Trojan - The New Old Threat
What is a Trojan
Originally, the phrase “Trojan horse” has its roots in history and until now we use it in our conversation. The meaning of the mentioned phrase is in that something looks just fine and innocently, but, in fact, can cause real damages. A Trojan virus (or just Trojan) is a file that looks quite harmless, but it is very dangerous. Although they have appeared just recently, they ruggedized in our life and overshadowed that famous wooden horse from the remote past with own reputation. In 1997 the first cases of creating and spreading Trojan programs (they stole access passwords to the system AOL in the United States of America) were documented. In 2002-2004 the size of a big epidemic spreading of Trojans reached China, Japan and Southern Korea. It was demonstrated in mass thefts of personal data from online games, spamming, DDoS attacks. For some period of time it became possible to use computer worms for delivering and installing Trojan viruses on computers of victims. The most known epidemic of spreading Trojans with Mydoom and Bagle worms was in 2004. In March 2007 the Trojan program Penetrator saw the light; Penetrator caused damages to thousands of computers and networks of state offices and institutions. About fifty thousands of users of the Russian famous network VK could not log into own accounts in summer 2013, because they became victims of used Trojan.Rpc Tonzil by cheaters.
The Trojan term came from history
The Trojan program – is malicious software spread by people in contrast to viruses and worms that are spread by themselves. Trojans put masks of harmless or useful programs, so that the user could install them on his computer. It is accepted that Daniel Edwards from the NSA was the first man who used this term in a context of computer security in his report “Computer Security Technology Planning Study”.
Trojans are the simplest type of malicious programs, and complexity of those programs depends on complication of a real task and means of concealment. The most primitive Trojan horses (for example, those that can delete disk content when starting) can contain a source code just on few lines.
What problems do Trojans can cause?
This program can do the following acts:
- Data removal
- Data interlock
- Data modification
- Data replication
- Slow down computer work and networks
How these viruses show themselves in a working environment?
- Periodically your computer freezes or reboots
- Disruption of the PC or the laptop
- Disconnection of USB ports
- A keyboard layout stops working
- Website pages in the Internet are being opened slowly
- Loss of money from WebMoney or other Internet wallets
- Iframe with a virus is being written on your index.php or index.html websites
- There are unknown banners with adult content which are impossible to get rid of
- The virus infected a flash drive
- After the system loading you notice only an empty desktop
- Criminals ask to send SMS in return of getting access
All of these problems can happen with anyone. Thus, better to take care not to get a Trojan into the system.
Types of Trojan horses
Trojans are classified according to the type of conducted acts on the PC. Let’s look at them:
Backdoors - This type gives hackers control over infected computers. Such programs give their authors opportunities to perform actions on the infected machine such as sending, receiving, opening and removing of files, data presentation, computer rebooting. Backdoors are widely used to combine computer victims into a botnet or a zombie network in order to use them for the criminal purpose.
Exploits - These Trojans consist of data or a code that uses vulnerability of programs which work on the computer.
Rootkits - Rootkits are designed to hide some objects or actions in the system. More often than not, their main goals are to prevent revealing of malicious programs to prolong working time of this software on the damaged computer.
Trojan-Bankers - Bankers are oriented on stealing registration details of Internet banking systems, systems of electronic payments or debit cards.
DDoS Trojans - These instruments are used for enforcement of attacks called “Denial of Service” (DoS) when using target web addresses. As a result of such onset, the system with a specific address gets a huge amount of requests, from infected computers, that can cause its surcharge and it can also lead to denial in servicing.
Trojan-Downloaders - Trojan-Downloader programs are able to download and install new versions of malicious software, for example, Trojan and ad programs on the computer victim.
Trojan-Droppers - Hackers exploit these programs in order to install Trojan tools and/or viruses, or prevent revealing of harmful codes. Not each antivirus is capable of detecting all parts of Trojan programs of this type.
Trojan-FakeAVs - Trojan-FakeAV type imitates performance of antivirus software. They are created to claim money from users in exchange for a promise to discover and delete threats, although such threats, that they inform us about, do not exist at all.
Game Trojans - These Trojans steal information on participant accounts of online games.
Trojans-IM - Trojan-IM steals logins and passwords for flashy messaging instruments, for example, Skype, AOL Instant Messenger, ICQ, Yahoo Pager and so on.
