Trojan Downloader

A Trojan downloader is usually a standalone program that attempts to secretly download and run other files from remote web and ftp sites. Typically Trojan downloaders download a numerous variety of Trojans and backdoors and activate them on an affected system without your approval.

Trojan downloader, when running, installs itself onto the computer system and waits patiently until Internet connection becomes available. After that it attempts to connect to a web or ftp site, downloads a specific file or files and runs them.

If your system has a Trojan Downloader aboard, it means your system is running amuck with malicious files and programs. Before we explain how we’ve come to this conclusion, let’s first define what a basic Trojan is.

In cyberspace, a Trojan or Trojan horse is the label given a type of malicious program infamous for using guises to trick PC users into opening the front door, i.e. clicking and thus authorizing the download of its files and program. In other words, a Trojan horse presents as an innocent or helpful tool, when in fact its malicious code or scripting contained therein is planned to carry out the criminal intent of its creator. Criminal intent could involve theft of data or misuse of system resources to jam up the traffic of targeted computer systems, so called a DNS (Denial of Service) strike or attack. 

A Trojan can be built to carry out a specific attack or behavior and the identifier or detection assigned may give hint as to what this entails. To trick an unwary PC user into clicking and downloading its files, a Trojan may be hidden behind a fake Adobe Flash update, Windows security alert or video codec component prompt. Trojans can also be hidden behind a tantalizing link or tease planted in a cleverly written email spam communication or on the friendly grounds of social networking platforms. Malware makers exploit legitimate processes to position their poisonous links atop popular search engine results pages, turning the Internet into an explosive landmine. The wrong step could land a PC user onto a compromised website housing a Trojan Downloader. 

Trojan Downloaders are different than other Trojan types because they are able to exact a drive-by attack or automatic download without further aid of its victim. Automatic download is made possible after the Trojan Downloader exploits scripting in the back-end of the compromised website. If the computer system of the web-page visitor (i.e. PC user) is not properly guarded, upon landing, the Trojan Downloader will automatically download malicious files without any further help or action of the victim.

Most malicious programs, Trojans included, are designed to stay resident and work in the background while the victim is none-the-wiser. Trojans are stealth and can make system changes comparable to that of an expert programmer or IT expert. Some behaviors or system changes you can expect include:

  • Opening of a two-way port to communicate with one or more command and control servers (C&C):
    • Interception of new instructions
    • Interception of more malicious programs to install and run, including a backdoor, keylogger or rogue security program
    • Transmission of stolen data:
      • Passwords, usernames, PINs, certificates, etc., stored in the browser cache
      • Email addresses stored on the hard drive or in HTML pages
      • System data identifying other vulnerabilities that could aid in future strategies and malicious attacks
  • A configuration file may be downloaded that changes the infected system as follows:
    • Adds registry keys, including one looping the malicious executable so it runs every time Windows is started
    • An algorithm may be run to seek and destroy files updating or running security programs and measures
    • Administrative controls disabled to inhibit those hoping to stop the attack
  • The browser will be hijacked so it can:
    • Block traffic to helpful malware removal sites and forums
    • Reroute traffic to malicious websites promoting purchase of fake online scanners and rogue security programs
    • Reroute traffic to arbitrary search engines that encourage click fraud and pay-per-click residuals for a cybercriminal

Payloads are dependent on the wishes of the malware maker or buyerm, and at a minimum, include one or more of the following:

  • Theft of data
  • Installation of more malicious programs, especially the opening of a backdoor to give a hacker remote access
  • Presentation of a rogue security program
  • Installation of a keylogger to capture keystrokes being entered into web-based forms, especially those of a financial nature

While some malware can be manually removed, malicious programs fortified by rootkit technology may warrant use of professionals, i.e. tools or IT personnel. Rootkit technology helps mask and bury malicious files in the root of the infected system where many antivirus programs cannot scan. Rootkit technology masks malicious files so they read the same as legitimate operating system files. Removing the wrong file could easily corrupt the hard drive and leave the victim staring at the blue screen of death (BSOD). 

In the absence of a proper alert or warning from a trusted scanning tool, weird system behaviors may be the only hint a malicious program or Trojan is aboard. Therefore, if your system suddenly runs slow, web pages freeze up or you are experiencing reroutes to unwanted URLs, these could all be signs of an intrusion. At any hint of an intrusion, you should grab hold of a reliable and stealth scanning tool to dig deep to uncover and annihilate found intruders, even the resistant ones.

Trojan Downloader List

Threat Name Severity Level Detections
BazaFlix
Carp Downloader
Chanitor 90 % (High) 586
CSPY Downloader
DOUBLEDRAG
DOUBLEDROP
Downloader-BWP
Downloader-CBG
Downloader-cew-auc88f8f761b11
Downloader.Agent2.BDGM 90 % (High) 276
Downloader.Ajuxery 70 % (High) 3
Downloader.AUO 90 % (High) 2
Downloader.Bancos!gen
Downloader.Blackbeard 90 % (High) 7
Downloader.Castov 10 % (Normal) 9,347
Downloader.Castov.B 70 % (High) 17,747
Downloader.Chepvil 80 % (High) 0
Downloader.Dashikut 20 % (Normal) 468
Downloader.Delphi 90 % (High) 0
Downloader.Drepitt 90 % (High) 947
Downloader.Dromedan 100 % (High) 7
Downloader.Eldorado.C 90 % (High) 63
Downloader.Generic14.HTD 70 % (High) 25,937
Downloader.Krakrues 80 % (High) 0
Downloader.Liftoh 50 % (Medium) 97
1 2 3 4 5 6
Loading...