Trojans

The Trojan horse, also known as Trojan, in the context of computing and software, describes a class of computer threats (malware) that appears to perform a desirable function but in fact performs undisclosed malicious functions. These functions allow unauthorized access to the host computer, giving them the ability to save their files on the user’s computer or even watch the user’s screen and control the computer.

Trojan horses (not technically a virus) can be easily and unwittingly downloaded. For example, if a computer game is designed such that, when executed by the user, it opens a back door that allows a hacker to control the computer of the user, then the computer game is said to be a Trojan horse. However, if the computer game is legitimate, but was infected by a virus, then it is not a Trojan horse, regardless of what the virus may do when the game is executed. The term is derived from the classical story of the Trojan horse.

A computer Trojan is full of trickery like the mythological Trojan horse in which it was fashioned and named after. According to Greek mythology, it would be an illusory act of kindness that would bring about the destruction of Troy, ending a 10-year siege. Thinking the wooden Trojan Horse abandoned outside its city’s wall a gift, the people of Troy brought about ‘their own demise’ by inviting or pulling it inside their fortified gates. Surprisingly, the Trojan Horse was hollow and full of malice, Greek warriors who awaited an appointed and vulnerable time to attack.

Computer Trojans use a similar blend of simple and complex strategies to unleash an attack:

  • Presenting themselves as helpful programs or tools to get PC users to let down their guards
  • Getting PC users to basically invite the Trojan inside by clicking and downloading their venomous programs and files
  • Attacking a system when it is vulnerable by exploiting holes or openings in software, hardware, human behavior or legal business practices
  • Using stealth warheads and techniques to launch a vicious attack

Trojans are well trained warriors and can inflict a lot of damage in a small amount of time and the longer they are allowed to fester undetected, the greater the damage and risk. They usually work quietly in the background while the victim works and is none the wiser their system has been infiltrated.

The Internet security community classifies malware by their ghastly deeds or malicious intent. As mentioned earlier, Trojans can be charged one or more payloads and therefore, can be multi-skilled or talented. Below are a few techniques a Trojan may display:

  • Backdoor – use of a remote assistance tool to give a hacker unbridled access and control of an infected PC, helping to distribute a DNS attack or launch a mass email spam campaign
  • Browser hijacker – edit host or DNS files or establish its program as a proxy to control web traffic and arrange a two-way portal
  • Dropper – known to transport or download other malicious programs onto infected machine
  • Keylogger – captures keystrokes to steal passwords, usernames, PINs, certificates, or any other vital data, usually of a financial nature
  • Wiretap – targets specific Skype accounts and intercepts calls before audio is encrypted
  • Surveillance – spy on surfing habits and report findings to a remote server so a hacker can sell this data to an unscrupulous advertiser, who orders up an assault of pop-up advertisements
  • Collector – steal data stored in a browser’s cache, being entered into web-based forms, system log data to help plan future attacks, or email addresses stored in html files or in an email account
  • Downloader – with the aid of a Trojan Injector, a Trojan Downloader can be housed on a malicious or compromised PC and upon a visit, can ‘jump down’ and immediately infect the PC
  • Injector – a Trojan injector usually exploits Javascript or programming code on a poorly constructed or outdated web page so it can aid the payload of a Trojan Downloader
  • Fake AV – simulate a security breach to get a victim or PC user to buy and download its full-versioned program, a rogue security program incapable of actually protecting a system by blocking or removing viruses.

A well built Trojan program can reconfigure a system and make changes comparable to that of an expert programmer and may arrange the following defense mechanisms:

  • Modifying a registry and making service entries, including one that will embed its venomous executable in an infected system’s OS so it runs simultaneously or every time it is started
  • Edit files by injecting infectious script into legitimate programs so its malicious program runs without interference or prying eyes
  • Edit files by moving them. For instance Trojan will hide out in a system kernel and monitor scan activity so it can ‘move’ its files to avoid detection
  • Edit files by deleting them. Trojan will run an algorithm to find and delete any files running or updating security programs, especially weaker antivirus or antispyware tools
  • Add its venomous program to the approved programs listing to bypass the firewall
  • Edit files by renaming them. Trojan will borrow or assume the filenames and extensions of legitimate files to counter combative efforts by the Internet security community, such as definition updates
  • Disable administrative controls like Task Manager to thwart attempts at stopping its process from running

Trojans don’t always work alone; sometimes they solicit the help of another malicious program or tool:

  • May use a worm or virus to travel or propagate over the Internet and gain entry onto a poorly protected and vulnerable PC
  • May use rootkit technology to hide or mask infectious files in a system kernel, BIOS, or MBR
  • May use polymorphic coding to help it mutate and change its graphics (i.e. interface) or filename based on the OS it evades. This is usually done when a Trojan engineers a rogue security program, a fake antivirus program using false negatives and positives to scare a PC user into buying fraudulent software
  • May work with a ‘Bot’ to turn your system into a zombie or robot, which is a computer compromised by a hacker to use its resources, i.e. launch a DNS attack, mass email spam campaign, mine Bitcoins. Note: Bitcoins are part of an underground currency system.

