Trojans

IT Knowlege Base

What are Trojans? How do Trojans work?

Instead of a giant wooden horse, the malware known as Trojans is a digital threat to individuals and businesses. Insidiously, as in the famous mythology, a Trojan horse attacks computers, steals data and damages the system. This article explains how a Trojan horse infiltrates, what damage it can cause and how it can be prevented or remedied.

What is a Trojan?

A Trojan (short for “Trojan horse”) is a program that installs other programs, often malware, on the infected computer without permission. The Trojan takes its name from the ancient story of the Trojan Horse, as it is based on the same principle. The city of Troy was considered an impregnable city, and in the end it could only be captured with a trick. So, the attackers built a wooden horse in which to hide. This horse was presented to the Trojans as a gift, which they gladly accepted and brought behind their protective walls. Once the inside the city, the enemy climbed out of the horse and attacked. Trojans today are mostly distributed in the form of freeware such as utilities, games and antivirus programs. Once it infiltrates, the Trojan installs unwanted software that can have many different functions. This includes, for example, spying on the user with spyware or encrypting the device or parts of the device with ransomware.

Trojans were among the earliest malware programs. They were first mentioned in 1974 in a US Air Force report that looked at various ways to manipulate a computer system. A year later, the first Trojan was discovered, a program called Animal-Pervade. Animal-Pervade was a game where the user was asked to think of an animal and the game tried to guess that animal. If the computer did not prevent it, the game was updated with a new version and secretly copied to other directories on the computer. Trojans quickly became a common way of injecting malware into computers, especially with the rise of social media.

However, Trojans do not always download malware onto the computer. Since a Trojan is any program that installs other programs on the system without informing or asking the user, these can even include useful programs that, for example, help a program run or without which the program would not work at all.

How do Trojans work?

Trojans are often smuggled in as an authentic-looking email attachment to a phishing email. With this distribution method, the Trojan is camouflaged with an incorrect file name and often with a double ending, e.g.,: “suesse-katze.mp4.exe”. If the Trojan is very well programmed, it will even mimic the actual document and install the unwanted program in the background. In that case it would mean, for example, that a media player with a cute cat video would open. In this way, the unwanted program can be installed without the user even realizing it is there.

Likewise, Trojans often come from freeware and shareware that the user has downloaded from the Internet. Although not all freeware is a Trojan, it is recommended that you download software and freeware only from trustworthy sources. Often, attempts are made to distribute Trojans via pop-up pages, which tell the user that the computer is infected with malware and that some antivirus software should be downloaded to remove it. The suggested antivirus program then turns out to be a Trojan, which installs malware.

A trojan can only work if the user launches the program. Once it is running, the Trojan can begin installing other software on the computer. Trojans can have several functions, depending on the attacker’s motives. The Trojan itself is only the vehicle for the corresponding payload.

How do you recognize Trojans?

Since Trojans often imitate legitimate system files, they are very difficult to find and eliminate using conventional virus scanners. But if a Trojan is not found, it can cause considerable damage to the operating system and the people and companies behind it. The most common symptoms of Trojans are:

  • Strange Messages and Pop-Ups
  • Very slow computer. A Trojan horse or any program installed by a Trojan uses the computer’s resources, which slows down the processor.
  • Interrupted Internet connection: If a PC is infected, the Trojan can connect to a URL or open a separate connection session. This reduces the available bandwidth, which has a negative effect on the internet usage.
  • Malicious Windows: A trojan can trick users into visiting a fake or faudulent website. If unwanted windows or browsers on these pages open, this is a strong indication of a Trojan horse infection.
  • Missing Files: Programs installed by Trojans can also delete, encrypt, or move computer files to another location.
  • Deactivated virus protection and firewall: If the firewall and the antivirus sofrtware are deactivated by a Trojan, the computer becomes more succestible to cyber-attacks.

