Computer Trojan is a malicious program whose main difference from the computer virus is that it penetrates the system under the guise of a good and useful program. Once in the system, the Trojan can do a lot of harm. It can collect information about the device and its owner. It can also steal data from a PC. The goal of some Trojans is to delete files. Some Trojans can destroy the file system, operating system, BIOS. There are plenty of other dangerous “use cases.”
Trojan.WinLock is a good example of a dangerous Trojan. It was designed to infect computers running Windows, completely blocking user access to it. Trojan.WinLock is categorized as a ransom Trojan as it requests payment from the user to gain access to its device again.
Classification of Computer Trojans
There are many types and subtypes of Trojans. Most actively distributed types are:
- Deactivators of protection systems
- DDoS Trojans
RAT – remote access Trojan. Once installed, this Trojan provides an attacker with a wide range of possibilities. It can capture video from the victim’s screen, access the file system, record audio from microphone, copy and steal cookies, install other malicious programs, etc. DarkComet is an example of such a program.
These programs, when they get into the system, start to “terrorize” the victim with messages requiring to send ransom payments, threatening to delete files from the computer or to distribute the victim’s personal data to all his contact or publish on the Internet. Such Trojans can also block access to the system. Cryptolocker is the most prominent example.
This type of malware is designed to download other programs or files from the Internet. Example: Nemucode.
Deactivators of protection systems
Such Trojans remove or deactivate antivirus software in the victim’s system.
Such Trojans specialize in stealing the victim’s bank information like bank account number, PIN, card number, CVV, etc.
Such Trojans are often also called bots. They do not interact with the victim in any way. They are used by hackers to form a botnet, with the goal of launching DDoS attacks.
All Trojans get downloaded and installed into the system under the guise of legal software. They can be uploaded by cybercriminals onto cloud data storages or file-sharing resources on purpose. Trojans can also get into the system with the help of an insider who has physical contact with a victim’s computer and can install rogue software. Today, the most popular way to spread Trojans is spam.
Who is the target of the Trojan programs?
Most often, the Trojan’s targets are ordinary home PCs and their naïve users. Recently, more and more Trojans target corporate networks. Spam email messages with infected attachments are aimed at infecting many computers with Trojans to form a botnet.
Again, many Trojans are embedded into legal software and do not interfere with its everyday functioning. Thus, the victim does not even notice the treacherous actions of the Trojan in the background.
In addition to a PC, a hacker can infect mobile devices with a mobile Trojan to spy on a victim or to steal his confidential information.
- At the G20 meeting in Russia, many USB drives for politicians’ mobile devices were infected with Trojans.
The source of the threat
In addition to email spam, file-sharing platforms are the most prominent sources of the threat. Attackers upload malware disguised for example, as legal and innocent torrent trackers that distribute Trojan software. An important protection rule is not to click on untrusted links or open suspicious programs, or file attachments.
Most of the Trojans are successfully detected by antivirus and antispyware software. Moreover, there are many specialized Trojan removal software tools.
Law enforcement agencies can install Trojans onto computers or other devices of the suspect in order to collect information and evidence. The intelligence services of many countries use such software for espionage. Conspiracy theories are full of stories about Windows OS being the main tool of agencies like NSA and CIA to spy on everybody on the Earth.
In general, Trojans are very common due to the fact that there is a huge number of different tools for creating such software. For example, the Metasploit Framework (MSF) allows you to add a Trojan to legal software, which contributes to the spread of malware. Another example is AndroRAT, which targets Android devices.
Trojans can pose a serious danger to the victim (RAT, bankers), but they also may not interact with the victim at all (DDoS Trojans.) Many Trojans are very difficult to detect since their code is added to the code of a legal program and does not interfere with its functioning. The slow operation of the computer may be a sign of being infected with a computer Trojan. Some Trojans heavily load the processor (especially DDoS Trojans) that can slow down the PC and increase the temperature of the CPU. If antivirus software does not help, then the only reliable way out is to reinstall the OS, reformat the hard drives, or\and contact tech specialists.