Friday, December 31, 2021

Ask The Wizard (Trojans)

Dear Wizard of 'OZ',

I was wondering what’s a Trojan Horse virus?

Signed,

Helen

Dear Helen,

I came across this gem on the Visa website:

What’s a Trojan Horse virus?
A Trojan Horse is an email virus usually released by an email attachment. If opened, it will scour your hard drive for any personal and financial information such as your social security, account, and PIN numbers. Once it has collected your info, it is sent to a thief’s database.


Now, there are Trojan Horses and there are viruses, but there's no such thing as a Trojan Horse virus. In fact, the very definition of each precludes any chance of there being such a thing. A Trojan does not replicate. Viruses do. That fact alone means there can never be a "Trojan Horse virus".

The Visa description continues with, "A Trojan Horse is an email virus usually released by an email attachment." Not so. A Trojan may be sent as an attachment in email, but it's certainly not an email virus. (In fact there are few true email viruses, but that's a whole other topic). So it may or may not arrive in email, and it's equally likely to have been downloaded from a website or resulted from a P2P file transfer. In other words, vector has nothing to do with whether something is or isn't a Trojan.

Just what is a Trojan then? A Trojan is a program that appears to be legitimate, but in fact does something malicious. Quite often, that something malicious involves gaining remote, surreptitious access to a user's system. Unlike viruses, a Trojan does not replicate (i.e. infect other files), nor does it make copies of itself as worms do.

There are several different types of Trojans. Some of these include: remote access Trojans (RATs), backdoor Trojans (backdoors), IRC Trojans (IRCbots), and keylogging Trojans. Many Trojan encompass multiple types. For example, a Trojan may install both a keylogger and a backdoor. IRC Trojans are often combined with backdoors and RATs to create collections of infected computers known as botnets.

But one thing you probably won't find a Trojan doing is scouring your hard drive for personal details, as the Visa description alleges. Contextually, that would be a bit of a trick for a Trojan. Instead, this is where the keylogging functionality most often comes into play - capturing the user's keystrokes as they type and sending the logs to the attackers. Some of these keyloggers can be pretty sophisticated, targeting only certain websites (for example) and capturing any keystrokes involved with that particular session.

But why is it important to know the difference between a virus, a worm, and a Trojan? Because a virus infects legitimate files, thus if antivirus software detects a virus, that file should be cleaned. Conversely, if antivirus software detects a worm or a Trojan, there is no legitimate file involved and action should be to delete the file.


Hope this helps.

Yrs,

The Wizard

No comments:

Post a Comment

Contact The Wizard!
(he/him)