Trojan-Ransoms - Trojans of this type are able to change information on the PC and, thus, your machine cannot work properly or you do not have a chance to use some data anymore. A miscreant promises to help in retrieve of computer work only if a requested amount of money has been paid.
Trojan-SMSs - These programs send text messages from your mobile phone to premium charge numbers spending your own funds.
Trojan-Spies - Trojan-Spy can secretly watch over computer usage, for instance, by monitoring data that was typed from your keyboard or taking photos of the screen and getting the list of active used programs.
Trojan-Mailfinders - Such tools can collect addresses of e-mails from your PC.
There are also other types of Trojan programs such as:
Trojan programs are spread by people – exclusively downloaded in the computer system by inside criminals, and Trojans stimulate users to download and install them on PCs.To reach the last one, hackers place their malicious software on open or indexable resources (file servers and file sharing systems), carriers of information, or send them with the help of a message handling service (for example, by e-mails); moreover, Trojans can invade into the computer through security flaws or downloaded by users from addresses got from one of above mentioned methods. Sometimes usage of Trojans might be a small part of a planned multiphase attack on specific computers, networks or resources.
Trojan programs can imitate a name and an icon of existed, nonexistent or just good-looking programs, components or data files (for instance, pictures) both for starting by the user and for masking own presence in the system. Trojans can simulate or even completely fulfill the task for which they put a mask (in the last case the harmful code is built into the existed program).
Protect your system
In general, Trojan viruses are detected and deleted by antivirus and anti-spy programs in the same way as other harmful software.
It is much harder to disclose Trojans by contextual methods of antiviruses (based on a search of famous programs), because their distribution is controlled better, and examples of such programs with a huge timeout arrive to antivirus professional developers than self-spread bad codes. However, heuristic (a search of algorithms) and proactive (tracking) methods are also effective for them.
Deletion of Trojans
In case if you want to know how it is better to react on Trojans presence, we can tell you what you should do.
First of all, it is necessary to start computer antivirus scanning and fully check all hard disks for possible threats. You need to do that in the safe mode, but before that you are advised to start “Loading of last-known-good configuration”, perhaps, there are no viruses and only a system failure happened. To choose the safe mode in Windows you should press F8 key before the operating system is loaded, and after that on your monitor will be a menu where you have to choose “Safe mode”. Here also you can try to start “Last-known-good configuration”.
After choosing the needed option “Safe mode”, Windows will be loaded, but most drivers and programs will not be loaded that can help to check carefully all files for virus presence. The thing is that in the regular mode the antivirus program is not able to scan some files that now are used by Windows.
Which utility is better for scanning?
If scanning with installed antivirus tools did not bring desirable results, you need to download any free utility and scan the system in the safe mode one more time. While conducting system cleaning, you will definitely find something.
Cleaning of autoloading
To continue system cleaning, press Start and then Complete, and type the word “msconfig” in the appeared window. You will see startup of the “System setting” program on the screen; then move to “Autoloading” and pay attention to suspicious objects marked with a tick. In the “System setting” window you will notice viruses that were uploaded during loading.
Suspicious lines and their examples:
- Empty lines with a tick
- This sign * means all files in one folder
Nearly in this way you can find out about loading of a dangerous object. If you are confident that there is a program – which you do not install – in the objects list, in this case delete a tick right away.
Cleaning of other objects
For deeper disk cleaning it is necessary to delete all system restore files where different viruses and Trojans can be, delete temporary files of the Internet, clean the folder called temp. Usually, you can use special programs to clean the computer from gibberish, for example, “Ccleaner”.
Those are not all ways to remove different types of Trojans from the system. For each case there are special instruments that must be used.
Remember these steps
Taking into account an increasing number of cyber threats and constant improvement of malicious programs, question of present interest for data and computer protection is still currently central. Now we will share ways to preclude Trojan appearance on the PC.
1. Promptly update your operating system. Any OS is not secured from problems, that’s why developers always work on their detection and fixing.
2. Install antivirus software from the company with good reputation that has already recommended itself in the IT world.
3. Ignore electronic letters from unknown senders. Do not risk opening attached applications to them.
4. Do not be tempted by free software from non-checked sources.
5. Analyze possible risks when moving to the link from ad banners. Refuse visiting websites with disputable reputation.