Most of us know the story of how Greek soldiers got past the city gate of Troy by giving the Trojans the Great Wooden Horse. What they thought was a gift was in fact a war trap. Trojan horses are named after this sinister trap - and for good reason.
The Greeks used the horse to capture the city of Troy, and the digital Trojan horse is used by cybercriminals to capture your personal devices.
The definition of a Trojan horse
A Trojan horse or a Trojan is a type of malware. Like other types of malware, Trojans infect your computer and damage either your computer system, your data or your files. Like the Trojan horse of the Greek army, digital Trojan horses are also disguised as something else.
There are many different types of Trojans and they can have many different functions. Trojans can therefore damage your computer, files, sensitive data or personal information in several ways.
Trojans can steal your login details and passwords, they can read your keyboard entries, modify, delete or encrypt your data, and they can actually download even more malicious software to your system.
The difference between Trojans and viruses
Many people think that Trojans are a form of computer virus, but that's not true. Computer viruses can replicate themselves and spread to other systems, but a Trojan horse cannot. Depending on the type of Trojan, it is targeted and goes after something specific in or through the computer.
Many websites use the term "Trojan virus" when it should have read "Trojan malware".
How are Trojans installed?
The most common ways Trojans are installed on a device are:
- Through phishing. A user downloads an infected attachment or clicks on a link to the phishing website.
- A user visits a fake website. Either the Trojan horse is downloaded through a drive-by download or through a program the user downloads from the website.
- A user visits a legitimate website that is infected with malware code, e.g. cross-site scripting.
Types of known Trojans
- Bank Trojans: Bank Trojans are some of the most common Trojans. They target victims' bank account credentials and thus credit card information. Banking Trojans often reside on fake phishing websites where you can be tricked into entering your online banking password.
- DDoS Trojans: A DDoS attack bombards a website, server or network with so much fake traffic that it crashes. The attacks are carried out through botnets, which are networks of many computers infected with malware. This malware can consist of Trojans that reside on the computers. When the attack is about to happen, the cybercriminals activate the Trojans. These are the ones that send millions of fake requests to, for example, a website until the website's systems become overloaded and shut down.
- Backdoor Trojans: A backdoor Trojan allows an attacker to gain remote access to a computer and take control of its operating system using a "backdoor". The hacker can then, for example, delete files, reboot the computer or steal data.
- Downloader Trojans: A downloader Trojan targets computers that have already been infected with malware. It then downloads and installs multiple malware programs to the computer.
- Exploit Trojans: Exploit Trojans contain code or data that exploits specific vulnerabilities in a program or computer system. The hacker can get his victim to download the Trojan through phishing and then use the Trojan to exploit a known vulnerability.
- Fake antivirus Trojans: A fake antivirus Trojan masquerades as a legitimate antivirus software program. This type of Trojan is designed to detect and remove threats like a regular antivirus program and then extort victims for money to remove threats that often do not exist.
- Infostealer Trojans: This is a type of malware that is either used to install Trojans or prevent the user from detecting the existence of a malware program. Infostealer Trojans are often difficult for antivirus programs to detect.
- E-mail Trojans: These Trojans aim to steal e-mail addresses that have been stored on a computer.
- Ransomware Trojans: Ransomware Trojans attempt to degrade a computer's performance or encrypt data on the computer so that the user can no longer access or use it. The hacker will then demand a ransom to unlock the computer or decrypt the data.
- Rootkit Trojans: A rootkit is a type of malware, hiding on a user's computer. Its purpose is to prevent malicious programs from being detected, allowing malware to remain active on an infected computer for an extended period of time.
- SMS Trojans: An SMS Trojan infects mobile devices and is capable of sending and or blocking SMS messages.
- Spy Trojans: Spy Trojans are designed to reside on a user's computer and monitor a user's activity. This includes monitoring keystrokes, taking screenshots, accessing the apps being used and tracking login credentials.
How to detect Trojans?
A Trojan horse can often reside on a device for months without the user knowing that their computer has been infected. However, there are a number of signs that your computer is infected with a Trojan horse:
- Pop-up ads appear on your computer, often warning you that there is a virus on your computer.
- Some programs have difficulty running or cannot run at all.
- Your computer slows down and shuts down spontaneously.
- There are suddenly programs on your device that you didn't install yourself.
- When you try to access a website, you are redirected to a suspicious website.
- Your default browser is replaced without you having changed it.
How to remove a Trojan horse
Start by disconnecting from the Internet.
Restart your computer.
Review the programs and apps running in the background and remove any you don't know about or haven't installed yourself.
Do a full scan of your computer with an antivirus program.
Protect yourself from Trojans
All the Trojans mentioned in this blog post have in common that they can only be downloaded onto a device with the user's help. Therefore, you can avoid Trojans if you pay attention to your behaviour when using the web.
You can protect your personal devices from Trojans by following these tips:
- Update your computer regularly. Always make sure to download the latest security updates for your device as soon as they are available. Hackers are constantly trying to find security holes in undated software.
- Never click on suspicious links or attachments in emails or text messages. Phishing attacks are one of the most common ways to get Trojans installed in your device's system. So never click on anything you don't know or find suspicious.
- Avoid third-party downloads. All downloads are a potential threat. Websites, ads and messages that contain automatic downloads sometimes contain Trojans. Avoid clicking on banners and think carefully before allowing any downloads.
- Use antivirus software. Although security software is often included in most programs today, always use additional antivirus and anti-malware software.
- Don't visit unsafe websites. If you're on a website that suddenly pops up a bunch of pop-up ads, it might be a fake website created by hackers.
- Scan external devices before connecting them to your device. Trojans can reside on external devices such as USB sticks or hard drives. Always scan external devices before connecting them to your device. It's also a good rule to never use external devices that you don't know the origin of.
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.