What Is a Trojan?
You may vaguely remember reading Virgil’s epic poem “Aeneid” back when you were in school. The story of Odysseus and his cunning plan to hide his Greek soldiers inside a giant wooden horse to have the Trojans bring his men inside the city of Troy is hard to forget!
In some ways, we might even view the Greeks as the first hackers in history, as their brilliant deception led directly to the fall of Troy.
Unfortunately, Trojan malware works just like that old wooden horse: It hides damaging software inside what appears to be benign programs. Then, unsuspecting users are tricked by social engineering tactics that can lead to an infected computer or device.
While these malicious programs aren’t technically computer viruses, the phrase “Trojan virus” is not uncommon and is often used to refer to spyware that has detected and manipulated a system’s vulnerabilities.
Take heart, however! Unlike the original citizens of Troy, you can educate yourself on the different types of Trojan horse and protect your account information from cybercriminals.
Read on to find out how to keep your computer system and mobile devices free of unwanted “guests” in disguise.
Trojan: virus or malware?
Although they can be easily confused in everyday lingo, Trojans aren’t actually the same as a worm or a virus. Strictly speaking, a computer virus works to infect files the same way a biological virus does: by self-replicating at an alarming rate and attaching itself over and over to various new programs.
Worms work in much the same way but don’t require programs to attach to and spread.
Also frequently confused with Trojans is potentially unwanted programs (PUPs) and adware. PUPs are generally part of a software package that has been purchased and that program authors have included as a way to connect users to market affiliates.
Adware differs from Trojans in that it doesn’t hide its motives and usually results in little more than some additional programs appearing on your hard drive that you might not have actively planned for.
How do Trojans work?
Thinking back to Virgil’s epic poem “Aeneid,” Trojans act like the wooden horse — in that they hide all sorts of ways for malware to be delivered to your computer system.
Trojans can act as a tool useful in other computer activities, a communication point for hackers to access information, or as freestanding malware. Essentially, Trojan attacks are blanket attacks where a hacker can insert any amount of different threats, from spyware to ransomware and everything in between.
One of the things that make Trojans so malicious is that they can take so many different paths to your sensitive data. Here are a few common ways that Trojans can cause problems:
- Infecting a legitimate website with malicious code that then gets transferred to that website’s unsuspecting visitors
- Infiltrating a computer system via a program whose publisher is unauthorized or unknown
- Utilizing phishing or social engineering techniques to trick users into opening infected text messages, email attachments, or malicious websites
- Using drive-by downloads (unintentional downloads) posed as helpful software or prompting users to click on an audio stream or video connected to malicious code
- Being installed by hackers who have used software vulnerabilities to gain unauthorized access to a network
10 common types of Trojans
All Trojan attacks are not created equally. As the Swiss Army knife of malicious programs, Trojans can take many unpredictable forms and patterns.
Here are 10 of the most commonly experienced Trojans.
As the name implies, backdoor Trojans gain remote access to a computer system via a “backdoor” in a current network or program. Once the Trojan is in, malicious actors can make your device part of a botnet that links multiple host computers.
In the meantime, hackers can reboot your computer, steal information, and upload more malware.
Banking Trojans trick users into entering their login credentials for financial institutions and other money transactions. Because we’re all used to entering our credit card information at the drop of a hat now, banking Trojans are extremely widespread.
Banking Trojans make use of typical phishing strategies, such as sending users clickbait that leads them to poser webpages where they’re asked to enter their banking credentials.
Distributed denial of service
DDoS attacks rely on a botnet of zombie computers that can bombard servers and networks with huge throughputs of data. These throughputs overload existing systems, disable their dominant software, and allow remote operators to gain control.
DDoS attacks can be difficult to recognize at first because zombie computers, by and large, appear to be running normally on the surface. In most cases, the botnet is set up via backdoor Trojans that slumber undetected within the computer system.
Whenever a computer has already become infected by malware, downloader Trojans are designed to install even more unauthorized programs on it. Downloader Trojans may add anything from different types of malware like adware.
Gamers, beware! Game-thief Trojans are specifically designed to hack user and login information from those playing online games.
These Trojans may function in a backdoor manner or act like ads within the games themselves that appear harmless but are phishing for information to steal.
Mailfinder Trojans seek to harvest any and all email addresses you may have stored on your computer system or smartphone. Once gathered, these addresses are sent to malicious actors who can use them to send spam and malware.
Ransomware Trojans first inhibit or damage your computer system and then ask you for money to undo the damage. The important thing to remember here, though, is never to pay ransoms for any performance failures you’re experiencing with your computer — this can further expose your banking information to cybercriminals.
