Trojan

Trojans got their common name for the similarity of the mechanism of penetration into the user's computer as described in the episodes of the Iliad , telling about the “ Trojan horse ” - a gifted wooden horse used to penetrate Troy , which caused the fall of Troy. In Kon, presented as a sign of a false truce, the Odysseus warriors hid, who at night got out of the Horse and opened the gates to the main forces of the united Greek army. Most trojans operate in a similar way - disguising themselves as harmless or useful programs so that the user runs them on his computer. It is believed that the first term in the context of computer security was used in his report “Computer Security Technology Planning Study” by Daniel Edwards , an NSA officer. ^[one]

Trojans are spread by people - they are directly downloaded to computer systems by malefactors insiders, and they encourage users to download and / or run them on their systems.

To achieve the latter, malicious programs are placed by cybercriminals on open or indexed resources ( file servers and file- sharing systems), storage media are sent using messaging services (for example, e-mail ), get to the computer through security holes, or downloaded by the user from addresses obtained by one of the listed methods.

Sometimes the use of trojans is only part of a planned multi-stage attack on certain computers, networks or resources (including third ones) ^[2] .

Trojans are most often developed for malicious purposes. There is a classification where they are divided into categories based on how Trojans are introduced into the system and harm it. There are 5 main types ^[2] :

• remote access
• data destruction
• loader
• server
• security program deactivator

Trojans usually have the following extensions:

• .exe, .com (under the guise of games, office applications and other legal programs, the extension may not be visible if the display of extensions is disabled in Windows, files with a “double” extension are possible, for example, image.jpg.exe);
• .js, .vbs, .jse, .vbe, .bat, .cmd, .sh (scripts; the extension may not be visible, sometimes files of these formats can be read in the code editor);
• .html, .htm, .shtml, .shtm, .xhtml, .xht, .hta (HTML documents; can download viruses and other malicious programs from the Internet, redirect to virus and false sites; .hta files work outside the browser and can execute dangerous actions directly on the computer);
• .pif (shortcut with the ability to perform malicious actions);
• .docm, .xlsm, etc. (electronic documents can contain dangerous macros, usually the extension ends with "m");
• .xml, .xsl, .svg, .xaml (XML documents, similar to HTML);
• .scr (a program that often works covertly);
• some others.

The aim of the Trojan program may be ^[2] :

• uploading and downloading files;
• copying false links leading to fake websites, chats or other sites with registration;
• creating interference with the user's work;
• theft of data of value or secrecy, including information for authentication , for unauthorized access to resources, fishing for details regarding bank accounts that can be used for criminal purposes;
• the spread of other malware, such as viruses ;
• data destruction (erasing or rewriting data on a disk, hardly noticeable damage to files) and equipment, incapacitation or refusal of service of computer systems, networks;
• collecting email addresses and using them to send spam;
• tracking the user and secretly informing third parties of information, such as, for example, the habit of visiting specific sites;
• registration of keystrokes to steal information such as passwords and credit card numbers;
• deactivation or obstruction of the operation of antivirus programs and firewall;
• for self-affirmation of the virus-maker or just “have fun”.

A Trojan can imitate the name and icon of an existing, nonexistent, or simply attractive program, component, or data file (for example, a picture), both for the user to launch and to mask in the system of his presence.

A Trojan can to some extent imitate or even fully perform the task for which it is disguised (in the latter case, the malicious code is embedded by an attacker into an existing program) ^[2] .

The tasks that Trojans can perform are innumerable (like the innumerable computer malware programs existing in the world today), but they mainly go in the following directions:

• disruption of the work of other programs (up to computer freezing, which can only be solved by rebooting, and the inability to start them);
• persistent, owner-independent offer as the start page of spam links, ads or porn sites;
• distribution of pornography on the user's computer;
• turning the language of text documents into binary code;
• fraud (for example, when you open a certain site, the user may see a window in which they are prompted to take a certain action, otherwise something difficult to fix will happen - the user will be permanently blocked by the site, loss of a bank account, etc., sometimes for money, gaining access to computer management and installing malware);
• simple cheating

In general, Trojans are detected and removed by antivirus and antispyware software in the same way as other malware.

Trojans are worse detected by the context-sensitive methods of antiviruses (based on the search for known programs), because their distribution is better controlled, and instances of programs get to the experts of the antivirus industry with a longer delay than spontaneously distributed malware. However, heuristic (search for algorithms) and proactive (tracking) methods are just as effective for them.

• Malware
• VirusTotal
• Kaspersky Lab