Basically, Trojans are the greatest cons or chameleons known to the digital world and may come in the form of:

  1. Fake Adobe Flash update
  2. Fake codec component
  3. Fake antivirus or antispyware program or tool
  4. Fake scanning tool
  5. Fake Microsoft Security Essentials (MSE) alert
  6. Adware, for example:
    • IQ tests
    • Daily psychic reports
    • Daily weather reports
    • Jazzy toolbars
    • Specialty plugins
    • Screensavers
    • Computer games
    • Emoticons

Malware is often cloaked inside the legitimate download of freeware or shareware and hidden behind adware courtesy of some ambiguous end-user license agreement (EULA). Other traps where Trojans are cleverly hidden or placed include:

  • On the search results pages of popular search engines, i.e. Google, in the form of a dubious link promoting sale of a rogue security program.
  • On a compromised or malicious website. Cybercriminals are reaping ill-gotten pay-per-click residuals from advertisements on malicious websites or arbitrary search engines.
  • Email spam.
  • Friendly environment of social networks.
  • Savory websites, i.e. porn or gaming sites.
  • iTorrent or warez websites.

Trojans have become landmines waiting to explode into something sinister in hopes of achieving the evil mission of its malware creator. Some security reports indicate computer Trojans as accounting for 83% of malware attacks around the world. It is no surprise that reports contribute to this increase to human behavior, since many PC users have not properly secured their systems and too remain quick to click on dubious links that explode into something malicious.

Gone are the days when viruses, including Trojans, only annoyed its victims, i.e. PC users, by pulling silly pranks, i.e. change the desktop screen, add or delete icons, freeze the keyboard, etc. Trojans are viral warheads and not only can cripple your finances by stealing vital data, but too can destroy files or use your computer to harm others.

Most Trending Trojans in the Last 2 Weeks

# Threat Name Severity Level Alias(es) Detections
1. Storm-0501 Threat Actor
2. ShellTea
3. Packed.Win32.Katusha.e
4. Trojan-Clicker.Win32.Stixo.d
5. VirTool:Win32/VBInject.gen!DQ 80 % (High) Trj/Agent.NPK
Dropper.Generic2.DRM
Trojan.Win32.VBKrypt
4
6. Trojan.Kolbot 80 % (High) BKDR_IRCBOT.SMZL
Trojan.Adclicker
Trojan.Win32.Generic!BT
7. Trojan.BHO fsharproj 90 % (High)
8. Trojan Horse PSW Generic9.UCX 20 % (Normal) 40,930
9. Trojan horse PSW.Agent.ARMV
10. Troj/ST2012V-A 20 % (Normal)
11. Trojan.Komodola 90 % (High) 8
12. PE_EXPIRO.JX-O 80 % (High) 4
13. Powload
14. Exploit.Comele.A 80 % (High) 4
15. HAWKBALL
16. Trojan.Bankpatch Virus:Win32/Alvabrig.B
17. Trojan.Click 90 % (High) Suspicious file
Artemis!0303885F0914
Trojan.Click
10
18. Trojan.Gromp.b 90 % (High)
19. Smitfraud 80 % (High) Generic26.ZUH
Trojan/win32.agent.gen
TR/Kazy.48076.5
21
20. Trojan.Win32.Inhoo Mal/Generic-A
Packed.Win32.Krap.b
Trojan.Packed.NsAnti
21. Trojan.RogueAV.a.gen 100 % (High) TROJ_FAKEAV.TAM
SecurityToolFraud
a variant of Win32/Kryptik.DNY
22. Not-a-virus:Client-SMTP.Win32.JMail.45
23. PWS:Win32/Fignotok.A 80 % (High) Trojan.DownLoad2.50983
Win32.TRSpy
Trj/OCJ.C
8
24. TROJ_AZAH.A
25. Adload_r AKC
26. Trojan.Win32.Agent.fyny
27. Trojan.Bootlock
28. PortScan-ScanLine
29. Backdoor-CEP.gen.r
30. Trojan.Tropid!rts 80 % (High) Artemis!6D45E7D80AAB
Artemis!583B2BE0E8AF
PUA.Tool.Nirsofer.NirCmd
19

Last updated: 2024-10-15

Loading...