A Trojan horse is malicious software (malware) that will mislead computer users by pretending to be something real or desirable. Unlike a computer virus, a Trojan horse does not replicate and does not reproduce by infecting other files. When a PC is infected with a Trojan horse, some valuable data can be stolen or damaged.
Most rogue applications are installed by a Trojan horse but not all Trojan infections will install misleading software. Most Trojan horses will add infections in critical areas in Windows and start spying or stealing information from computers. There are several types of Trojan horses and you will find them in this article.
Trojan horses spread via emails as attachments or as downloads from websites that have been compromised or created for the purpose of misleading users to download a necessary plug-in or file.
RATs or Backdoor and Trojan Dropper
One of the most common but dangerous Trojans are called Backdoor Trojans (also known as Remote Access Trojans or RATs). A PC with a sophisticated backdoor Trojan installed may also be referred to as a zombie or bot. These types of threats are almost invisible to the user and if they succeed in entering the system, the attacker or intruder has remote access to the system. The attacker, with the help of the Trojan, is now in control of the computer. Some capabilities of backdoor Trojans are to collect information, terminate or run a task or process, download and upload files, reports to the attacker’s machine, change critical setting in Windows, shutdown or restart the PC, and perform Denial of Service (DoS) attacks.
Another type of Trojan horse is called Trojan Dropper. These type of Trojans will drop or download additional malicious files to the computer. Once they finish dropping the required files, additional malware files that were dropped are the next to run and proceed to infect the computer.
Keyloggers and System File Killers
Other types of Trojans are known as keyloggers and system file killers:
- Key logging Trojans – Keyloggers will record every mouse click or pressed keys of an infected computer. The recorded action from the computer is sent to a remote location. Spyware distributors and hackers are the common attackers of keyloggers to gain information that they need e.g. online banking credentials, email account username and passwords, and credit card or other valuable data.
- System file killing Trojans – These type of Trojans often end or shutdown important system or program files. An example of this Trojan is the Trojan.KillAV.
Password Stealers and DoS Trojans
Two other types of Trojan horses are called password stealing Trojans and Denial of Service (DoS) attack Trojans.
A password stealing Trojan will steal passwords by copying cached or newly entered passwords in the computer or while the user browses or uses any application that requires a password. The copy of passwords is sent via email which is delivered to attacker’s email account.
The Denial of Service (DoS) attack Trojan is a type of Trojan horse that can cause network traffic to slow. It involves a multiple of infected computers (also known as zombie computers) to attack a particular website, business or other computers. The attack is usually completed using mail bombs and IRC Trojans.
Trojan Horse Prevention
Most antivirus programs include detection and removal of Trojan horses, but to prevent a Trojan horse infection, the user needs to
learn some best practices:
- Do not open or execute attachments that are not scanned for malware or virus infection by your antivirus program or email scanner.
- Update the operating system as soon as possible. Trojan horses affect not only Windows computers but also Mac and Linux systems.
- Keep installed third-party applications up-to-date.
- Use a standard user account or take advantage of User Account Control which is enabled by default in Windows 7, Vista, Mac and Linux computers.
- Regularly scan the computer using an antivirus program.
- Consider using on-demand scanners such as anti-Trojan and anti-malware programs because not all antivirus can detect all types of threats. Examples of anti-Trojan software are TrojanHunter and The Cleaner.
If your computer is infected by a Trojan horse, disconnect the computer from the Internet and immediately clean the computer.
Image credits: Screenshots taken by the author, https://commons.wikimedia.org/wiki/File:Virus_ordinateur.jpg