Another term everyone likes to use when dealing with malware, is the term “trojan”, but how many people really know what it is? Trojans are much different than viruses and spyware, in that they are designed to be downloaded and used by you legitimately. Like the horse from history, they are a gift with a darker side to it.
The Devilrobber trojan – a recent trojan for Mac OS X
What it is
A trojan horse program is exactly as it’s name suggests; a program of a malicious nature masquerading as something helpful or useful. Unlike other infections though, it does not inject itself into your files, or display annoying popups. Trojans are used to convince the user that they are using a program they want to use.
This way, when your antivirus picks it up, you’ve been convinced it’s a good program and that it must be a false alarm. They are designed to “hack” your sense of awareness rather than just your computer using social engineering tactics.
Many trojans are designed to allow remote access to your computer, or attach your computer to a “botnet” for use in attacking other systems. A botnet is essentially a group of infected computers that work together to direct attacks on whoever the creator of it wishes. It can also be used to try and brute force passwords of people’s email accounts, work accounts, and more by distributing the password guessing across a large amount of computers.
Some other uses of a trojan horse are:
- Like spyware, stealing your data including sensitive things like banking information and passwords.
- Downloading or uploading of files on the user’s computer, including other forms of malware.
- Monitoring everything happening on your screen.
- Using your computer to view websites of an illegal nature in order to not get caught.
And these are just a few examples.
History
It’s difficult to say when the first trojan reared its head simply because of their very nature. A couple of the most well known and popular ones however originated in the mid to late 90s. The first one was called Back Orifice, and the second was Subseven.
Back Orifice
Back Orifice was first debuted at DEF CON 6, a hacker convention, in August of 1998. It allowed a user to access a computer from a remote location much like TeamViewer and software of that variety does today. Of course, the reason it was classified as a trojan wasn’t because of its remote control capabilities.
The program had the ability to hide itself from users accessing an infected system, could be disguised as something else to get it installed, and installed without user notification or interaction.
Subseven
Originally created in 1999, The Subseven (aka Sub7, or Sub7Server) was another program quite a bit like Back Orifice. But again it had many illegitimate uses, which is why it was considered a trojan. Quite often it would be used to gain unauthorized access to a target’s computer and execute tasks from mischievous (playing random sound files, changing theme colours) to outright malicious (capturing passwords and credit card numbers, accessing webcams, and more).
The interface for SubSeven
Vectors of infection
Trojans are called trojans because they are popular and useful programs on the surface, with other features running in the background. As such, the best way to avoid these programs is to simply avoid any software not from a major company (such as Microsoft or Adobe).
These programs almost always rely on the user to accept them into the system, so if you don’t recognize a program or its publisher, don’t download it. If you suspect you maybe infected with one of these, or aren’t sure if a program you like is safe. Give us a call! We’re more than happy to help you identify it, and if necessary clean it out for you.
Check out our next post when we finish things off with a relatively recent but increasing aggravating type of malware: Rogue security packages.
As soon as I observed this site I went on reddit to share some of the love with them.