Trojans – the basics

A Trojan is a specific piece of software that forms part of a computer virus.

It is named after the famous wooden horse of Troy.

In Virgil’s epic poem the Aenied, Odysseus, one of the Greek leaders, suggests that the Greeks will win the Trojan War if they pretend to sail away from their siege of the city of Troy and leave behind them a huge statue of a wooden horse as a gift.

The Trojans, overjoyed at the end of their 10-year siege, rush out and find the wooden horse which they pull into the city as a trophy. Unfortunately for them there are 30 hand-picked Greek warriors inside who wait until dark to let themselves out of the horse and open the gates of Troy to the rest of the Greek forces, who have returned under cover of darkness.

The Greek forces enter Troy and sack the city.

In essence this is exactly what a piece of Trojan software does. It is brought to a computer by a virus which searches for computers that have not had their software upgraded; or it may download onto a computer when the user visits a ‘poisoned website’.

Other methods of infection can come through running pirated software or opening spam email, clicking on links in spam email or opening spam email attachments.

It is also possible for them to be delivered to your computer by instant messaging systems or via social media.

Once it has got into your computer the Trojan software may wait on the system until it is activated. Typically a Trojan sends a message back to the program controlling it , telling it that it has been installed. Or it may start to activate itself as soon as it is installed on the host device.

Often the Trojan will send a message back that asks for the latest upgrades for a cocktail of malicious software that is contained within the Trojan.

This malicious software, usually a mixture of communications software, key loggers, and search and control code, will be then run without the owner of the machine realising it is there.

The key loggers will be set to identify and trap any passwords used on the machine. As anti-virus software looks for key loggers, the Trojan may installing a version that the anti-virus cannot identify.

The same principle is used for the search code, which looks for personal information, databases and intellectual property, and the communications software.

In some cases the Trojan will even load its own anti-virus system onto the victim’s computer to prevent it being taken over by a rival criminal organisation.

Once the key loggers and search software have done their job, the Trojan program uses the communication software to relay the information they have found back to servers on the internet. These are usually other infected computers that are being used to automatically control the operation.

The control code is then used to quietly take over part of the computer’s resources so that they can be used in the background while the computer is running.

The communication software then has one final role to play. This is to allow the control code in the Trojan program to communicate with the server controlling the operation so that the victim’s computer can become a ‘zombie’, in other words a computer that will carry out tasks for the controlling system.

These include the sending of spam or junk mail messages, the storing and sending of computer viruses and the sending of a continuous series of identical message requests when ordered to. This last function is known as a Distributed Denial of Service (DDOS) attack, designed to bring other websites down.

During a DDOS attack the infected computer is just one part of a whole network of infected computers – sometimes tens of of thousands in number – that send a synchronised stream of identical messages to a single point, such as a website or a company’s computer, with the aim of overloading the target system and forcing it to shutdown.

The purpose of a DDOS attack for the criminal can be extortion, revenge, reputational damage or sabotage.

 

Dealing with a Trojan

1. The best way to prevent malicious software from running on your machine is to invest in an internet protection suite that includes anti-virus, a firewall, website protection, anti-spam and a range of other protection mechanisms. This software must be kept updated so if you have opted for a system that requires annual upgrade payments, make sure you install them. Computer security software that is not updated is useless against newer threats and some 90,000 mutated viruses are created automatically every day. Some computer security companies offer free software but if you opt for this make sure that it contains as many of the functions listed above as possible. Other companies offer licences that are for the lifetime of a machine, which is normally around 3-4 years.

2. Make sure that you install the latest software patches on your machine. Microsoft offers a service that will perform this function for you automatically.

3. Implement a computer security policy at your office that governs what devices can be plugged into your machines and what services , i.e. social media and instant messaging, an employee can run. If you consider social media useful to your business you will have to balance the advantages that it brings against your security.

4. Install free services such as Spybot and Ad-aware which will remove harmful software from your machine.

5. If you suspect that you have a Trojan on your machine you can opt to try and remove it yourself. You should only do this if you think that you can do it competently and without damaging the machine. Otherwise it is best to seek help from a professional.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.