Welcome back, ladies and gents, to another installment of MalWTF101! Last month, I picked apart what a BotNet is (here’s a link for convenience). This week, I’m going to talk about one of the more classic trolls of the malware neighborhood. This particular style of malware has been around since about the 1980s and is still relevant to this day, as the trolls continue to find ways to trick you into downloading and enabling it on your computer. If you guessed “Trojan”, well then you are correct—we’re going to talk about the Trojan.
Unless you’ve been living under that rock, you’ve likely heard the story of the Trojan Horse, which is where the name of this malware was pulled from. Essentially, the Greeks built a giant wooden horse as a trophy to the Trojan army for “winning” the war. Little did those arrogant Trojans know, there was a gang of bruisers hanging out inside that giant wooden statue.
As you can probably guess, those hidden soldiers eventually broke out and sacked the City of Troy, thus conquering the city, winning the war and eventually having a common type of malware named after the event.
Trojan malware? Pretty much the same as it is in the story. A file that looks legit so you think it’s legit but IT’S NOT LEGIT! You allow it to enter your City of Troy (a.k.a. computer) where, once executed, it’s free to vandalize whatever part of your computer it was sent out to vandalize. Everything from crashing your computer, keystroke logging (where everything that you type is recorded), using your webcam to look at your face or other things, controlling your computer remotely, using your computer as a proxy for illegal activities and attacks on other computers so you look responsible, deleting and/or altering files, downloading and installing third-party malware, watching your screen from their computer while you use it, activating that damn blue screen of death, making you sad, making you angry, making you confused, etc. All possible by way of the Trojan.
According to the AWGP Trend Reports White Paper for Q1 2014, they state that “Trojans continue to be the most common type of malware, constituting 71.85% of all malware captured during this quarter. PandaLabs’ Collective Intelligence platform found that that almost four out of every five malware infections were caused by Trojans (79.70%).”
Trojans come packaged in a lot of different forms of executables as well—they’re not just limited to vbs and exe files, although those seem to be the most prominent. They can also be pdf, mp3, mov, jpg, txt… you get the idea. Basically any type of desirable file can be a trojan, which makes them particularly annoying and shitty.
Some good news out of all of this? Umbrella protects against Trojans. Lots of ’em. Zeus, Ramnit, Android/Gumen, Flame, Renos, FakeAV, I really could go on for a long time. We also, once again, provide you with the tools to pinpoint which computer (or computers) on your network are hosting the source of the activity, should you already be infected with one of these things.
So that’s what a Trojan is! Make sense? I sure hope so. If not, you could take it one step further and watch that movie Troy. It’s based around that whole Trojan Horse story and includes Brad Pitt as a demigod who runs around, sword in hand, unconvincingly jump stabbing dudes that are like 3 times his size.
You could also apply to join the OpenDNS Labs Security Community, which focuses specifically on potentially malicious domains that have been submitted for review (including those related to Trojans) by the community, and in turn helps to protect the millions of OpenDNS users around the world.