In Virgil’s epic poem, , the Greek war strategist, Odysseus, wants to get men of the Greek army and himself into the city of Troy. He wants to do it without destroying or climbing over the wall of the city. He devises a deception plan and engineers it into a giant wooden horse. The Aeneid While he and his men hide in the wooden horse, he gets some Greek men to take it to the city of Troy as their token of surrender. The men left the giant wooden horse in front of the city and appear to have sailed away. The Trojans, drunk in victory, bring the horse into the city so that Odysseus and his men are able to attack the city of Troy from inside. What a clever act of deception that gets the victim to act out a premeditated plan! Such attacks are now known as trojan horse attacks. In cybersecurity, these embodiments of deception (known as Trojans) are a type of malware that use social engineering to delude unsuspecting users into installing and running apparently genial programs that embody malicious purposes. Although trojans are not viruses technically, they have come to be known as such. Characteristics of computer trojans Trojans are neither viruses nor worms: Viruses infect files, self-replicate and spread by appending themselves to another program—and worms are similar to viruses in the sense that they infect files, but they do not need to append themselves to another program in order to spread. Therefore, trojans are a class name for malware that employ deceit to lure the victim into acting out a plan. They are of different kinds, depending on the intention of the author—whether to deliver a payload (in the case of ), communicate to an attacker at a later time, or make a system susceptible to subsequent practical attacks. ransomware attack In other words, trojans are nothing more than delivery tactics that cybercriminals employ to further execute any cybersecurity threats—ransomware attacks, spyware attacks, and so on. A brief history of computer trojans After its release in 1975, the world’s first computer trojan ( ) presented itself as a game of twenty questions, however, it went behind to copy itself onto shared directories and through there could spread across entire computer networks. ANIMAL By December 1989, floppy disks were getting affected by the , the very first known ransomware. It was mailed to the subscribers of PC Business World Magazine as well as a World Health Organisation AIDS Conference mailing list. This DOS trojan encrypted all filenames on the victim systems, then displayed a ransom notice of $189 on the screens, which would be made to a post office box in Panama before a decryption code would be received. Within this time another infamous trojan event was the that allowed cybercriminals to remotely control many systems running on Microsoft Windows over a network. To this effect, attackers were able to even open the CD tray of the victim's computer. AIDS Trojan 1990s version of Netbus Then in 2000, victims of the trojan attack received an email with the attachment “ILOVEYOU”. Curious to open it, the victims had the trojan launch a script that overwrote the files on their computers and sent itself in an email to the contacts in the victims’ mailing list. ILOVEYOU Through this time, trojans targeted computer users’ desire for illegal downloading and hence disguised themselves as music files, movies, or video codecs. For instance, in late 2005, a backdoor trojan ( ) disguised as a video codec in the form of ActiveX. In 2007, a trojan ( ) targeted computers that ran on Microsoft Windows to steal banking information through . Zlob Zeus keylogger In 2008, (also known as Sinowal or Mebroot) turned off antivirus applications, which allowed other malware to access the victim's computer, modify data thereon and steal sensitive data, like passwords. Trojan attacks have been improving since then, with attacks becoming more targeted to specific companies, organizations, or government institutions. Torpig Kinds of computer trojans Backdoor trojans These create remote access to victim computers by changing the system security—which will then allow cybercriminals to further execute threats on the system. Spyware trojans These do nothing but watch online accounts and credit card details, and transmits password and identified data back to the attack initiator. Zombying trojans It takes control of victim systems and makes them slaves in a network under the initiator’s command. (A good example is the (DDoS) attack.) Distributed Denial of Services Downloader trojans (like ), which downloads, installs, and runs malware on the victim's computer systems. Emotet How to remove a trojan from a system In the case of a trojan attack, the affected systems must be cleaned up thoroughly using good-quality anti-malware, to ensure a full system scan. The systems must be cut off from communication with any backend server or other unaffected system in the network and then be isolated. This will isolate the trojan for cleanup. How to prevent trojan attacks Trojans can come in various forms—software, music, browser advertisement, and even ostensibly legitimate applications. Hence here are ways to avoid landing a trojan on a computer system: Avoid downloading cracked applications—that is an illegal free copy of software. History has established that this act will get the victim to go for an activation key generator, which may conceal a trojan attack. Avoid downloading unknown free programs—be it a game or an app—especially from unknown sources. Avoid opening attachments in a strange email. They may look like an invoice, a delivery receipt, or something, which may run a trojan attack when you open them. Avoid visiting shadowy websites—by pretending to stream a popular movie, they trick the victim into downloading a video codec that indeed contains a trojan. And most importantly, avoid joining the bandwagon without consulting experts. With social engineering, cybercriminals can take advantage of a panic situation to spread trojans. An example is Intel processors that were found in December 2017 to be vulnerable to attack due to hardware issues, a situation that cybercriminals leveraged on to get victims to install a purported patch called Smoke Loader, which landed trojan on the victim systems. Procedural habits to guard against trojan attacks Since trojans parade themselves in deception, the best habit computer users should master is “vigilance”. Observing good cybersecurity procedures is advised. Healthy skepticism of websites offering “free” movies and music is recommended. Changing default windows settings—so that the real extensions of applications are visible—is recommended. In addition, the following should be practiced to bolster security proactiveness: Running periodic diagnostic scans; Setting up automatic updates for and ensuring the latest updates are installed; s operating system Ensuring that any security vulnerability of any application is patched, and immediately too; Steering clear from suspicious websites; Using complex passwords; And staying behind a firewall. Conclusion Computer trojans, a deception engineering that started as a prank, have developed into a nefarious way of destroying networks, stealing information, making money, and sadly, seizing power.

Google

Intel

Microsoft

Mechanism of Password Protection

The Lack of Unique Human Abilities in Robots

Read My Stories

Nominated for 2022 - HackerNoon Contributor of the Year - Robotics

Too Long; Didn't Read

Download free Tech Leaders Productivity Report!

Computer Trojan Attacks: Nature, Development and Prevention

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

5 Features To Consider When Looking For a Reliable Data Loss Prevention (DLP) Software To Buy

After-Hours IoT Hacker John Kinsella has Been Coding Since the 80s

#DDoS 10/21: The Cloud Is Not Secure

How I Exploited Millennium MP3 Studio 2.0 with Shellcode Payload

How Password Managers Can Protect You From Phishing

5 Features To Consider When Looking For a Reliable Data Loss Prevention (DLP) Software To Buy

After-Hours IoT Hacker John Kinsella has Been Coding Since the 80s

#DDoS 10/21: The Cloud Is Not Secure

How I Exploited Millennium MP3 Studio 2.0 with Shellcode Payload

How Password Managers Can Protect You From Phishing

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps