A Trojan virus is a piece of software designed to look like a useful file or software program but performs a possibly nefarious function once installed on a client computer. The virus takes its name from the “Trojan Horse” from Greek mythology setup outside of the city of Troy. Trojan horse viruses differ from other computer viruses in that they are not designed to spread themselves. Instead Trojan horse malware is either delivered as the payload of another virus or piece of malware or through manual end-user action by downloading infected files or inserting infected drives into a computer. Once a computer is infected with a Trojan virus, the malware can be designed to steal end-user information, perform destructive harm on the target computer, or even download additional computer malware. Trojan horse viruses comprised more than 80% of all computer malware detected in the world over the past year and the number continues to grow.
What are the Components of a Trojan Virus?
A Trojan virus will normally consist of a server and client component. The client component is the portion of the malware that infects the end-user’s computer. Once established or executed, the virus can be designed to establish a certain level of control over the infected computer. Based on the desired purpose of the malware author, the client Trojan can deliver additional malware components such as a key logger, spyware, or perform destructive features on the computer.
How Do Trojan Horse Viruses Spread?
Trojan viruses can infect client computers in several ways. One of the most prevalent means of infection is through email attachments. The malware developer will either use a broad email list to spam the virus to a large number of people disguised as a potentially useful attachment or even pornography. Once the user opens the file it will then infect their computer. More recently, targeted spam called spear phishing has been used to target high visibility personnel in business and in government. The same technique of spoofing someone they individuals may know or pretending to be a useful email attachment is used, just with a higher profile potential target set. Another common method used to distribute Trojan viruses is via instant messenger programs such as Skype or Yahoo Messenger. Finally, another well-known technique is to send copies of the virus to all contacts listed in the address book(s) found on the computer after infection.
What Type of Damage Can Trojan Viruses Do?
Typically a Trojan virus will be designed to provide some form of remote access to a hacker or criminal on an infected computer. Once the Trojan virus has been installed the hacker will be able to perform tasks on the computer based on the user’s account privilege level. Some of these actions could be: to steal the user’s login and password data, credit card information, or bank account data; using the computer to conduct a denial-of-service attack against another user, company, or organization; installing other software to include additional computer malware; download or upload files on the user’s computer, log keystrokes or take screen captures of sensitive websites; crash the user’s computer; and to web surf in an anonymous fashion. Hackers do not have to directly distribute Trojan viruses; however, as many of the better known malware is designed to infect a computing system and respond to remote commands from hackers who did not originally deploy the malware. The hacker can conduct a scan of computers on a target network and once finding computer’s infected with the desired Trojan virus issue follow-on commands to control the computer.
What Are the Types of Trojan Horse Viruses?
In recent years, Trojan horse viruses have significantly advanced in their complexity, methods of infection and payload. The categories currently used to define the different variants of Trojan viruses include: remote access, password sending, destructive, key loggers, password stealers (or senders), denial of service, proxy, FTP, software detection killers, and Trojan downloaders.
What Does a Remote Access Trojan Virus Do?
A remote access Trojan virus remains the most encountered Trojan in the wild. This virus will give the hacker/attacker full control over the targeted computer equivalent to the user’s permissions. Once access is gained to the computer, the hacker can then access any personal information the user has stored on their computer to include logins, passwords, credit card numbers, financial statements, and other personal information. Many times, this information can then be used to steal the individual’s identity or to apply for credit card/banking information in the person’s name.
How Does a Password Sending Trojan Virus Work?
When a computer is infected by a password sending Trojan virus, the malware will search for all cached passwords and copy those that are entered by the end-user. At preset or scheduled points the Trojan will send the collected information to a preset email or collection of email addresses. These actions are performed without the end-user’s knowledge and the Trojan is particularly dangerous for computers that are not running any type of antivirus software. All types of passwords are vulnerable to this attack to include secure websites, email services, FTP, and instant messaging programs.
Key loggers are a variant of Trojan virus that is designed to record the keystrokes on an infected computer and then send the log files to a remote server or email account. The more advanced key loggers are capable of searching for login and password data and other pre-programmed personal data in the log files to reduce the overhead of the information sent to the remote hacker. Some key loggers are able to record their information online, where the ones that are designed to send the data via email record information offline. To avoid detection, the offline recording Trojan key loggers will send information or daily or longer intervals based on the configuration set by the malware author.
What Do Destructive Trojan Viruses Do?
A destructive Trojan virus’s primary purpose is to delete or remove files on the targeted computer. They are designed to attack the computer’s core Operating System files but can also be programmed to remove data. The more sophisticated destructive Trojan viruses will be programmed to attack based on a certain date or logic requirement being met. They can be used in blackmail attempts, although this use is not widely reported (yet).
What Is a Denial of Service Attack Trojan Virus?
A denial of service (DoS) attack Trojan virus will be designed to use the infected computer as a bot to attack another web server or computer. Combined with other computers that are infected, the Internet connection for the attacked computer can become too busy to allow regular users to make use of the site. A variation of this Trojan is the Mail Bomb Trojan virus which is designed to infect as many computers as possible while sending potentially malicious emails to all addresses found on the targeted machines.
How Does a Proxy Trojan Work?
A proxy or Wingate Trojan virus is designed to make the infected computer act as a Wingate or proxy server. As a result of the infection, the targeted computer can then be used by other to surf the Internet in an anonymous fashion. This is normally used to conduct other illegal activities such as using stolen credit cards to access pornographic websites, shop online, or purchase other websites or domain names.
What is a FTP Trojan Virus?
A FTP Trojan virus is one of the most basic Trojan viruses in the wild and is one of the most outdated. The primary purpose of the malware is to open port 21 on the infected computer. Once opened, anyone can then connect to the computer using the FTP protocol. For the more advanced versions of this variant of Trojans password protection is enabled so that only the hacker can gain access to the infected machine.
What Are Software Detection Killer Trojans?
A software detection killer Trojan virus is commonly used in conjunction with other computer malware such as scareware. The purpose of this variant of Trojan virus is to disable known antivirus and computer firewall programs. Not only will they disable installed versions of known computer security software, but the Trojan will also preclude installation of new security programs that are well-known. Once they are active, other computer malware can be bundled with the Trojan in order to perform additional malicious tasks.
What is a Trojan Downloader Virus?
A Trojan downloader virus is a fairly recent development over the past several years. This version of Trojan is designed to infect a target computer in a similar manner to other Trojan viruses. The sole job that a Trojan downloader does on the infected computer is to download additional computer malware onto the infected computer. Some Trojan downloaders can also be used to grant remote access to the target machine to a remote server or individual as part of their work.
