What is a Trojan Horse Virus? The Top 5 Types

SoftwareLab Blog

BY: Tibor Moes / Updated: FEbruary, 2019

What is a Trojan Horse Virus?

A Trojan Horse is a piece of malware disguised as genuine software, that aims to infect your computer and alter your files and data. Some Trojan Horses may even give hackers access to your personal information. Read on to learn about the most common types of Trojan Horses and the safest ways to remove them from your computer.

What you will find out in this article: 

  1. What Is a Trojan Horse?
  2. What Types of Trojan Horses Exist?
  3. Examples of Trojan Horses
  4. How to Remove a Trojan Horse

Some Trojans are less dangerous than others, but that doesn’t make them any less of a risk for your online security. Take a look at our comparison of the best antivirus software to keep your computer safe from cyber threats.

Tibor Moes

Founder, SoftwareLab

Trojan Horse

Some 33 centuries ago, the ancient Greeks constructed a giant wooden horse and gave it to the Trojans as a gift of peace. Hiding inside the Trojan horse were Greek warriors, who tricked the Trojans into giving them access to the city and went on to take control of it.

Fast forward some 3,300-odd years to today’s digital age, where hackers are doing something very similar. On the surface, they’re giving you the gift of free software. Underneath, however, they are waiting for an opportunity to take control of your computer.

What Is a Trojan Horse?

In cybersecurity terms, a Trojan horse is a piece of malware that can damage, steal, or otherwise harm your data or your computer network. Often referred to simply as a Trojan, this malicious software is usually disguised as a legitimate computer program. Once downloaded and installed on your system, it allows hackers to spy on your online activity, access and copy files from your hard drive, modify and delete your data, hamper the performance of your computer, and even steal your personal information.

Trojan horses first appeared as non-malicious software back in the mid-1970s and have gone through numerous stages of development since. In the late eighties, the first-ever type of ransomware was the so-called AIDS Trojan distributed on floppy discs. During the early 2000s, Trojans have evolved to allow their creators to take full control of the infected computer using the remote administration technology.

Nowadays, Trojan horses are distributed the same way as most other types of malware. Unsuspecting victims may download a Trojan under the assumption that they’re downloading a legitimate piece of free software (e.g. file-sharing software, audio/video codec packs, or free security programs). It may also end up on their computer if they click on links and download attachments contained in suspicious emails or visit malicious and/or adult-oriented websites that are riddled with pop-ups and redirecting links.

Many refer to Trojans as viruses, but that’s incorrect. While viruses can self-execute and self-replicate, Trojans cannot do that. Instead, the user has to execute a Trojan themselves by launching the program or installation that the Trojan is bundled with. As far as replication goes, Trojans don’t have the ability to reproduce or infect other files, which makes it much easier to remove them from an infected system.

What Types of Trojan Horses Exist?

There are many types of Trojan horses in circulation, some of them more harmful than the others. Thankfully, most of them are routinely detected and removed by the best antivirus software. According to various statistics, Trojans account for anywhere between 25 and 80 percent of all malware infections around the world. Some of the most common types of Trojan horses include the following:

  1. Backdoor Trojans

As the name suggests, these types of Trojan horses have a backdoor of sorts, a secret passage through which hackers can access your computer and take control of it. Depending on how sophisticated they are, backdoor Trojans can be used to monitor your web traffic and online activity, run and/or terminate tasks and processes, upload files without your knowledge, and change your computer settings.

In most cases, hackers use backdoor Trojans to build botnets, large networks of remote-controlled computers that they can recruit to carry out cyber attacks against other computers, networks, websites, and online services. These botnet backdoor Trojans are usually very sophisticated, which allows them to avoid detection even by some of the most popular cybersecurity solutions.

  1. Downloader Trojans

Downloader Trojans don’t have a backdoor component that would allow hackers direct access to your computer, but they still perform actions on your computer that could benefit the hacker. Namely, these Trojan horses are programmed to download a variety of files and programs to your hard drive. These can include misleading apps, configuration settings, and upgrades to the malware that’s installed on your PC.

