T. R. Robinson Publications

Trojan

The terms ‘Trojan’ and ‘Trojan Horse’ tend to be used interchangeably. There is no difference: they refer to the same thing. A Trojan is a form of malware.

Note: As will be mentioned a number of times ‘Malware’ is the correct ‘umbrella’ term when referring to computer viruses. However, as, colloquially, the term virus is more readily understood, both will be used throughout discussions that relate to the topic.

The name ‘Trojan/Trojan Horse’ has been adopted from Homer’s The Iliad, an ancient Greek tale that includes the story of how the Greeks gained access into the city of Troy be means of a wooden horse, within which some soldiers were hidden. It was secretive and devious just in the same manner malware is designed to be.

Trojan refers to any malicious computer programme that misleads users as to its true intent. They often look like a legitimate programme and may use the same name as a legitimate app (software application). All designed to trick a user.

Trojans are not viruses per se in that they cannot reproduce or self replicate by their own accord. Nor do they try to insert themselves into computer files. They are essentially just another type of programme that may be implanted into a computer. Trojans are rarely inserted individually but are usually downloaded along with some other virus.

What Trojans do

Note: Trojan infection is not limited to computers: other devices (smartphone, tablet, etc.) may also be targeted.

Though Trojans are not viruses in the conventional sense, they may be used to impact a devise and to collect similar information as most malware:

• Obtain passwords.
• Collect personal information.
• Register bank and credit card details.
• Control computer/device functionality.
• Etc.

Trojan’s are particularly known to create ‘Backdoor’ access, enabling the person(s) behind them to control the computer/device. Though control is a Trojan’s primary purpose they also enable cyber criminals to:

• See Everything. (Everything the user is doing.)
• Control the computer webcam. (See the user!)
• Hear everything user says. (Through speakers.)
• Note the computer’s IP address.
• Upload unpleasant/illegal material.
• Use the computer as a proxy server. (See below.)

Proxy Servers – The last point in the above list: The cyber criminal behind the attack may, well probably will, want to access and deal with immoral, criminal, illegal, programmes and material. Not wanting to use their own computers or have them identified as the source, Trojan’s enable them, by stealing a computer’s IP address, to have the victim’s device identified as the source with the consequent dangers of law enforcement investigation and action. The Trojan can be programmed to cover its tracks so usage will not appear in the computer’s history list. Very nasty all round.

How Trojans infect a devise

As with most viruses, Trojans may be inadvertently downloaded by a variety of means:

• E-mail attachments.
• Text message attachments. (Mobile devices i.e. smartphones and tablets.)
• App (software application) downloads. (May look legitimate but be ware if an unverified source.)
• Malicious or compromised websites.
• Infected software downloads. (May appear legitimate.)
• Etc. (There are multiple sources a cyber criminal may use.)

Note: As already mentioned Trojans cannot reproduce or self-replicate in the way some other viruses can. Infection is reliant upon a user making some sort of mistake or visiting a malicious website.

Detecting a Trojan

Trojans can be remarkably hard to identify, especially as some of their impact may be similar to that of other identifiable malware.

Possible signs of infection:

Note: Remember some of these signs are similar to those encountered with the usual viruses. However, there are also a couple of others that are not normally encountered.

• Computer acting in a strange manner.
• Pop-ups appear when user not browsing the internet.
• Messages (including pop-ups) stating computer infected.
• Advertisement stating computer infected and offering security software.
• Computer running very slowly.
• Computer slows down during minor tasks.
• Applications will not start.
• Icons, unrelated to any program already installed, appear on desktop.
• New icons appear when no new software has been installed.
• Antivirus programme suddenly disabled and cannot be restarted.
• Multiple advertisements appear immediately the users starts browsing.
• System keeps going to a website not selected by user.
• Computer operates as if someone else is controlling it.

Basically, any anomaly in the computer’s behaviour.

Worm

A computer worm is a standalone programme that replicates itself in order to spread from computer to computer. Primarily affects networked computers; mostly utilised within businesses or large conglomerates.

Note: Though this series of articles are principally directed toward individual, private, computer users it is worth mentioning computer worms because they could impact a user who has two or more personal computers/devices linked (networked).

