What is a Trojan? Is it a virus or is it malware?
Authored by a Symantec employee
A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network.
A Trojan acts like a bona fide application or file to trick you. It seeks to deceive you into loading and executing the malware on your device. Once installed, a Trojan can perform the action it was designed for.
A Trojan is sometimes called a Trojan virus or a Trojan horse virus, but that’s a misnomer. Viruses can execute and replicate themselves. A Trojan cannot. A user has to execute Trojans. Even so, Trojan malware and Trojan virus are often used interchangeably.
Whether you prefer calling it Trojan malware or a Trojan virus, it’s smart to know how this infiltrator works and what you can do to keep your devices safe.
How do Trojans work?
Here’s a Trojan malware example to show how it works.
You might think you’ve received an email from someone you know and click on what looks like a legitimate attachment. But you’ve been fooled. The email is from a cybercriminal, and the file you clicked on — and downloaded and opened — has gone on to install malware on your device.
When you execute the program, the malware can spread to other files and damage your computer.
How? It varies. Trojans are designed to do different things. But you’ll probably wish they weren’t doing any of them on your device.
Common types of Trojan malware, from A to Z
Here’s a look at some of the most common types of Trojan malware, including their names and what they do on your computer:
This Trojan can create a “backdoor” on your computer. It lets an attacker access your computer and control it. Your data can be downloaded by a third party and stolen. Or more malware can be uploaded to your device.
This Trojan performs DDoS attacks. The idea is to take down a network by flooding it with traffic. That traffic comes from your infected computer and others.
This Trojan targets your already-infected computer. It downloads and installs new versions of malicious programs. These can include Trojans and adware.
Fake AV Trojan
This Trojan behaves like antivirus software, but demands money from you to detect and remove threats, whether they’re real or fake.
The losers here may be online gamers. This Trojan seeks to steal their account information.
As it sounds, this Trojan is after data on your infected computer.
This Trojan seeks to steal the email addresses you’ve accumulated on your device.
This Trojan seeks a ransom to undo damage it has done to your computer. This can include blocking your data or impairing your computer’s performance.
Remote Access Trojan
This Trojan can give an attacker full control over your computer via a remote network connection. Its uses include stealing your information or spying on you.
A rootkit aims to hide or obscure an object on your infected computer. The idea? To extend the time a malicious program runs on your device.
This type of Trojan infects your mobile device and can send and intercept text messages. Texts to premium-rate numbers can drive up your phone costs.
This Trojan takes aim at your financial accounts. It’s designed to steal your account information for all the things you do online. That includes banking, credit card, and bill pay data.
This Trojan targets instant messaging. It steals your logins and passwords on IM platforms.
That’s just a sample. There are a lot more.
Examples of Trojan malware attacks
Trojan malware attacks can inflict a lot of damage. At the same time, Trojans continue to evolve. Here are three examples.
- Emotet banking Trojan. After a long hiatus, Emotet’s activity increased in the last few months of 2017, according to the Symantec 2018 Internet Security Threat Report. Detections increased by 2,000 percent in that period. Emotet steals financial information, among other things.
- Rakhni Trojan.This malware has been around since 2013. More recently, it can deliver ransomware or a cryptojacker (allowing criminals to use your device to mine for cryptocurrency) to infected computers. “The growth in coin mining in the final months of 2017 was immense,” the 2018 Internet Security Threat Report notes. “Overall coin-mining activity increased by 34,000 percent over the course of the year.”
- ZeuS/Zbot.This banking Trojan is another oldie but baddie. ZeuS/Zbot source code was first released in 2011. It uses keystroke logging — recording your keystrokes as you log into your bank account, for instance — to steal your credentials and perhaps your account balance as well.
How Trojans impact mobile devices
Trojans aren’t problems for only laptop and desktop computers. They can also impact your mobile devices, including cell phones and tablets.
In general, a Trojan comes attached to what looks like a legitimate program. In reality, it is a fake version of the app, loaded up with malware. Cybercriminals will usually place them on unofficial and pirate app markets for unsuspecting users to download.
In addition, these apps can also steal information from your device, and generate revenue by sending premium SMS texts.
One form of Trojan malware has targeted Android devices specifically. Called Switcher Trojan, it infects users’ devices to attack the routers on their wireless networks. The result? Cybercriminals could redirect traffic on the Wi-Fi-connected devices and use it to commit various crimes.
How to help protect against Trojans
Here are some dos and don’ts to help protect against Trojan malware. First, the dos:
- Computer security begins with installing and running an internet security suite. Run periodic diagnostic scans with your software. You can set it up so the program runs scans automatically during regular intervals.
- Update your operating system’s software as soon as updates are made available from the software company. Cybercriminals tend to exploit security holes in outdated software programs. In addition to operating system updates, you should also check for updates on other software that you use on your computer.
- Protect your accounts with complex, unique passwords. Create a unique password for each account using a complex combination of letters, numbers, and symbols.
- Keep your personal information safe with firewalls.
- Back up your files regularly. If a Trojan infects your computer, this will help you to restore your data.
- Be careful with email attachments. To help stay safe, scan an email attachment first.
A lot of things you should do come with a corresponding thing not to do — like, do be careful with email attachments and don’t click on suspicious email attachments. Here are some more don’ts.
- Don’t visit unsafe websites. Some internet security software will alert you that you’re about to visit an unsafe site, such as Norton Safe Web.
- Don’t open a link in an email unless you’re confident it comes from a legitimate source. In general, avoid opening unsolicited emails from senders you don’t know.
- Don’t download or install programs if you don’t have complete trust in the publisher.
- Don’t click on pop-up windows that promise free programs that perform useful tasks.
- Don’t ever open a link in an email unless you know exactly what it is.
Trojan war winners and losers
A final note on Trojans for history and mythology buffs.
Trojans take their name from the hollow wooden horse that the Greeks hid inside of during the Trojan War. The Trojans, thinking the horse was a gift, opened their walled city to accept it, allowing the Greeks to come out of hiding at night to attack the sleeping Trojans.
In the same way, if you’re the victim of Trojan malware, you could find yourself on the losing side. It pays to stay alert, be careful, and don’t take chances — no matter what type of devices you’re using to stay connected.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.