Home / Articles / Security / What is a Trojan Horse? Trojan Virus Explained

What is a Trojan Horse? Trojan Virus Explained

From ancient Troy to your personal computer, beware the Trojan Horse. According to legend, Greek warriors used a wooden horse that was thought to be a gift from the gods to trick and infiltrate the city of Troy. The trojan horse of today however comes in the form of a malicious computer virus – one that hides in something thought to be a useful program. 

What is a Trojan Horse Virus?

A Trojan Horse Virus often disguises itself as a legitimate piece of software that tricks the user by using typical naming conventions, the same file name, and a plethora of other different variations. It could even hide in a seemingly innocent email or file download. 

Just like the gift horse left outside the gates of Troy, trojan horse viruses appear to be functional and interesting to an unsuspecting victim but are harmful and open an unexpected backdoor into the user’s program. 

With a simple click or download, the program embedded in the virus transfers malware to the victim’s device. This malware contains malicious code that can execute whatever task the attacker intends. Once a trojan horse is transferred and activated, it can negatively impact the performance of the user’s computer and put the victim at risk in a variety of ways.

With backdoor control of the user’s device, the attacker can record keyboard strokes, steal sensitive user data, download a virus or worm, encrypt user data, and even extort money.

Other capabilities would be activating a device’s camera and recording capabilities or turning the computer into a zombie computer to carry out fraud or illegal actions.

It should be noted that a trojan horse cannot manifest itself. It has to be downloaded by the user on the server-side of the application. Meaning the user has to actually download the file and install it willingly, unbeknownst to the actual content of the file. And the user must implement this executable file (.exe file) onto the computer or device in order for the attack to commence. So, that is where the trickery lies—making users think they’ve downloaded something useful. This is usually done through social engineering. 

Social engineering tactics manipulate end-users to download malicious applications on the web. They usually can be found in banner ads, website links or pop-up advertisements, emails, and downloads. 

Typical behaviors of a trojan horse virus are unusual behaviors, like excessive pop-ups, loss of keyboard and mouse control, and unexpected changes to the computer’s desktop resolution, color, and orientation.

The number of Viruses, Worms, and Trojan Horses (in millions) has increased from 2007 to 2017.

As trojan horse viruses are becoming more of a threat to unsuspecting victims, knowing the types of Trojan Horse viruses and how to remove them is key.

Types of Trojan Horse Virus

Trojan horses are broken down into categories based on how they breach systems and the damage they cause. Here are some of the common types of trojan horse viruses:

1. Remote Access Trojans

Abbreviated as RATs, Remote Access Trojans allow attackers to gain access to the victim’s entire system remotely. Using a command and control channel, RATS will steal data and other valuable information from the victim. RATs usually hide in emails, software, and even games.

The threat of RATs are different based on the level of access the attacker gains. This is what essentially determines what they can accomplish during a cyberattack. For example, if a RAT is able to exploit an SQL injection within a system, the attacker can only steal data from the vulnerable database, whereas, if a RAT can implement a phishing attack, then it may result in compromised credentials or installation of malware

RATs often have the same functionality as legitimate remote system administration tools like TeamViewer or Remote Desktop Protocol (RDP), making them harder to detect and even more dangerous. Because of its similarities to legitimate programs, RATs can allow the attacker to do anything they want with the victim’s computer once they have gained access. 

2. Data-Sending Trojan

Data-Sending Trojans extract data from a victim’s compromised system and send that data back to the owner. Sensitive data like credit card information, passwords, email addresses, contact lists, and other personal information can be easily retrieved with a Data-Sending trojan. 

The nature of Data-sending trojans may not be as malicious as the RAT, but they are intrusive. They also may not greatly impede your computer’s performance, but they can be used to relay information and serve ads to victims. This means that attackers can use these kinds of trojans to track the activity of the user on the internet, such as ads clicked, or sites visited to be used as information to serve relevant ads to the user. 

Once these “ads” pop up on the victim’s screen randomly, a cunning hacker can use it to embed other harmful programs, like say, another virus. 

3. Proxy Trojans

Proxy trojans turn a victim’s computer into a proxy server. Proxy servers should help increase online privacy, but a proxy trojan does the complete opposite. 

Once a proxy trojan infects a computer the victim's data privacy is compromised. The attacker can do anything they want including credit card fraud, hacking, identity theft, and other illegal activities.

Like other trojans, proxy trojans disguise themselves by mimicking legitimate software or piggybacking legitimate downloads and attachments.

