As part of National Cyber Security Awareness Month, we are featuring an article from Emsisoft that takes a detailed look at Trojan Horse infections. Last week, we looked at how Trojan Horses work and began to look at the different types. This week, we continue to examine types of Trojan Horses. In next week’s article, we’ll end this series by looking at ways you may encounter these infections and how to avoid them.
Exploit trojans are usually concealed with programs. When executed, they exploit security weaknesses within your operating system or other software installed on your computer, giving hackers access to your data or control over your system. In 2012, the Blackhole exploit compromised a huge chunk of the internet and was widely regarded as the biggest threat at the time. Blackhole exploited vulnerabilities in commonly used browsers and plugins to deliver a malicious payload.
A rootkit is a particularly devious type of trojan that is designed to prevent both you and your antivirus solution from identifying the presence of other malicious software. This gives the malware a bigger window of opportunity to wreak havoc on the infected system. SmartService is a good example of a rootkit. The trojan is typically distributed via adware bundles that many users inadvertently install when acquiring free software. After installation, SmartService creates a Windows service that prevents you from running security software and can even stop you disabling certain processes and deleting particular files. This protective behavior makes it substantially more difficult to remove the other adware that was installed alongside SmartService.
Distributed Denial of Service (DDoS) attacks have become increasingly common and disruptive in recent years, with some experts estimating that the average DDoS attack costs businesses around $2.5 million. DDoS Trojans enable cyber criminals to harness your computer’s resources to send requests to an address, flooding and eventually overwhelming the target network.
Trojan downloaders are exceptionally common among home users, who may inadvertently install one after downloading a file from an unverified or disreputable source. The payload varies, but often takes the form of adware and potentially unwanted programs, which can drastically slow your computer down. Downloaders are often less complex than other types of trojans, but still pose a significant risk.
Cybercriminals use droppers as a means of deploying additional trojans and other types of malware. Many droppers have a secondary goal of preventing your system from detecting malicious software.
Many of the new ransomware breeds make use of dropper Trojans to devastating effect. Spora uses a Jscript dropper component to execute a malicious file that encrypts data on the infected machine. A dropper Trojan also played a role in the WannaCry ransomware outbreak, which successfully infected 350,000 machines around the world in May 2017.
Perhaps the greatest example of malware camouflage, FakeAV Trojans are designed to simulate helpful antivirus software. The program creates fake alerts about suspicious files that don’t exist and demands money in order to remove the non-existent threat. ThinkPoint is a classic example of a FakeAV. Billed as an anti-spyware program that’s part of Microsoft Security Essentials, the program detects a fake infection, reboots your computer and prevents you from using your device until you pay for the full ThinkPoint program which, it promises, will restore your computer to its former state. (Hint: don’t buy it!).