Trojan downloaders, as they’re sometimes called, can also download and install other unrelated pieces of malicious software on your computer. In the past few years, hackers have started selling the so-called “pay-per-install” services, where they offer aspiring hackers a chance to distribute malicious software via their existing network in return for money. To do this, a hacker only needs to release an update of their Trojan downloader, which prompts it to download the malware in question on all infected computers.

  1. Distributed Denial-of-Service Trojans

Distributed Denial-of-Service (DDoS) Trojans are types of malware designed to carry out attacks against computer networks. They are usually downloaded and installed on numerous computers at once via spam mail campaigns, turning those machines into parts of a botnet. These Trojans have a backdoor component, which allows hackers to activate their botnet army to perform coordinated attacks.

Once activated, these computers will start generating unusual amounts of traffic to websites, servers, or networks that the hacker is targeting. The ultimate goal is to drain the computational resources of these websites and networks and take them offline so that users and visitors cannot access them.

  1. Banking Trojans

With the growing popularity of online banking services, banking Trojans have become more common than ever. In the first six months of 2018, these Trojan horses have overtaken ransomware as the most widespread form of malicious software. As their name suggests, these Trojans are designed to steal the victims’ financial information and online banking credentials through the use of phishing techniques.

Unlike some other types of malware, banking Trojans allow hackers to use script injections to add extra fields to online forms. In addition, they can redirect the victim to a fake login page that looks just like the real thing, complete with the logo of the bank. However, instead of going to their bank and being used solely for login purposes, the victim’s information is forwarded to the hacker responsible for the Trojan.

  1. Fake Antivirus Trojans

Although they have been around for well over a decade, fake antivirus Trojans are still very common and powerful. They are downloaded the same way as all other Trojans – via compromised email attachments, suspicious links, and visits to malicious websites. Once installed, they masquerade as antivirus software and constantly inform the victim about non-existent security threats found on their computer.

These Trojans are somewhat similar to ransomware. No matter how many times the victim closes the window, the pop-ups with false alerts will keep appearing (often while the victim is doing something else on their computer) and prompting the victim to pay to download the full version of the software. To do this, they will have to enter their credit card info, which will be sent to the author of the Trojan.

    Examples of a Trojan

    Some of the best-known examples of Trojan horse attacks in recent years include the following:

    • In 2011, the computers in the Japanese parliament building were infected with a Trojan horse allegedly created by the Chinese government. The Trojan was installed after a member of the parliament opened an infected email, but the extent of the attack was never disclosed.
    • In 2010, a Trojan horse also known as Zeus or Zbot was used by Eastern European hackers to attack a number of businesses and municipal officials in the region and take control of their banking accounts. The creators of this Trojan had stolen a total of $70 million.
    • In 2007, a backdoor Trojan named the Storm Worm was distributed to millions of computers worldwide through emails about a fictional storm wave that was killing people across Europe. Though to have been created by Russian hackers, this Trojan was used to create botnets and orchestrate attacks against popular websites and cybersecurity companies.

      How to Protect a Trojan Horse

      Because Trojan horses don’t reproduce after they have been installed on a computer, they are much easier to isolate and remove than some other cyber threats. To do this, you should use a Trojan remover, which usually comes bundled with the best antivirus software. If you suspect your computer may be infected, use your antivirus program to check your hard drive for any suspicious files.

      Some Trojans are not as dangerous as others, which is why your client may suggest quarantining an infected file rather than deleting it. Your antivirus software will then monitor the file closely and inform you if it detects any unusual and/or malicious activity. To ensure optimal safety, you should schedule full weekly scans of your computer and set up automatic definition updates in your antivirus program.

      Of course, in addition to using the best antivirus software, you can prevent Trojan infections by avoiding any suspicious emails, attachments, and links sent to you from unknown addresses. Before typing your data into online forms, look for a padlock symbol in the address bar to make sure that your connection is secure and that all the data you enter is encrypted.