Malware 101: Trojan Horses
Trojan Horses. Years ago, they were almost all you heard about when people talked about bugs that could damage your computer. But what exactly is a Trojan horse in the world of computers?
For spyware and ransomware to work most effectively, the attacker needs to trick the user into downloading his or her malware. The best way to achieve this is through a Trojan horse, where a hacker misleads the user into thinking a malicious program is safe by disguising it as something appealing and non-nefarious – a reference to the ancient Greek tale involving a giant wooden horse being used to sneak an army into the city of Troy. Although it is common for Trojan to be used as a misnomer for many viruses, a true Trojan horse is malware pretending to be something else.
A hacker can use Trojan horses to deliver a variety of attacks – not just spyware and ransomware. They can be used to install backdoors which are opened by rootkits. (For more information on rootkits, check out our previous article on spyware.) Trojans can also be used to commence a DDoS (Distributed Denial of Service) attack – when so many commands are sent to a system that it can no longer keep up, causing the system to slow down or even crash. To put it in perspective, there were over 20,000 DDoS attacks in 2017 alone.
To better understand how you might be tricked by a Trojan horse, imagine browsing a website and seeing an ad pop up advertising a free anti-malware program. You decide to check it out, but when you click the ad, it suddenly disappears. Without your knowledge, it begins to download a piece of malware that will log your key strokes and create backdoor access to your computer, allowing the hacker to remotely access your computer and use your log-in credentials. That “free antimalware” you tried to download is the Trojan horse – the malicious software made to look like something you actually want.
But Trojans aren’t strictly limited to your desktops and laptops. A similar scenario can easily happen on your phone. Your phone is a computer, just with a different operating system. Let’s say that while on the internet, you come across what looks like a request from a service provider, perhaps from the website you’re trying to access. You get a popup requesting that you grant an app permission to alter some obscure setting on your phone. By clicking “Allow”, you inadvertently give permission for the malware to be downloaded. It might be a piece of malware meant to hijack your camera and repeatedly take pictures throughout the day. The attacker now has your face, the faces of friends and family, and can even generate a 3D image of your house or office. That same information can be passed through Facebook facial recognition, allowing the attacker to discover more private information about you and the people around you.
These scenarios may sound like they came out of a cybersecurity crime novel, but they represent very real possibilities.
After the release of the game Watch_Dogs in 2014, many people were curious whether or not the feats performed by the main character were plausible – namely scanning a person’s face and pulling up that person’s information, such as name, age, employment, and bank information, then using that information for personal gain. Enthusiasts have figured out ways to find a person’s profile with nothing but a picture of the target, taken by the hacker. Facebook uses facial recognition to make tagging easier, so every picture posted is scanned and run through the server. With these images, a 3D model of the person’s face can be created. That’s why when you post a picture, Facebook can tell who’s with you before you even tag them.
Legal information, such as your name, age, marital status, and residency, is already out there and freely available to the people who know where to look. Anything else has to be released by the user in places such as a social media page. This information could include anything from hobbies and interests to current location and contact information.
The first thing to watch out for when trying to spot a Trojan is the file type. A Trojan file is an executable file, so its extension is .exe. There will be attempts to hide this fact, but the file extension will always be there if you have configured your settings to display file extensions when viewing the contents of folders. Be wary, because many other files use the .exe extension, making it easy for a Trojan to sneak by if you aren’t paying close enough attention. One of the best things you can do is to make sure that any files you download are from a reputable provider.
The key to success against any cyberthreat is to be a step ahead and to have a back up plan. Knowing what to look out for is half the battle, but a reputable anti-malware program is an integral addition to any computer user’s arsenal.
If you, your organization or company, or someone you know would like more information about our company or how to handle the threat of Trojans, please do not hesitate to reach out to Mission Multiplier at firstname.lastname@example.org.