unlike a computer worm, which self-propagates, a traditional trojan typically needs a user’s manual action to get into (and activated on) a host computer<\/strong>. The trojan stays dormant in the compromised program until a user clicks, downloads, or installs it.<\/p>\n\n\n\n Unlike a virus, traditional trojans can\u2019t replicate themselves<\/strong>. They stay local in the same corrupted program in which its author has stored it. That means it can\u2019t corrupt the other software and programs. <\/p>\n\n\n\n However, modern trojans are frequently combined with viruses or worms. These hybrid trojans replicate themselves and transfer their payloads to all other connected IoT devices, software, USB drives, and browsers.\u00a0\u00a0<\/p>\n\n\n\n The term trojan horse relates to the Greek myth of a massive wooden horse that the Greeks used in the Trojan War.<\/p>\n\n\n\n To summarize: In the Trojan war, the Greeks made a huge wooden horse, hid soldiers in it, and pretended that they left the city of Troy. The people of Troy, Trojans, brought the wooden horse inside the Troy as the symbol of their victory. But in the night, Greek soldiers came out of the wooden horse, opened Troy’s gates to let the remaining Greek army enter and defeat the city.<\/p>\n\n\n\n The computing world’s trojan horse got this name because of the malware\u2019s similarly deceptive nature. The user willingly downloads a program thinking it is a harmless, useful program without having a clue that it is loaded with malicious code.<\/p>\n\n\n\n Trojan horses damage infected devices in many of the same ways as other types of malware. They\u2019re also instrumental in helping cybercriminals:<\/p>\n\n\n\n Server-side attacks<\/strong>: Although most trojans target end user devices instead of servers (websites) or networks, the threats they pose don\u2019t end there. Many major types of cyber attacks<\/a> against websites and servers \u2014 such as DDoS attacks, brute force attacks, man-in-the-middle attacks, etc. \u2014 take place when trojans comprise user devices to make a botnet army.<\/p>\n\n\n\n Let\u2019s explore how the attackers manage to install the trojan horse on a device.<\/p>\n\n\n\n Hackers infect a legitimate executable (.exe) with trojan malware or develop new corrupted software with a deceptive name. For example:<\/p>\n\n\n\n As you can see, these names are written in a way that causes less vigilant users to think they\u2019re legitimate software, apps, or files and download them. To lure unsuspecting users into downloading their infected items, hackers often make them available to download for free. When users install the malicious items, the trojans can then take control of their devices.<\/p>\n\n\n\n Hackers distribute different types of malware<\/a> via phishing email links and attachments. Phishing emails look like coming from legitimate sources like your bank, an ecommerce company, friends, relatives, the professional circle, or any legit company, but they\u2019re not.<\/p>\n\n\n\n For example, you might think the below email is from PayPal and that the attachment is a benign pdf receipt. However, if you were to download it, the trojan would infiltrate your system. <\/p>\n\n\n\n When users visit an infected or spammy website, they get a variety of pop-ups of lucrative advertisements, fake virus infection threats, tempting gossip articles, shocking news, etc. When users click on such pop-ups, the trojan gets installed in their device. <\/p>\n\n\n\n When users try to access any video or file online, the website denies their access and asks them to download the latest version of a media player, browser, or other types of software with a given link. However, when they install the program from the link provided in the message, a trojan malware-loaded version of the software gets downloaded in the users’ device.<\/p>\n\n\n\n The trojan author develops the payload to exploit the host device in a specific manner. Trojans are typically categorized by their functions. Although all trojans are developed differently, these are some common types of trojan malware that we\u2019ve seen in the past on the internet.<\/p>\n\n\n\n These trojans are designed to spread their payloads to other connected devices and make them join a bot network. The trojans\u2019 authors are called botmasters, and they control all of the infected devices via C&C servers. Once a large number of infected devices join the same botnet, the botmaster uses them to execute various cyber attacks (DDoS attacks<\/a>, brute force attacks, etc.). <\/p>\n\n\n\n Such trojans send pop ups to users, informing them that their devices are infected with malware. Once the users are convinced that their devices are infected, the attackers sell them fake malware-loaded antivirus software or charge for virus removal services. Check out the following example:<\/p>\n\n\n\n These trojans are made to access the hosts\u2019 email clients. They can:<\/p>\n\n\n\n These trojans give remote access of the infected devices to cybercriminals. With this comprehensive access, trojan authors can:<\/p>\n\n\n\n These types of trojans have the ability to encrypt, lock, and delete data. They can lock important programs or even the entire operating system, too. The trojan writers demand extortion money from the victims in exchange for returning access to the data, files, programs, or the entire system. (Although, as you can imagine, even if some victims pay, the bad guys still might not follow through with their promise.) Sometimes, the attackers also threaten to leak the victims\u2019 private data or expose the confidential information if they don\u2019t pay the ransom.