Trojan Horse

Introduction

In computing a Trojan Horse is a type of malware which enters your computer through another package disguising itself as a legitimate piece of software such as an update, driver, game or application. Once executed and ran by the user the Trojan will begin running in the background to compromise the target computer.

Depending on the type of Trojan malware the program may appear to not work or display an error when launched to confuse the user into thinking that the program didn’t run properly or didn’t work. Other Trojans may deploy a decoy application with basic features to further hide the malicious intentions of the operator from the user.

The name comes from the historical story from ancient Greece whereby the Spartans invaded Troy through the use of a wooden horse to fool the people of Troy that they had received a gift from the God’s before unleashing their soldiers to invade.

Similar to the above the purpose of this threat is to silently enter your computer and then once inside act as a payload for other malicious features to be executed on your system.

Threat capabilities

Once a Trojan is deployed it has a large number of capabilities depending on the operators intentions including but not limited to:

  • Remotely controlling the victims computer (both visibly or silently in the background)
  • Use the computer to attack other devices or send spam making it part of a botnet
  • Steal files from the victims device
  • Activate or record the webcam/microphone
  • Log all words entered on the keyboard
  • Deploy other threats such as ransomware or adware (see adware removal guide here)
  • Steal banking passwords or other information like messages & searches

Notable examples

Throughout the years there have been hundreds of thousands of different Trojan variants discovered across the internet, here are some notable examples:

Zeus

This threat was a very sophisticated Trojan which affected thousands of Windows computers over several years particularly during 2007-2010, this same strain of ransomware was also used to help spread Cryptolocker however it’s primary purpose was to steal banking details.

This threat had infected systems all over the world, since it’s discovery more than 100 people have been arrested in the U.S, UK and Ukraine on a number of charges including banking fraud and money laundering. It is estimated that the scheme had stolen approximately 70 million dollars.

Read more about Zeus here.

Finfisher

The Finfisher malware suite was a sophisticated threat that was sold underground to state sponsered hackers including governments with various spyware functionality including logging all keystrokes, hijacking other programs and recording the webcam and audio.

Finfisher was delivered in a number of ways including fake software updates, malicious email attachments, infected software downloads and through vulnerabilities in popular programs like iTunes and FireFox.

Read more about Finfisher here.

Flashback

The Flashback Trojan was a fake update for Adobe Flash Player targeting macOS systems. Once installed the malware would join the computer to a botnet controlled by several remote servers and at it’s peak had control of approximately 600,000 Mac’s.

Read more about Flashback here.

Defending against Trojans

The best defence against Trojan horses is to be proactive and keep your system up-to-date as well as your Antivirus software. Other steps to help keep you safe include limiting the software you have installed and ensure you only download software from trusted websites. Lastly it is also recommended to run an anti-malware program alongside your Antivirus and run regular scans, we recommend MalwareBytes for this which you can purchase here.

Other useful resources

How to scan files with multiple antivirus tools: Follow this guide to make sure you get a second opinion before installing anything unfamiliar or opening files your not sure about.

How to calculate hashes for files with Hashtoolbox: This guide walks you through using our Hashtoolbox software to verify hashes for files you download if they are provided.

*Image credits

Flickr via Creative Commons