Trojan Horse Definition
A Trojan horse is a malicious computer program that presents itself as legitimate software. Also called as a Trojan, it hides malware in a normal looking file.
The term Trojan horse is based on the deceptive wooden horse that led to the fall of the city of Troy in Ancient Greek mythology. The city of Troy had robust defenses that could not be broken/ penetrated by the enemy. The enemies then plotted and built a massive wooden horse that contained soldiers within its body. Troy's gates were opened, and the horse was dragged into the city and then the gates were closed. At night, when the residents of Troy slept, the soldiers within the horse came out, opened the gates from within the city, and enabled their army to enter and destroy Troy.
The deceptive nature of this malware has led to it being defined as a Trojan horse.
How are Trojans Horses Spread
Cyber criminals employ social engineering to spread Trojans. Victims are tricked into clicking on malicious email attachments, which look harmless. On execution, the Trojan executes itself. Drive-by downloads are another popular way of spreading Trojans. In drive-by download method, the Trojan program automatically gets downloaded onto the device/ computer without the victim granting permission for the download. In many cases, the victim never becomes aware of the presence of the Trojan. Trojans can spread to other devices / computers that are part of the same network.
What does a Trojan Horse do?
A Trojan horse carries a malicious payload which may include a backdoor or ransomware. The backdoor would allow the controller of the malware to gain unauthorized access to system resources and data on the computer. It could allow downloading of more malware through the backdoor. Trojans help the controller to steal users' personal information such as passwords, banking credentials, and IP addresses). Cyber criminals use Trojans to carry out ransomware attacks, and the Trojans allow the controller to spy on the victim. Trojans can delete, block, copy and modify data, and affect the performance of the devices/computers.
Types of Trojans
- A rootkit is a sophisticated type of Trojan that provides remote control of the victim's device to the cyber criminal. Rootkits allow the victim's device to be used as part of a botnet.
- A Trojan-Banker is designed to steal account data for online banking systems, credit and debit cards.
- A Trojan-Ransomware prevents the correct running of the device. It encrypts data and demands a ransom for the decrypting code.
- Trojan-Spy Tprograms spy on the device when the victim is using your device/ computer
- A Trojan-FakeAV is dreaded malware that attempts to threaten the victim of the presence of a malware. It offers to remove malware for an amount, while in reality the victim's system is not affected.
In addition, there are other types of Trojans such as Trojan-Dropper, and Trojan-IM (Instant message) programs.
Comodo Advanced Endpoint Protection is the only antivirus solution that is able to block known Trojans, and automatically contain unknown, potentially malicious files within a sophisticated virtual container, till a verdict reached.
Examples of Trojan horse malware
Following are most famous examples of Trojan horses
Bitfrost - This is a type of Remote Access Trojan, created by the hackers with the intentions to infect Windows Clients by modifying components.
Tiny Banker - his was developed by cyber thieves to extract confidential banking/financial data, while their prime targets are banks and financial institutions.
Magic Lantern - This was created by the FBI to log and track the Keystrokes to aid with criminal surveillance
Zeus - This is the deadliest Trojan found to date. It is a crimeware toolkit that builds its own Trojan horse that includes polymorphic versions of Trojans, drive-by downloads, and form grabbing to extract critical and sensitive information of the victim.