What Worms do

Worms do not generally attempt to change computer systems or files but they do aim to:

• Infect as many computers as possible, thereby damaging the network.
• Create, in the same manner as a Trojan, a Backdoor into the computer enabling it to be remotely controlled.

In recent years, the function of some have been changed/augmented so that they may now also:

• Attack a computer’s security systems. (Firewall and antivirus product.)

Though not designed to change systems and files, worms can cause a computer to work less efficiently because they take up system space meaning other programmes are unable to work at full capacity.

Worms may also be used to facilitate the spread of other malware (viruses).

How Worms infect a devise

Along with most viruses, worms can be inadvertently downloaded through:

• E-mail attachments.
• Text message attachments. (Mobile devices i.e. smartphones and tablets.)
• Social Media. (Through shared images; audio and video files; messaging; etc.)
• App (software application) downloads. (May look legitimate but be ware if an unverified source.)
• Malicious or compromised websites.
• Rogue advertisements.
• Infected software downloads. (May appear legitimate.)
• Connecting an already ‘infected’ external storage devise.
• Etc. (There are multiple sources a cyber criminal may use.)

Once a worm has entered a network, it no longer requires any human action to spread. A Worm:

• Is capable of replicating itself hundreds of times. (Includes each subsequent worm.)
• Can spread from one computer to another by its own volition.
• Can attach itself to an e-mail account.
• Can send a copy of itself to e-mail contacts.
• Frequently, also adds a Trojan to the computer system.

Detecting a Worm

Detecting a worm can be difficult. Some of the following occurrences may indicate one has entered a computer’s system:

• Computer acting in a strange manner.
• System freezes or crashes.
• Programmes start or stop without user action.
• Unusual sounds.
• Icons, unrelated to any program already installed, appear on desktop.
• New icons appear when no new software has been installed.
• Icons or files disappear.
• Antivirus warning messages.
• E-mail sent to contacts without user action.

Resolution

Removing a Trojan or Worm can be difficult. In many instances it will probably be necessary to:

• Reformat the system.
• Carry out a full, clean, reinstallation of ALL software.

Note: Before attempting the above the computer should be disconnected from the internet and any network it is part of. Any external storage device should also be removed and, if possible, scanned separately.

It is accepted, having to take the above action is irritating but it is probably the only way to ensure the computer is completely cleared.

Note: If the type of Trojan or Worm is identified it may be possible (by searching the name or asking an antivirus company) to find specific instructions for removing it. Utilising the computer’s antivirus software scan facility may also help especially as they are being constantly updated to deal with new developments. There are also some, valid, software programmes a user may use to detect and clear a system. These will be discussed in more detail in a subsequent article to be published toward the end of this ‘Computer Viruses’ series.

Prevention

It is appreciated the following are consistently repeated within related articles but it is necessary to ensure users, for their own safety, continually bare the points in mind.

• Avoid opening unverified e-mails or clicking upon links contained in them.
• Avoid visiting unknown websites (includes blogs) or following links to one if it has been provided by someone not known or not from a recognised group.
• Check social media sharable items are from a recognised/validated source.
• Do not download software from an unknown company or source.
• Do not download anything from an unconfirmed website or contained in an advertisement by unknown company or person (includes social media).
• Carry out regular scans. (Antivirus software usually contains the option for both full and quick scans.)
• Do regularly update software: programmes, applications, antivirus systems, etc. (New versions of malware are constantly devised and detected and most software companies update their programmes to counter attacks from them (each new virus requires a new resolution). Not to regularly update the computer software may leave it vulnerable to attack from the newer viruses.)

Roundup

Apologies for length of this article but thought it necessary to include sufficient detail to make it comprehensible.

Trojans and Worms are not conventional viruses but can impact a computer’s functionality and make it susceptible to theft of information and malicious use.

Removing these type of implants can be difficult and it may be necessary for the average lay user to obtain the assistance of a computer programmer or their antivirus software company.

As with all these issues, users should ensure they consistently follow the recommended precautions and take preventative actions.

Though worrying, and scary, users should not panic. One way or another all these issues can be dealt with, even if it does cause a bit of a headache in the meantime.

Disclaimer: The writer is not a computer programmer or in any other way a computer software expert. What is shared has been learnt through limited personal experience and/or through research. Consequently, though every effort has been made, total accuracy of all the above information cannot be guaranteed.