Trojans are malicious files which are used by the attacker to create a backdoor without the knowledge of the user. It usually deletes or replaces operating system critical files, steal data, send notifications to remote attacker, and remotely control the target. Trojans usually hide behind a genuine code or program or file to avoid getting noted by the user. Behind the original program, it establishes a backdoor connection with the remote attacker. It has 3 parts
Dropper: This is the code which installs malicious code into the target.
Malicious code: This is the code which exploits the system and gives the attacker control over the target.
Wrapper: Wrapper wraps dropper, malicious code, genuine code into one exe package.
When victims try to download an infected file, dropper installs the malicious code first and then the genuine program.
Purpose of Trojans
Steal information such as passwords, security codes, credit card information using keyloggers
Use victim´s PC as a botnet to perform DDoS attacks
Delete or replace OS critical files
Generate fake traffic to create DoS
Download spyware, adware and malware
Record screenshots, audio and video of victim´s PC
Disable fw and av
Infect victim´s PC as a proxy server for relaying attacks
Use victim´s PC as a botnet to perform DoS, spamming and blasting email messages
There are various types of Trojans like
Remote access Trojan
DOM based Trojan
Data hiding Trojan
Avoid opening emails from unknown users
Do not download free software’s from untrusted sites
Always upgrade and keep firewalls, IDS and anti-virus updated with latest patches and signatures
Block all unnecessary ports
Periodically check startup programs and processes running to find any malicious files running.