Trojans » What Are They and How Do I Protect Against Them?

Janis von Bleichert

Broadly speaking, malware can be divided into two types, namely, that which is easily recognizable and that which isn't. The first type slows down your computer (or prevents it from turning on altogether) and/or makes unwanted pop-ups appear despite not having a browser open. Other times malware is more nefarious, secreting itself onto your system like a spy in the night, only rearing its ugly head once your computer's defenses have been entirely neutralized and/or all sensitive data has been stolen and copied.

This second kind of malware has a name: A Trojan horse, or more commonly 'Trojan'. The name is no coincidence, harkening back to the Ancient Greek legend of how the (presumed impregnable) city of Troy was sacked after its masters (foolishly) accepted a wooden horse loaded with its enemies and brought it within the city's gates. In this article, we'll show you what Trojans are, what kind of damage they can do, and how to be a bit more prescient than King Priam in your own digital domain.

What Is a Trojan?

Like their legendary namesake, Trojans are masters of camouflage, sneaking their way onto your system in the hope of unleashing considerable damage. Although they are malware, Trojans are often disguised as legitimate software. Freeware is one particularly popular medium which Trojans piggyback on, however, they can also find enter your system as (harmless-looking) email attachments.

The kind of havoc which a Trojan can wreak depends almost entirely upon what sort of malware it smuggles onto your system. Again, as in Homer's tale, the Trojan (horse) itself is just the 'transport' for the real danger, which lies in wait inside. Since there are many different kinds of Trojans, and new variants are an almost daily phenomenon, we've summarized a few of the most important types for you below:

Banking Trojans/ Spyware
This kind of malware actively searches for online banking information on systems, hitting users where it likely hurts most: Their bank accounts. In contrast to extortion software or ransomware, banking Trojans seek to covertly deprive you of your hard-earned funds, by misdirecting or rerouting transactions. The amount of damage they can do ultimately depends on how much time it takes you to notice that something is amiss with your online banking.

Cryptotrojans
Alternatively known as extortion Trojans, or most commonly as ransomware, these are the somewhat more aggressive and daring sibling of spyware. Instead of secretly monitoring your activity, these make their presence known, encrypting folders, or even your entire system and demanding a ransom in exchange for the decryption key. Don't want to pay up? Most ransomware displays a countdown timer which represents how long you have to pay until your files are (irrevocably) deleted. Even then, as the old saying goes, "there is no honor among thieves", so don't expect to actually get your files back.

Backdoor
As their name implies, backdoor Trojans compromise your system by 'opening' it for cybercriminals, allowing the latter to gain control over your system and utilize it for their own purposes. In this way, they can disable security mechanisms meant to protect you against malware, and perform other illicit activity, all without your knowledge.

Botnet
A botnet isn't necessarily something bad. Any network of computers connected to one another via a single network that pool their resources to complete a task (or tasks) is a botnet. The problem arises when such a botnet engages in illegal activity or uses your system without your knowledge, such as for DDoS attacks, or the sending of spam emails.

How Does a Trojan Gain Access To My System?

The good news first: As tricky as Trojans are, they can't gain access to your system unless you download an infected file of one sort or another. There are two primary ways through which malware gains access to a system:

The download of compromised/infected software
Trojans like to disguise themselves either as harmless software or by piggy-backing on legitimate software. For that reason, it's important to be careful about freeware, particularly from questionable or dubious sources. 'Free games', which often show as pop-up banners on websites, are a particularly beloved medium for infecting unsuspecting users.

Email attachments

Another favorite means of surreptitiously gaining access to a system for cybercriminals are email attachments. Everyone knows (and laughs) about the Nigerian princes who for years wanted to send just about everyone with an email account millions (or billions) of dollars, but few would think twice about opening an email sent (ostensibly) from Google, PayPal, or another large company. If you've already downloaded the attachment or file which such emails contain, it's too late.

How Can I Protect Myself Against Trojans?

Since Trojans can only gain access to your system through data transfers (i.e. downloads), patience and common-sense are two of the best weapons in defending against them. Does the email you received from PayPal look too generic, not include your name, and/or contain an attachment? How about the slots game on the banner of a website you're visiting, which asks you to download and install a file after winning a few rounds? In reading through these scenarios, it should become clear that neither is all too difficult to unmask as a plot to corrupt your system. Other steps are listed below:

Only download software from reputable sources
It's always best to download software directly from its developer, producer, or official mirrors. Free banner games, or other types of freeware that seem 'too good to be true' should be avoided. If a website appears suspicious, it probably is, and it's best to err on the side of caution and download from a more reputable source.

Caution when opening email attachments
A good rule of thumb is to check the sender of an email twice, before downloading an attachment. At first glance, such a message can look legitimate, coming from Amazon, eBay, or PayPal, however, when hovering your mouse over the sender's address, if you don't see an "@amazon.com" or "@paypal.com" ending, chances are high that the message contains malware of some sort or another. Another method of checking the legitimacy of an email that you're unsure of is by entering its subject line (verbatim) in a search engine. If results appear noting that it's a malware scam, you'll have your answer quick enough.

Regularly update your operating system, drivers, and software
Malware and anti-malware are in a sort of Spy vs. Spy struggle with one another. On the anti-malware side (including software developers, such as Microsoft), there is a constant effort to close the loopholes or exploits that malware developers uncover and exploit. Older operating systems or software are easy prey, so do yourself a favor and regularly update both to minimize your vulnerability.

Use antivirus software
Dedicated software exists which is specifically designed to protect systems against Trojans. With the right antivirus program, you can rest easy knowing that it is patrolling and monitoring your system in the background, helping to keep Trojans off your computer or laptop. At the same time, these will also guard against a range of other types of malware and threats.

How To Remove a Trojan?

Perhaps you've already fallen victim to a Trojan, or are presently the victim of one? Well, in Homer's tale, there was nothing left for the Trojans to do but flee as the Greeks pillaged their city, but thankfully, a lot has changed over the past thousand years. You will need to download and install dedicated software to reclaim your system, but our EXPERTE.com step-by-step walkthrough will help you along the way!

Conclusion

Trojans are tricky, relentless, and unforgiving malware carriers, which secret themselves onto your computer and wreak havoc long before users are any the wiser. As always, be as careful online as you are in real life; don't accept things from strangers, open letters or packages which look suspicious or aren't addressed directly to you, and if something seems too good to be true, it most likely is.

As long as you pay attention to which files and software you download online, as well as which sites you visit, you shouldn't expect any difficulties. However, if you do, you can rely on us at EXPERTE.com to help navigate you out of the danger and help you to decide the 'Trojan War' in your favor.

Author: Janis von Bleichert
Janis von Bleichert studied business informatics at the TU Munich and computer science at the TU Berlin, Germany. He has been self-employed since 2006 and is the founder of EXPERTE.com. He writes about hosting, software and IT security.
Other languages:
Deutsch Italiano