As part of National Cyber Security Awareness Month, we are featuring an article from Emsisoft that takes a detailed look at Trojan Horse infections.
After a ten-year siege against the seemingly impenetrable city of Troy, the Greeks decided to try something a little more crafty than brute force. Concealing themselves within a trophy offering in the shape of a giant wooden horse, Greek soldiers were able to breach the city walls, capture Troy and win the entire war.
Modern Trojan horses are similarly deceptive. In computer terms, a Trojan horse is any malicious software that disguises itself in order to deceive users of its true intent. Trojans can take the form of just about anything: an innocuous download link, an email attachment sent from a work colleague or an image sent via social media.
Despite being one of the oldest forms of malware, Trojans have proven to be persistent pests and remain the leading cause of malware infection. In fact, they account for about 8 in 10 of all new malware infections.
Nevertheless, it is possible to defend your system against this type of cybercrime. In this article, we’re going to show you exactly how the different types of Trojans work and what you can do to reduce your risk of infection.
How do Trojan Horses Work?
Even often referred to as trojan horse virus, there are some subtle but important differences between Trojans, viruses and worms. In contrast to the latter two, Trojans are not able to replicate themselves, nor are they able to autonomously infect other files or spread to other devices. Instead, they require input from an external source: you.
Why Would You Ever Interact With a Trojan?
Well, as we touched on earlier, Trojans are deceptive creatures that can disguise themselves as regular, everyday, benign files – the types of files you click on without even thinking about it. Whether it’s an email attachment sent from a trusted source or a program you’ve downloaded from an ordinarily reputable website, malware authors go to great lengths to ensure their Trojan looks like the real deal.
The most recent and widely publicized Trojan example is that of Piriform’s CCleaner, a highly popular utility that was recently acquired by Avast. The cyber criminals managed to compromise the update infrastructure and injected malicious code into the installer, which was available for almost a month with a valid security certificate from Symantec until it was discovered by security researchers.
Opening a Trojan is the equivalent of opening the gate and wheeling a large wooden horse into your city. When you double click that seemingly innocent and legit file, you’re effectively allowing the attackers to bypass your defenses – in fact, you’re actually triggering the malware yourself!
The Different Types of Trojan Horses
Trojans come in all shapes and sizes and can affect your system in a variety of ways ranging from ‘annoying’ all the way through to ‘financially crippling’. We’ve rounded up the most common types of Trojans you’re likely to encounter:
Backdoor Trojans create a hidden link through which hackers can remotely access and control the infected device. In many cases, the criminals can gain almost full control of the computer and use it to do more or less anything they want. In the past, this might have involved random disruption such as deleting files, messing with settings and collecting personal information, but increasingly hackers are using backdoor Trojans to recruit devices into a botnet, which can, in turn, be used to carry out powerful cyber attacks. Backdoor.Nitol is one example of a backdoor trojan that has gained a lot of attention in recent months. The trojan makes use of the same NSA exploit as WannaCry, ransomware that infected more than 350,000 computers around the world earlier this year.
This particular type is incredibly common and can have dire financial consequences for businesses and users alike. As the name implies, the primary objective of a banker trojan is to obtain banking data stored on your system that will give the hackers access to your bank accounts, credit and debit cards and e-payment systems. Zeus, otherwise known as Zbot, continues to be the most prolific banking Trojan of 2017. After the author of the original Trojan released the source code back in 2011, a number of variants built on the original Zbot code have sprung up (including Atmos, Citadel and more), though none have proven to be as profitable as the original. The Trojan spreads mostly through phishing and drive-by-downloads.