Trojan (malware)

A Trojan, or Trojan horse, is a type of malware that masquerades as a benevolent computer file. Trojan horses are usually executable files that need to be manually run by a user to install themselves. For this reason, they rely on tricking unwary computer users into activating the executable file. Trojan horses may be used to take control of a machine, steal personal information, or spy on users. Some Trojan horses are extremely difficult to detect and remove with conventional antivirus software.

Background

The term malware refers to any computer program installed with malicious intent. Trojan horses, viruses, worms, adware, rootkits, ransomware, and spyware are all common types of malware. These programs spread by exploiting vulnerabilities in computer security systems or by tricking computer users into accidentally installing them.

While the various types of malware are commonly confused, they are distinctly different. A virus is malicious code that copies itself to spread to other computers. Viruses spread through any type of file to which they can attach themselves. A worm is malware that spreads automatically through computer networks. Adware is an unwanted program or application that forcibly shows computer users advertisements, including pop-up ads. A rootkit is malware designed to allow unauthorized users access to a victim's computer without triggering antivirus or other cybersecurity software. Ransomware is malware that forcibly encrypts a user's entire computer, permanently destroying irreplaceable files, unless the user pays a third party a specified amount of money. Spyware is malware designed to spy on a computer. It is frequently coupled with adware, which may then deliver targeted advertisements based on the user's search history.

Experts often advise that the best way to deal with malware is to be savvy enough to avoid downloading any in the first place. Never open suspicious email attachments, avoid untrustworthy websites, always ensure a computer's firewall is active, and only download files from reputable sources. However, even the most careful computer users will occasionally have to deal with an infected machine. In most cases, running antivirus, antispyware, or antimalware software will remove the infection from the system. If suspicious activity continues, however, computer users should contact a professional.

Overview

Trojan horses are a type of malware that deceives users into thinking they are downloading a benign or legitimate program. In some cases, Trojan horses come bundled with legitimate software to further disguise themselves. In other cases, a download's sole purpose may be to spread malware.

Most Trojan horses are installed by executable files. Executable files run a program or application when opened. They have specific, recognizable file extensions, including .exe, .vbs, and .bat. For a Trojan horse, the executable file's purpose is to install the malware on a person's computer. Hackers who design Trojan horses understand that knowledgeable computer users are wary of unexpected executables. For this reason, they often make the file name extremely long. Many email programs will shorten long file names, thereby hiding the executable's extension. Hackers may also add a different file extension into the file name before the executable extension, such as "FILENAME.TXT.exe." A quick glance at the file shows .txt, the file extension of a text file. However, computers only read the last extension in a file name, which marks the file as an executable rather than a text file.

In most cases, file formats such as .pdf and .txt cannot install viruses. However, hackers have learned to hide executable files inside these normally safe formats. Armed with these advancements, hackers have hidden Trojan horses in mp3 files, text files, Microsoft Office files, Adobe Reader files, video files, and image files.

Email is one of the most common ways Trojan horses spread. Many Trojan horses hijack a victim's email address, sending messages with an infected attachment to all the victim's contacts. Because the email appears to come from the victim, his or her contacts are more likely to open the email and download the infected attachment. Once someone new is infected, the process repeats.

Many email and messaging programs have a preview feature. This feature allows users to see a smaller or compressed version of an attachment without opening the file. While convenient, these preview features may allow an executable to install a Trojan horse on a computer. However, most programs with preview features have an option to disable this feature.

Trojan horses are spread for a variety of purposes. They may infect a computer with additional malware. They may steal login information for various accounts used on the computer, including bank or credit card logins. They may spy on computer users, recording their online activity. They may also modify or delete important files. In some cases, Trojan horses may even seize control of a computer, adding it to a network of such computers called a botnet. Botnets are commonly created by hackers in a distributed denial-of-service (DDoS) attack. DDoS attacks overload the server of an important website, rendering it inaccessible.

While some Trojan horses are easy to remove with common antivirus software, others may prove substantially more difficult. As with all malware, the most recent Trojan horses may not be detected by antivirus software. If the user can discover exactly which Trojan horse has infected his or her computer, he or she may be able to find detailed instructions for its removal online. Should that fail, his or her only alternative may be to reformat the hard drive of the computer. Reformatting removes all information from a hard drive, including any malware. The user will then have to reinstall his or her operating system and restore any lost personal information from backups. If the computer user cannot afford to lose any personal information stored on the computer, he or she may have to contact a malware removal professional for aid.

Bibliography

Baker, Kurt. "What Is a Trojan Horse?" Crowdstrike, 17 June 2022, www.crowdstrike.com/en-us/cybersecurity-101/malware/trojans/?srsltid=AfmBOooP9qy8MfzNs2a53F1e-V1JZmODq8jrmKrQBup58tuDbwx1‗goa. Accessed 24 Nov. 2024.

"Computer Virus Information." Webroot, 2023, webroot.com/us/en/home/resources/articles/pc-security/computer-security-threats-computer-viruses. Accessed 18 Jan. 2023.

Lord, Nate. "Common Malware Types: Cybersecurity 101." Veracode, veracode.com/blog/2012/10/common-malware-types-cybersecurity-101. Accessed 12 Oct. 2016.

"Trojan Horse Attacks." IRCHelp, irchelp.org/security/trojan.html. Accessed 12 Oct. 2016.

"What Are Viruses, Worms, and Trojan Horses?" Indiana University Knowledge Base, kb.iu.edu/d/aehm. Accessed 12 Oct. 2016.

"What Is Malware and How Can We Prevent It?" PC Tools, pctools.com/security-news/what-is-malware. Accessed 12 Oct. 2016.

"What Is Malware." Avast Software, Inc., avast.com/c-malware. Accessed 12 Oct. 2016.

"What Is Malware and How to Defend against It?" Kaspersky Lab, usa.kaspersky.com/internet-security-center/internet-safety/what-is-malware-and-how-to-protect-against-it#.V‗6kF‗krKM8. Accessed 12 Oct. 2016.

"What Is a Trojan Horse Virus?" Fortinet, 2023, www.fortinet.com/resources/cyberglossary/trojan-horse-virus. Accessed 18 Jan. 2023.

"What Is Trojan Horse Virus and How to Remove It Manually." Combofix.org, combofix.org/what-is-trojan-horse-virus-and-how-to-remove-it-manually.php. Accessed 12 Oct. 2016.