<\/p>\n\n\n\n Check out the example below:<\/p>\n\n\n\n After making their way onto targets\u2019 devices, these trojans seek out the vulnerabilities of the operating systems, apps, and software that are installed on them. The trojans then send the lists of vulnerabilities to the trojan operators. Generally, such vulnerabilities are found in outdated versions of programs. This information helps hackers to make further plans of exploiting the devices (and other devices with the same vulnerabilities) based on the nature of their unpatched bugs.<\/p>\n\n\n\n Whenever the victim’s device connects to the internet, these types of trojans download the other type of malware in users’ devices without their consent. <\/strong><\/p>\n\n\n\n Spyware trojans (also known as spyware) are covert software that attackers can use to monitor the target users\u2019 actions and behaviors. This includes everything from what the users type on their infected devices to the information they transmit via websites (such as personal information, financial data, login credentials, etc.). The spyware users can then use the information to execute identity theft crimes, financial fraud, or ransomware attacks.<\/p>\n\n\n\n With these types of trojans, attackers use trojans to open port 21 in the host device to access the files via the file transfer protocol (FTP). Once the attackers get access to the FTP folders, they can upload and download malicious files in the victims\u2019 devices remotely.<\/p>\n\n\n\n These trojans turn off, disable, or uninstall computer security software such as antivirus, antimalware, or firewalls without the users\u2019 knowledge. So, before the antivirus programs can detect the trojan and its payloads, the attackers turn such security software off. The users think that their devices are still protected by the security software and they trust the infected programs without being suspicious. <\/p>\n\n\n\n So, how do you know if your device is infected with a trojan horse? Of course, the immediate answer is that you can use an anti-malware scanner (and some antivirus programs) to check. The symptoms are often going to be the same, whether your device is infected with a trojan or any other type of malware:<\/p>\n\n\n\n Attackers commonly use phishing email to distribute their trojan horse malware. To avoid accidentally downloading or installing a trojan:<\/p>\n\n\n\n Security software and firewalls can detect and remove the majority of trojan malware. They can also alert you when you visit a spammy or malicious website, or if you download a corrupted file from the internet.<\/p>\n\n\n\n By now, you already know that trojan horses mimic legitimate software to lure users into downloading them. Hence why you must be extra vigilant in downloading anything from the internet. Scan everything that you download from the internet. <\/p>\n\n\n\n Apps:<\/strong> Beware of installing unknown apps. When you search for an app and see many other apps with a little variation in names, do an internet search to find the official name of the app you want to install.<\/p>\n\n\n\n Let\u2019s say you want to install Zoom for conference calls. You might come across apps like Zoon-online, ZoomMeeting, GetZoom, Zoom Calling, Zoom Video Calling, etc. However, you\u2019re not sure which of these is legitimate. To figure out which one actually belongs to the Zoom platform, visit the app\u2019s official website and check the app publisher\u2019s name in the app store before installing it on your device.<\/p>\n\n\n\n Software<\/strong>: If you\u2019re downloading software, check out the publisher’s name in the security window and conduct a quick search about the publisher and read the reviews. If you see the publisher’s name as Unknown<\/strong>, avoid installing that software. When the software publisher’s name is written as Unknown<\/strong>, it indicates that they are not using a code signing certificate<\/a>. Hence, such software shouldn\u2019t automatically be trusted in terms of their integrity and authenticity.<\/p>\n\n\n\n Legitimate devs and publishers use code signing certificates to protect their software from being tampered with. The certificate authority (CA) who issues the certificate conducts a rigorous vetting process to verify the software publisher\u2019s identity and issue the certificate only to a legit publisher. <\/p>\n\n\n\nTrojans, Worms, and Viruses: What\u2019s the Difference?<\/h3>\n\n\n\n
The Origins of \u201cTrojan Horse\u201d in IT Security
<\/h3>\n\n\n\n
![\"A](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/08\/trojan-horse-1024x771.jpg\")
Why Attackers Use Trojans<\/h2>\n\n\n\n
Trojan Horse Invasion Techniques<\/h2>\n\n\n\n
Compromised Software and Apps<\/h3>\n\n\n\n
Phishing Emails<\/h3>\n\n\n\n
![\"Screenshot](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/08\/phishing-email-example-trojan-delivery-1024x352.jpg\")
<\/figure><\/div>\n\n\n\nPop-Up Messages and Ads<\/h3>\n\n\n\n
Fake Updates<\/h3>\n\n\n\n
The 10 Common Types of Trojan Horses<\/h2>\n\n\n\n
1. Botnet Trojans<\/h3>\n\n\n\n
2. Deceptive Antivirus Trojans<\/h3>\n\n\n\n
![\"Screenshot](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/08\/antivirus-trojans-deceptive-warnings.png\")
3. Email Corrupting Trojans<\/h3>\n\n\n\n
4. Backdoor\/Remote Access Trojans<\/h3>\n\n\n\n
5. Ransomware Trojans<\/h3>\n\n\n\n
![\"Screenshot](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/08\/ransomware-trojan-message.png\")
6. Vulnerability Finding Trojans<\/h3>\n\n\n\n
7. Download Enabler Trojans<\/h3>\n\n\n\n
8. Spyware Trojans<\/h3>\n\n\n\n
9. File Transfer Protocol Trojans<\/h3>\n\n\n\n
10. Security Software Disabler Trojans<\/h3>\n\n\n\n
8 Common Signs That You May Have a Trojan Horse in Your Computer or Device<\/h2>\n\n\n\n
How to Protect Your Device from Trojan Horses<\/h2>\n\n\n\n
1) Beware of Phishing Emails<\/h3>\n\n\n\n
2) Regularly Scan Your Devices with Anti-Malware Software<\/h3>\n\n\n\n
3) Be Careful When Downloading Anything from Internet<\/h3>\n\n\n\n
![\"Two](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/08\/code-signing-warning-message.png\")
<\/figure><\/div>\n\n\n\n