A Trojan horse scanner is required to scan your computer for Trojans. If a Trojan horse scanner or anti-virus software is already installed on the computer, this should be updated before the scan process. In addition, all temporary files should also be deleted in order to speed up the virus scan. Instead of the standard quick system scan, a complete virus scan should be carried out for the entire PC. Most virus scanners allow the scanner to examine the computer in a recurring cycle and to warn you when malware is found.

In some cases, ransomware installed by Trojans can prevent the user from logging into the computer’s operating system. If this is the case, the PC must be booted in a security mode. This will stop the Trojan from loading when the user logs in. The alternative to scanning viruses that does not require Windows access is a bootable antivirus program. This runs on portable devices such as data carriers or flash drives and scans a hard drive for Trojans without even starting the operating system.

How can Trojans be removed?

If your computer starts acting strange after installing new software, it could be infected with a Trojan horse. To remove it from the system, the new software must be uninstalled. Since some Trojans do not appear in the list of applications, the computer’s registry database should be checked for suspicious software. If there is a program with an unusual name, the entry for that application should be deleted. It is important to note that the Trojan will have installed other software, which must be removed accordingly. 

Even if the malicious software has already been uninstalled and the registry key deleted, there is still a chance that a Trojan horse or other malware is present in the system. To find it, the user must initiate a full computer scan with an anti-virus scanner. This should be able to identify all threats and inform the user of the name of the malware. In addition, the scanner usually recommends the necessary measures to completely remove the Trojan and the installed malware from the system.

If the antivirus failed to remove the malware or a Trojan or malware was not found but the computer still appears infected, the user must perform a full system restore. The system must be restored to a date before the Trojan was installed. However, before initiating a full system recovery, all important files should be backed up to an offline location such as an external hard drive. If all of the above methods didn’t work and the malware is still present, the user might need to wipe the entire hard drive. This process removes all programs, including malware, and all files.

How do you protect yourself against Trojans?

Install Anti-Virus Software

Antivirus software protects devices from malicious software that poses a threat to the system. It scans the computer to find and remove the Trojan and provides automatic updates to ensure protection against newer viruses.

Firewall Installation

Antivirus software protects devices from malicious software that poses a threat to the system. It scans the computer to find and remove the Trojan and provides automatic updates to ensure protection against newer viruses.

Regular Software Updates

Regularly updating your antivirus software is just as important as installing anti-virus software. This prevents attackers from gaining access to computers through vulnerabilities in outdated systems.

Programs from Trusted Sources

Using programs from reputable sources reduces the chances of a device becoming infected with a Trojan horse. It is therefore important to check with the provider before downloading any software. You should also make sure that the software you want to download is downloaded directly. With some offers you have to download so called downloaders first. However, these can contain malware.

Regular backups of the date

In order not to lose valuable data and information in the worst case, it is advisable to make regular backups. This helps to reduce the damage and prevent extortion.

Bypass Suspicious Links

Scammers try to trick users into opening an email or clicking on a link that appears to be from a legitimate company or source. The link can lead to a fake website, on which the user is asked to provide personal data or to perform a download. If in doubt, you should therefore not click on the link.

Protect Your Email Inbox

Removing the malware will in most cases completely delete it from the device. In this regard, a malware scanner is a good investment to keep track of all operating systems and to reliably eliminate malware. Free programs are also available for this purpose and, if desired, provide more transparency on your own devices. This gives you the opportunity to protect yourself from every conceivable malware.

Trojans often infect computers via email. For example, they can get onto the computer via a phishing email. Heretofore you can already protect before the malware au f the computer. This works for companies, for example, with Spam and Malware Protection or Advanced Threat Protection from Hornetsecurity.

Visit Our Knowledge Base

Did you like our contribution from the knowledge database on the subject of Trojans? Then you get to the overview page of our knowledge database here. There you will learn more about topics such as EmotetIT SecurityCryptolocker virusphishingGoBDcyber kill chain and computer virus.