4. Denial-of-service attack (DoS) Trojans

A DoS stands for a Denial of Service. This happens when a single attacker uses their computer and their program to flood a targeted server with fraudulent data traffic. The attacker sends a large number of legitimate-looking requests to the server in a way that the server cannot distinguish between valid and invalid requests. This will overwhelm the server to the point where it cannot handle the capacity of such large traffic causing the server to ultimately crash. 

And a trojan containing a DoS does exactly that. The trojan releases the DoS and overloads the targeted server’s bandwidth and other computer resources—making it inaccessible to others. 

A DoS attack usually happens to the servers of companies or organizations. A malicious individual targets the company’s server—forcing the company to halt its daily operations. Since the company’s server is now inaccessible—employees, customers, and account holders of the company are now unable to carry out their regular services or transactions. 

High-profile organizations such as those in the banking, commerce, and media industries are usually prime targets for these trojans. Even government organizations could fall victim. Although not typically used for theft, it can easily cause organizations a great deal of time and thousands of dollars in damage.

5. Destructive Trojan

A destructive trojan virus destroys or deletes files and software that a user would have on their computer. destructive trojans have the typical characteristics of a trojan virus, though not all result in data theft.

Just like many other types of trojans, destructive trojans don't self-replicate like worms. They have to be downloaded onto the user’s computer and usually written as a simple crude batch file with commands like “DEL,” “DELTREE” or “FORMAT.” These trojans can often go undetected by antivirus software.

Protection Against Trojan Virus

How to Remove a Trojan?

Fortunately, as complex as trojan viruses can be, they still can be removed. One of the ways to remove trojans is by identifying programs that come from untrusted sources and disabling the startup item that came from said source. When doing this, one can reboot their device into safe mode so that the virus can’t stop the system from removing it. Users must also make sure they don't accidentally remove any important programs their computer needs as it could slow, disable, or even cripple the system.

Probably the best way to remove trojans is by installing and using a trusted antivirus solution. A good antivirus program is able to detect suspicious behavior in an app and search for trojan signatures so that it can detect, isolate and ultimately remove them. 

Also Read

How to Prevent a Trojan Virus?

While removing trojans is a great way to ensure the security and safety of your computer, you can also prevent them from happening by:

  • Never downloading software or programs that does not look completely trustworthy
  • Keeping all software updated with the latest patches
  • Never opening an attachment or running a program sent from an unknown sender
  • Setting up cloud accounts using email addresses that offers account recovery support
  • Using VPNs on Public Wifi
  • Using an antivirus solution with Real-Time Protection
  • Rebooting the computer in Safe Mode which will disable most unnecessary functions and software, including everything infected with the trojan.
  • Installing an antivirus and making sure it updates to the latest version.
  • Running a full system sweep. An antivirus program would usually prompt the user about what to do with the files (delete, quarantine, attempt clean-up, etc.) or take action first and then give the user a full report.

Frequent Asked Questions on Trojan Virus

Can a Trojan virus be removed?

Yes, as long as one follows the above steps and takes the necessary measures to prevent them, malicious trojans can be successfully removed. Usually, a good antivirus program would be able to remove a trojan, but if it does not, consider updating the program or switching to one that is more reliable. Popular paid antivirus options include McAfee, Kaspersky, and Norton, whereas Microsoft Defender is free. 

Can Trojans affect mobile devices?

Yes. Trojans can infect most device types including mobile platforms. Users can mistakenly download trojans onto their mobile devices as these viruses embed themselves in apps that seem useful. Once downloaded the attacker can access the mobile device and steal information, listen to conversations, and view the user’s image gallery. 

Where do Trojans come from?

Trojan viruses are usually found on websites that seem suspicious. Torrent sites, websites that allow illegal downloads, strange-looking web games, and suspicious-looking sales pages that ask for an unnecessary amount of personal information are all possible platforms that carry trojan viruses. Trojans can also be found in spam mail so one must be wary of links and CTAs that are embedded in suspicious-looking emails in their inbox. Even if a website seems safe, trojans could be embedded in strange links or pop-ups that influence the user to click and interact with it. 

Final Thoughts

With all the types of trojan viruses out there and their multitude of malicious purposes, they all have one main goal in mind—to trick an innocent user, infect their computer, and avoid detection. But as long as users are equipped with the basic knowledge of how trojan viruses work, they should be safe. While relying on an antivirus program is a user’s best protection against trojans, it is still up to the individual user to be vigilant. 

Trojan viruses have become more complicated and difficult to detect nowadays. So, it is more important than ever to keep your computer safe and secure as you browse through the seemingly endless sea of the internet. 

Read More

Photo of author

Article by Arif Ismaizam

Keep Reading