A trojan (or trojan horse) is a malicious computer program that is disguised as a harmless application or is secretly integrated into legitimate software. It usually carries a destructive payload. A trojan gets silently installed and hides from the user. These parasites are very similar to the regular viruses and therefore are quite difficult to detect and completely disable. Originally trojans were not intended to replicate by themselves. However, some recent threats have additional components, which enable their propagation. The trojan’s payload varies depending on its author’s intentions. It usually provides the attacker with unauthorized remote access to a compromised computer, infects files and damages the system, drops other dangerous parasites or steals user sensitive information. Navigate to trojan parasites
Several trojans are able to propagate themselves and infect the system without user knowledge. Others must be manually installed as any other software with or without user explicit consent. There are five major ways unsolicited parasites can get into the system.
1. Many trojans are distributed by e-mail, through file sharing networks and online chats (such as ICQ, AIM or IRC). They arrive in files attached to e-mail and instant messages, come embedded into letters or get downloaded using peer-to-peer applications. These trojans have unsuspicious names and therefore trick a user into opening or executing them. Once the user opens such a letter, message or file the trojan silently installs itself to the system.
2. Some trojans can get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their authors run insecure web sites filled with malicious code or distribute unsafe advertising pop-ups. Whenever the user visits such a site or clicks on such a pop-up, harmful scripts instantly install a parasite. The user cannot notice anything suspicious, as a threat does not display any setup wizards, dialogs or warnings.
3. Trojans sometimes get installed by other parasites like viruses, worms, backdoors or even spyware. They get into the system without user knowledge and consent and affect everybody who uses a compromised computer. Some threats can be manually installed by malicious computer users who have sufficient privileges for the software installation. Very few trojans are able to spread by exploiting remote systems with certain security vulnerabilities.
4. Some trojans are already integrated into particular applications. Even legitimate programs may have undocumented functions like remote access feature. The attacker needs to contact a computer with such software installed in order to instantly get full unauthorized access to the system or take over control over certain program.
5. Lots of trojans infect particular system and software files. The user may receive such files from trusted sources. Once such a file is executed, a trojan quietly installs itself to the system.
Widely spread trojans affect mostly computers running Microsoft Windows operating system. Less prevalent threats are created to work on other popular platforms.
- Infects, corrupts, overwrites or deletes files, essential system components and installed applications, destroys the entire system by erasing all critical files or formatting hard disks.
- Steals bank account details, credit card numbers, login names, passwords, valuable personal documents, identity data and other user sensitive information.
- Tracks user activity by logging names of launched applications, exact time of certain event occurrence and other specific information.
- Logs each keystroke a user types on a computer’s keyboard and takes screenshots of user activity.
- Sends all gathered data to a predefined e-mail address, uploads it to a predetermined FTP server or transfers it through a background Internet connection to a remote host.
- Silently installs a backdoor or activates its own component with the same functionality, which allows the remote attacker to take over a control over a compromised computer.
- Drops other dangerous parasites.
- Performs Denial of Service (DoS) or other network attacks against certain remote hosts or sends out excessive amount of e-mail messages in order to flood predefined computers.
- Installs hidden FTP server that can be used by malicious persons for various illegal purposes.
- Rapidly terminates active antivirus, anti-spyware and security-related software processes, disables essential system services and prevents standard system tools from running.
- Blocks access to some reputable web sites and security-related resources.
- Serves undesirable commercial advertisements and displays pop-ups.
- Degrades Internet connection speed and overall system performance, decreases system security and causes software instability. Some parasites are badly programmed, they waste too much computer resources and conflict with installed applications.
- Provides no uninstall feature, hides processes, files and other objects in order to complicate its removal as much as possible.
There are thousands of different trojans. The following examples illustrate how functional and harmful trojans can be.
The Secup trojan displays fake security related messages. When the user clicks on such a message the trojan opens malicious web site that quietly installs potentially harmful software. Secup also serves undesirable commercial advertisements.
Dmsys is a dangerous trojan that specializes in infecting various instant messengers and stealing user confidential information. By using its keystroke logging technique, Dmsys easily steals user passwords and captures private conversations. This information is written into a log file, which is then sent to the hacker.
The Viruscan trojan is disguised as an effective antivirus application, that's why a lot of inexperienced users may mistakenly run it on their computers. Once executed, the parasite starts damaging critical systems components, instead of searching for viruses.
ExeBug is a trojan that infects and corrupts executable files by changing their headers and contents. These actions may lead to improper working of many applications and the system instability in whole. ExeBug usually sneaks into the system from various Internet resources such as insecure web pages or peer-to-peer networks.
Pandora is a very dangerous and extremely destructive parasite, which usually gets into the system from insecure Internet resources, file sharing networks or online chats. It silently works in background waiting for the specified date to run its payload. On the specified date, Pandora attempts to destroy the entire system by formatting the main hard disk or deleting several critical system folders such as Windows or Program Files.
AceBot is a tremendous backdoor trojan, which was designed for performing a lot of different destructive actions. The parasite detects, terminates and totally disables running antivirus software installed on the target computer. AceBot also connects to the IRC network and uses it for giving the hacker a remote control over the compromised system. Moreover, the trojan is able to connect to various malicious servers and download other harmful parasites from there.
Trojans work in the same manner as the regular computer viruses and therefore can be found and removed with the help of effective antivirus products like Symantec Norton AntiVirus, Kaspersky Anti-Virus, McAfee VirusScan, eTrust EZ Antivirus, Panda Titanium Antivirus, AVG Anti-Virus. Some advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive parasite signature databases can also detect and remove certain trojans and related malicious components. Powerful anti-spyware solutions such as Microsoft AntiSpyware Beta, Spyware Doctor, Ad-Aware SE, SpyHunter or eTrust PestPatrol are known for quite fair trojan detection and removal capabilities. Several products such as TDS (Trojan Defence Suite) or TrojanHunter are designed specially to detect and remove various trojans.
In some cases even an antivirus or spyware remover can fail to get rid of a particular trojan. That is why there are Internet resources such as 2-Spyware.com, which provide manual malware removal instructions. These instructions allow the user to manually delete all the files, directories, registry entries and other objects that belong to a parasite. However, manual removal requires fair system knowledge and therefore can be a quite difficult and tedious task for novices.