Rootkit Trojans act very much like camouflage for malicious code, hiding and concealing unauthorized programs within a computer system. The entire purpose of a rootkit Trojan is to prevent users from detecting malware so it can remain on a given computer for as long as possible.
Remote Access Trojans
Much like the backdoor Trojan, remote access Trojans enter your computer system via remote access over a controlled network. Malicious actors can then spy on users, steal sensitive data, and disrupt or manipulate normal software activity.
You might think short message service (SMS) is an artifact from a previous age, but SMS Trojans are still out there sending mass messages to costly numbers.
5 tips to protect your device from Trojans
There are a lot of good parts of the internet, but there can also be some not-so-good things in the digital world. Reading through all the many ways that your computer system can be exposed to scary stuff like malvertising (malicious advertising), phishing, and other types of cybercrime can be genuinely frightening.
However, all is not lost in the battle against Trojan terrors! The following sections outline basic steps you can take to enhance your digital security and live your online life in peace.
Install an antivirus software
Even if you’re on guard at all times while browsing online, it helps to have strong antivirus protection in your corner. While you enjoy everything the internet has to offer, antivirus software can keep an eye out for ever-evolving malware and other forms of online threats.
With antivirus software in McAfee® Total Protection, you get real-time threat protection — the software program can prevent, detect, and eliminate any malware or viruses that try to get onto your device. This prevents hackers and cybercriminals from taking your personal or banking information for their gain, so you can browse without worry.
It also comes with an alert if you’re ever about to connect to a risky website, an advanced firewall for your home security network, and on-demand or scheduled scanning of files and applications. It even works on your smartphone.
Keep your devices updated
Those little red prompts or exclamation points that appear on your smartphone apps and desktop notifications shouldn’t be ignored. Any time your computer or smartphone lets you know that it’s time for an operating system update, do it immediately.
Keeping your devices updated means you can take advantage of all the security updates device and app developers are coming up with each day to fight Trojan attacks.
Be careful with email attachments
Never open anything in an email that you haven’t confirmed came from a verified source. Sometimes, this is easier said than done. However, here are a few clues that an email you’re viewing may not be totally legit:
- The text of the email or its header is in a strange font or uses overly sugary language, such as, “Hello Dearie, haven’t seen you in a while.”
- The tone of the email is particularly urgent, with an “open immediately” vibe, even though no clear emergency has been stated or relayed to you by a trusted source.
- You receive attachments through instant messaging or text message.
- The attachment doesn’t have one of the following designated safe file extensions: GIF, JPG or JPEG, TIF or TIFF, MPG or MPEG, MP3, and WAV.
Implement additional security measures
Don’t leave your sensitive data like a sitting duck. Start by generating the strongest possible passwords for every account you use, and never use the same password for more than one account.
Need a little help? A password manager like McAfee True Key can make your digital life even more secure by saving and protecting your passwords with encryption, suggesting strong passwords for your accounts, and syncing across all of your devices for easy access.
Another smart thing to do is back up everything to an external hard drive or another safe location. In the event that you’re hacked, you won’t lose all of the important files and information that you had on your infected computer or device.
Think twice before clicking on pop-ups
Pop-ups can be legitimate advertising tools used by businesses that mean no harm. That’s why cybercriminals use fake ones to harvest your information — because pop-ups are such a common sight!
Don’t ever click on pop-ups that occur anywhere but inside the actual website of a verified company.
For example, if you’re on a random website and a pop-up for a bookstore appears, leave it be. Go to the bookstore’s official website instead to make any purchases.
Malicious pop-ups can sometimes give themselves away by switching your screen to full-screen automatically. Use this as a tell-tale sign to avoid the ad.
Can you remove a Trojan?
It’s possible to find and remove some Trojans yourself. To start, you’ll want to disable any startup items on your device that don’t come from a trusted source. Just make sure you reboot your device in safe mode so the malware can’t stop you from removing it.
The important thing here, though, is to make sure you’re not removing any programs that could hurt your system or prevent your device from functioning properly. That’s why an antivirus program like what’s found in McAfee Total Protection can be a good idea.
Browse confidently with award-winning antivirus software
Trojans can delete, modify, block, and copy your sensitive data with relative ease if you leave your Microsoft Windows devices unguarded. While Apple devices have different internal malware protections in place, they’re not completely immune to Trojans, either.
No matter what kind of device you’re using, make sure you have the best antivirus protection for your computer system so cybersecurity becomes as much a thing of the past as that old wooden horse in Troy.
For award-winning antivirus software you can trust, look no further than McAfee. With affordable tiered plans that all provide access to a virtual private network (VPN), McAfee is your one-stop-shop for security software that makes living life online that much sweeter.