Insights
INSIGHTS
All Topics
What is trojan horse malware?
27 Jan 2022by Paul Rubens
We explore how trojan horse malware sneaks on to your computer and what you can do to prevent it
Trojan horse malware, often shortened to a “trojan”, is a particularly nasty type of malicious software that can cause considerable damage to your charity if it gets onto your computer systems. That’s because a trojan can empty your charity’s bank accounts, enable ransomware to infect your computers, and steal, modify, or delete data about your constituents.
Why is it called a trojan?
In the ancient myth, the Greeks were able to penetrate the city of Troy’s defences by giving the citizens a huge wooden horse which was brought inside the city’s walls. Unbeknownst to the Trojans, Greek warriors were hidden inside the horse. When the Trojans brought their gift into the city they unwittingly brought in their enemies as well, and this was their undoing.
A trojan is so-called because it hides inside something – often a document or a seemingly useful program – that an unsuspecting victim downloads on to their computer. Once it is on the computer, the trojan malware can activate and cause whatever damage it is designed to do.
How do trojans work?
A classic example of how a criminal may try to smuggle a trojan on to one of your charity’s computers is by taking a well-known and useful program, such as a photo editor or a document viewer, and then adding their malicious trojan software to the program. If you download a copy of the program that has been modified in this way, your machine will be infected with the trojan.
In some cases, the host program still functions normally, so you will have no idea that your computer has been infected with a trojan. In other cases, the host program does not work at all, but by time the you discover the trojan will be inside your computer.
Another example is a trojan either hidden in a spreadsheet or document, or simply posing as one of these types of file. A criminal may email you a document which purports to be an invoice, but when you open the document the trojan is activated and runs.
Alternatively, the criminal may simply make the trojan look like a document or spreadsheet by giving it a deceptive name ending in “doc” or “xls”. If you have not configured your computer to display filename extensions then you would not be able to see that “invoice.doc” is actually “invoice.doc.exe”, where the “.exe” suffix shows that the file is actually a (malicious) program rather than a Word document.
What’s the difference between a trojan and a virus?
Viruses, along with worms and many other types of malware, are designed to spread by replicating and infecting more computers that they come into contact with. By contrast, trojans tend to remain hidden without self-replicating.
But that’s not to say that trojans isolate themselves from the rest of the world.
Most trojans use the internet to pass information from infected machines to their criminal masters. They may also update themselves over the internet, for example to evade detection by anti-virus software, or receive new instructions or capabilities from a command and control server run by the criminals.
Related Articles
Types of trojans
There are a wider variety of trojans. We look at three of the most common and dangerous types.
Banking trojans
Malware such as the infamous Zeus banking trojan is designed to intercept and steal bank login details and pass them to criminals, enabling them to empty bank accounts. Sophisticated banking trojans may even be able to log in autonomously and initiate payment transactions.
Downloader trojans
A downloader trojan, such as Hancitor, is a particularly dangerous piece of malware because once it lands on one of your charity’s computers it can then download a variety of different malware onto the infected machine. A criminal controlling a downloader trojan could thus make it download malware to steal data, then download a keylogger to steal banking credentials, and finally download ransomware to try to extort money from your charity.
Anti-virus trojans
These fake security applications purport to scan computer systems for viruses, and then bring up warnings saying that the computer is infected. They then seek to persuade you to make a payment for a “full” version of the software which can remove the infection. Not only do the criminals pocket the payments, but downloading the full version simply allows even more malware onto your charity’s computer system.
How can you tell if a program you download is harbouring a trojan?
Many software authors publish a “hash” of their software on their website. This is a kind of digital signature of the software consisting of a short sequence of characters, and it is produced by a hash tool such as HashMyFiles which is designed to look at a program and produce a hash.
If you download a program from a source other than the author’s website, you can use a hash tool to produce a hash of the program you have downloaded to check that the hash is identical to the hash published on the author’s site.
Even the smallest change to the program will result in a completely different hash, so if the two hashes do not match then this indicates that the program you have downloaded has been tampered with or modified from the original. This could be a sign that the program contains a trojan.
What else can you do to prevent trojans?
- Only download software from the developer’s site, or from reputable download sites such as Apple’s AppStore or Google Play
- Disable macros in Word and Excel (and other Office files), because these allow malicious code in email attachments to run
- Configure your computer to display file extensions (such as .doc and .xls) This can help malicious software from posing as documents and images
- Enable two-factor authentication to prevent banking trojans from gaining access to your bank accounts
- Don’t click on any unexpected attachments, or click on links in emails
- Make regular data backups, to protect against falling victim to ransomware introduced by a downloader trojan
- Ensure that your endpoint protection software is running and up-to-date
- Make sure that you have installed the latest updates to all your software including your operating system.
More on this topic
Recommended Products
13 Nov 2024by Laura Stanley
How to stay cyber secure with volunteersSponsored Article
08 Nov 2024by Laura Stanley
Artificial intelligence: Responsible use for charitiesSponsored Article
31 Oct 2024by Laura Stanley
What cyber certification can do for charitiesSponsored Article
Our Events
Charity Digital Academy
Our courses aim, in just three hours, to enhance soft skills and hard skills, boost your knowledge of finance and artificial intelligence, and supercharge your digital capabilities. Check out some of the incredible options by clicking here.
© 2022 Charity Digital Trust. All rights reserved
