History of Trojans
The name «Trojan» comes from the ancient Greek legend of the Trojan horse. Malware gets its name because of its ability to hide under the guise of useful or harmless software, like a Trojan horse hiding warriors within itself.
Creation of Trojans
Creating a Trojan involves several stages:
Setting goals
The first step is to identify the target of the attack. This could be data theft, unauthorized access to systems, destruction of information, or other malicious action.
Code development
To create a Trojan, attackers use various programming languages, such as C++, Python, Java and others. Trojans can be written from scratch or based on existing templates and source codes.
Disguise
To successfully penetrate a system, a Trojan must be disguised as legitimate software or a file. This could be a document, executable file, archive, or other.
Testing
Before distribution, the Trojan is tested on various systems to ensure its functionality and undetectability from antivirus software.
Distribution of Trojans
Trojans are distributed in various ways:
Phishing attacks
Attackers send users emails with infected attachments or links to malicious sites.
Social networks and instant messengers
Trojans can be distributed through links and files sent on social networks and instant messengers.
Downloads from untrusted sites
Users may accidentally download a Trojan by downloading software or files from untrusted sources.
Malvertising
Trojans can be distributed through malicious advertising on legitimate websites.
Network vulnerabilities
Attackers can exploit vulnerabilities in software or network protocols to distribute Trojans.
Counterfeit software
Attackers can create fake versions of popular programs and post them on third-party websites. Users who want to save money or get a free version download and install such a program, unaware of the presence of a Trojan.
Exploits and exploit kits
Exploits use vulnerabilities in software to execute malicious code on the target system. Exploit kits are often used in automated attacks and can include various types of malware, including Trojans.
Removable media
Trojans can spread through USB drives, external hard drives and other removable media. Malicious code can be automatically launched when the media is connected to the computer.
Forums and P2P networks
Attackers can post links to infected files on forums, in comments to articles, as well as in P2P (peer-to-peer) file-sharing networks. Users who download such files may unintentionally infect their devices with Trojans.
Social engineering
Social engineering uses psychological manipulation to persuade users to perform actions that will lead to their systems becoming infected. For example, these could be fake security notifications or virus warnings that require you to download “updates” or “utilities.”
Infrastructure of infected sites
Attackers can hack legitimate websites and inject malicious code into them. When users visit such sites, the Trojan can be automatically downloaded and installed on their computers without any interaction.
Pirated software and media files
Distributing pirated copies of software, movies, music and other media files is one of the common methods of Trojan infection. Users who download such files are often unaware of hidden threats.
Examples of famous Trojans
To better understand the spread of Trojans, let’s look at a few well-known examples:
Zeus
One of the most famous banking Trojans, which was used to steal banking data by intercepting user input.
Emotet
Originally created as a banking Trojan, Emotet has evolved to become a multifunctional platform for distributing other types of malware.
Trojan-Spy.Win32.SpyEye
This Trojan was designed to steal sensitive information such as online banking credentials and passwords.
Remote Access Trojans (RATs)
Remote access Trojans, such as Back Orifice and DarkComet, allow attackers to completely control the infected system, gaining access to files, camera and microphone.
