What is a Trojan?

Posted by in Dark Tech, Featured | 0 comments

Jokes aside, Trojans are somewhat either mystify people, or they completely misunderstand them. Well I though that I would clear up some confusion for anyone out there who either has it backwards or just doesn’t know. Some may remember the story of the Trogan horse from classical Greek parables. The story maybe true or not, but it illustrates a good point. Never trust a gift from an enemy.

The classic and simple statement that a Trojan is a program hiding inside another one, that appears safe, or good. While the simplicity of that statement echo’s it’s elegance, it also belies the extent of the danger. So I’ll give you some working examples of a few Trojans in the wild today that you either will, or have already come across in your travels on the web.

If you go to http://www.kaspersky.com/viruswatchlite?search_virus=trojan&x=0&y=0&hour_offset=-9 you will see a list of top detected trojans by the hour. (So, obviously this list is subject to change) But what won’t change is the fact that the list is full of detected trojans. It’s just a list showing the latest detected viruses, and the ones with the most infections rise to the top. Let’s touch on a few of them on the list, by categories.

  • Trojan.Win32.FakeAV.afgm
    • This category (FakeAV) is like the name suggest, a FAKE AntiVirus. They actually buy ads on websites to help spread this stuff around. The adverts are designed to look like warning boxes, which deceive naive users into thinking that they are infected, and unless they click, download and install the fake software, they are in danger. The unfortunate side to this is the case is usually the opposite. They don’t have a virus until they click the ad, and are now “held hostage”   for a sum of money, usually $99 with a nonrefundable $1 fee. Millions have been infected by these Fake Antiviruses. After paying, they don’t get any response, and their credit card number is sometimes sold on the black market used to buy gas and goods in stores, so the thieves get away uncaught.
  • Trojan.Win32.FraudPack.cnnd
    • Once it enters in your system and executed then the virus opens up a backdoor on your system with no security. In this way more malware enters your system at regular intervals that destroys your operating system. This done without the users innervation. It is one of the ways that FakeAV gets on to your computer (See above)
  • Trojan.Win32.Refroso.cwvx
    • (From Microsoft) Worm:Win32/Refroso.xxx  is a worm that stops Windows Security Center and attempts to spread to other computers across a network by exploiting a vulnerability in Windows. No user action is required. You could say this is akin to the AIDS virus, as by disabling your firewall, it let’s other viruses come in.
  • Trojan.Win32.Scar.dmsw
    • The installation of Trojan.Scar.hej may come from a malicious web site or the download of a deceptive file from an unknown source.
      So in other words, you are surfing happily along, and then you are infected. :[
  • Trojan.Win32.VBKrypt.benv
    • VBKrypt is a large family of trojans. These trojans may be written in Visual Basic. Depending on the specific variant, the trojan may drop files, write to the registry and perform other unauthorized actions on the affected computer system. Like the FakeAV category, there are many type of variants in this family.
  • Trojan.Win32.Buzus.gwzz
    • Trojan.Buzus opens a backdoor on the infected machine and tries to steal various information like personal financial data (like credit card numbers, online banking details etc.)  passwords from various email and FTP applications (like Trillian, Microsoft Outlook, CuteFTP etc.) It also tries to compromise security settings of various security related products. Kind of a wonder bug,  this trojan is easier to detect, because it starts pilfering through everything.
  • Trojan-Spy.Win32.Zbot.azng
    • ZBot.HS  was discovered on February 20th 2008 and targets the online banking portal Finnish bank; the spam e-mail messages used to distribute its executably binary file are written in Finnish. This trojan can actually take small amounts of money from your bank account at a time. You should please contact your bank and confirm your online banking transactions if infection is confirmed. -That’s strong advice!
  • Trojan.Win32.Genome.rdrl
    • Trojan.Win32.Genome is a trojan that will spread via instant messaging software and has another payload of downloading and executing a variants of W32.Spybot.Worm on compromised computer.  Pretty low risk for this one, but it’s in the wild in large numbers still.
  • Trojan-Spy.Win32.WinSpy.big
    • Win-Spy can do  screen capture, keyword alerts, email monitoring, web cam monitoring and recording, microphone monitoring and recording, brower monitoring and recording. These functions can be done locally and remotely. It is often used for remote surveillance by attackers to snoop on other people. It falls under the broader category “Remote Access Trojan“.

So you can see that while they do a wide variety  of things, the common denominator is that they all deceive the end user to gain access. Now before you linux and Mac guys go crazy talking about Windows security, consider this. Most of these wouldn’t exist if people couldn’t be deceived. That’s the real source of insecurity in the system. The next problem is that the smarter you make people, the smarter the virus authors are forced to get to compensate. So take it for what you will, but until then knowledge is power.

WP Greet Box icon
X
Hello there! Check out some of these other cool sites!

Leave a Reply