Computer Trojan Attacks: Nature, Development and Prevention

In Virgil’s epic poem, The Aeneid, the Greek war strategist, Odysseus, wants to get men of the Greek army and himself into the city of Troy. He wants to do it without destroying or climbing over the wall of the city. He devises a deception plan and engineers it into a giant wooden horse.

While he and his men hide in the wooden horse, he gets some Greek men to take it to the city of Troy as their token of surrender. The men left the giant wooden horse in front of the city and appear to have sailed away. The Trojans, drunk in victory, bring the horse into the city so that Odysseus and his men are able to attack the city of Troy from inside. What a clever act of deception that gets the victim to act out a premeditated plan! Such attacks are now known as trojan horse attacks.

In cybersecurity, these embodiments of deception (known as Trojans) are a type of malware that use social engineering to delude unsuspecting users into installing and running apparently genial programs that embody malicious purposes. Although trojans are not viruses technically, they have come to be known as such.

Characteristics of computer trojans

Trojans are neither viruses nor worms: Viruses infect files, self-replicate and spread by appending themselves to another program—and worms are similar to viruses in the sense that they infect files, but they do not need to append themselves to another program in order to spread. Therefore, trojans are a class name for malware that employ deceit to lure the victim into acting out a plan. They are of different kinds, depending on the intention of the author—whether to deliver a payload (in the case of ransomware attack), communicate to an attacker at a later time, or make a system susceptible to subsequent practical attacks.

In other words, trojans are nothing more than delivery tactics that cybercriminals employ to further execute any cybersecurity threats—ransomware attacks, spyware attacks, and so on.

A brief history of computer trojans

After its release in 1975, the world’s first computer trojan (ANIMAL) presented itself as a game of twenty questions, however, it went behind to copy itself onto shared directories and through there could spread across entire computer networks.

By December 1989, floppy disks were getting affected by the AIDS Trojan, the very first known ransomware. It was mailed to the subscribers of PC Business World Magazine as well as a World Health Organisation AIDS Conference mailing list. This DOS trojan encrypted all filenames on the victim systems, then displayed a ransom notice of $189 on the screens, which would be made to a post office box in Panama before a decryption code would be received. Within this time another infamous trojan event was the 1990s version of Netbus that allowed cybercriminals to remotely control many systems running on Microsoft Windows over a network. To this effect, attackers were able to even open the CD tray of the victim's computer.

Then in 2000, victims of the ILOVEYOU trojan attack received an email with the attachment “ILOVEYOU”. Curious to open it, the victims had the trojan launch a script that overwrote the files on their computers and sent itself in an email to the contacts in the victims’ mailing list.

Through this time, trojans targeted computer users’ desire for illegal downloading and hence disguised themselves as music files, movies, or video codecs. For instance, in late 2005, a backdoor trojan (Zlob) disguised as a video codec in the form of ActiveX. In 2007, a trojan (Zeus) targeted computers that ran on Microsoft Windows to steal banking information through keylogger.

In 2008, Torpig (also known as Sinowal or Mebroot) turned off antivirus applications, which allowed other malware to access the victim's computer, modify data thereon and steal sensitive data, like passwords. Trojan attacks have been improving since then, with attacks becoming more targeted to specific companies, organizations, or government institutions.

Kinds of computer trojans

• Backdoor trojans

  These create remote access to victim computers by changing the system security—which will then allow cybercriminals to further execute threats on the system.

  
  

• Spyware trojans

  These do nothing but watch online accounts and credit card details, and transmits password and identified data back to the attack initiator.

  
  

• Zombying trojans

  It takes control of victim systems and makes them slaves in a network under the initiator’s command. (A good example is the Distributed Denial of Services (DDoS) attack.)

  
  

• Downloader trojans

  (like Emotet), which downloads, installs, and runs malware on the victim's computer systems.

How to remove a trojan from a system

In the case of a trojan attack, the affected systems must be cleaned up thoroughly using good-quality anti-malware, to ensure a full system scan. The systems must be cut off from communication with any backend server or other unaffected system in the network and then be isolated. This will isolate the trojan for cleanup.

How to prevent trojan attacks

Trojans can come in various forms—software, music, browser advertisement, and even ostensibly legitimate applications. Hence here are ways to avoid landing a trojan on a computer system:

• Avoid downloading cracked applications—that is an illegal free copy of software. History has established that this act will get the victim to go for an activation key generator, which may conceal a trojan attack.
• Avoid downloading unknown free programs—be it a game or an app—especially from unknown sources.
• Avoid opening attachments in a strange email. They may look like an invoice, a delivery receipt, or something, which may run a trojan attack when you open them.
• Avoid visiting shadowy websites—by pretending to stream a popular movie, they trick the victim into downloading a video codec that indeed contains a trojan.
• And most importantly, avoid joining the bandwagon without consulting experts. With social engineering, cybercriminals can take advantage of a panic situation to spread trojans. An example is Intel processors that were found in December 2017 to be vulnerable to attack due to hardware issues, a situation that cybercriminals leveraged on to get victims to install a purported patch called Smoke Loader, which landed trojan on the victim systems.

Procedural habits to guard against trojan attacks

Since trojans parade themselves in deception, the best habit computer users should master is “vigilance”. Observing good cybersecurity procedures is advised. Healthy skepticism of websites offering “free” movies and music is recommended. Changing default windows settings—so that the real extensions of applications are visible—is recommended.

In addition, the following should be practiced to bolster security proactiveness:

• Running periodic diagnostic scans;
• Setting up automatic updates for operating systems and ensuring the latest updates are installed;
• Ensuring that any security vulnerability of any application is patched, and immediately too;
• Steering clear from suspicious websites;
• Using complex passwords;
• And staying behind a firewall.

Conclusion

Computer trojans, a deception engineering that started as a prank, have developed into a nefarious way of destroying networks, stealing information, making money, and sadly, seizing power.