We consider in accessible language what a Trojan is and what is unique about this pest.
Very often users come across such a concept as Trojan What is it and what is it used for, why is it dangerous?
So, a Trojan is a pest program somewhat similar to a virus, although unlike it, the Trojan does not spread itself, but with the help of people. This type of software got its name in honor of the famous Trojan horse, with the help of which the troops of Achaea captured Troy by deception, building a huge horse, supposedly in a race.
The Trojans, not suspecting anything, pulled the structure into what was considered an impregnable fortress. Under the cover of darkness, Achaean warriors crawled out of it and opened the gates of impregnable Troy for the rest of their army. Thus, Trojan, Tronian horse- henceforth began to imply some kind of secret plan disguised as something harmless.
BMoreover, it does not cause harm in itself, but simply gives access to your computer to its owner (creator), and he, in turn, causes harm of varying degrees of complexity.
They first began to be talked about seriously back in 1998, in which the first mass-produced Trojan utility called Back Orifice was created.
Using it, it was possible to control the victim’s personal computer (PC) remotely, that is, over the Internet or local network (of course, this could also be used for good, for example, helping users from a distance, but it would also be possible to easily steal something from a computer, for example, passwords).
It was after the appearance of this Trojan that many began to worry about such programs. After all, they can cause enormous damage to a company or firm; with their help, hackers can steal important access passwords, client data, etc., which, in general, is constantly happening in the world today.
Let us repeat, the Trojan itself is not dangerous - it is just a way to gain access to something, a computer, mail, a website. All the harm can begin when its owner starts doing something, using it, for example, stealing your passwords.
Trojans can be divided into:
BackDoor (back door)- used to gain access to the victim’s PC in a roundabout way, which she does not even mean, so to speak - enters through the back door (for example, through a hole in the browser or OS).
The operating principle is as follows:
- Includes itself in the system startup to automatically start when the PC starts
- Checks for Internet connection at certain intervals
- Upon successful access to the global network, it sends its owner access data to the victim’s PC
- After this, the owner of the Trojan can perform various actions on this computer, including stealing or deleting all data
MailSender (mail sender)- this pest is registered in the operating system, after which it collects all entered passwords and codes on the victim’s PC. Next, the collected information is sent (usually by email) to the attacker. This is a common situation, often this is how passwords for access to social networks, email, credit cards, etc. are stolen.
LogWriter (log recording)- the peculiarity of this type of Trojans is that they write everything that is typed on the keyboard into a special file. Then it is sent in some way (by mail, ftp) to the attackers, they, in turn, analyze these records and select the necessary information from there.
Thus, in an accessible language, we have discussed in general terms what a Trojan is and what functions they have.
If you have any questions, the team will be happy to answer them in the comments.
- I like it
- I did not like
- October 20, 2015
- Alex website
The expression “Trojan horse” comes from history, and we still use it in conversation today. The expression "Trojan horse" refers to something that at first glance looks quite common and innocent, but, in fact, can cause harm. A Trojan virus (or also called a Trojan) is a file that looks quite harmless, but, in fact, poses a threat. Although they appeared relatively recently, they have already become entrenched in our lives and their reputation has eclipsed the wooden Trojan horse from the distant past. Next, we will describe some of the types of Trojan viruses that you may encounter.
The first Trojan virus we will discuss comes under the “trap” category. It is also better known as Spy Sheriff, and has already managed to infect millions of computer systems around the world. This Trojan virus is classified as malware. It does not affect or harm the computer system, but it does cause all sorts of annoying pop-ups to appear.
Most of these windows appear as system messages that contain warnings stating that you must install some type of software. Once Spy Sheriff gets onto your computer, it is very difficult to remove. If you try to remove it in the usual way, it will simply re-install itself using the hidden files that it has infected on your system. Most antivirus and antispyware programs will not be able to detect this virus. It also cannot be removed using System Restore because it controls the components that control this feature in Windows.
Sometimes Trojan viruses can be contained in archives that appear harmless. Some Trojans are used by attackers to remotely control someone else's computer. They are also used to attack and hack computer systems. One of the most famous cases involving Trojan involved a professor on whose computer thousands of child pornographic photographs were found. At first he was accused of knowingly downloading them. Although, ultimately, he was acquitted and it turned out that this was the action of Trojan, the situation still turned out to be very unpleasant.
Another famous type of virus problem that has made its mark on history is the Vundo virus. This virus uses Windows memory at various intervals and creates pop-up windows indicating that important system files have been lost. It also triggers a lot of messages telling you that you should install several security software, many of which are actually viruses. Fortunately, this virus is easy to remove as there are many automatic programs on the market for this process.
A Trojan virus can enter your computer system in different ways. But one thing you must remember: they cannot be activated unless you activate the file in which they are hidden. This is why it is so important to check unknown files and, if possible, not open them at all, because if a Trojan appears in the system, this can lead to dire consequences
A Trojan is a type of worm virus that can cause serious damage to your computer. A worm is a program that at first glance may seem harmless and safe, but in fact, it contains something very harmful to your computer. So harmful that it can destroy your computer through widespread damage that may be irreversible.
If you remember history well, then it will not be difficult for you to remember how the Greeks won the Trojan War by hiding in a large hollow wooden horse in order to enter the well-fortified Troy. In reality, the Trojan also gains access to your computer. Trojans enter your computer when you download safe programs such as games, images, music or video files, but as soon as these programs are executed, the Trojans begin their work. Trojans can do not only things that will greatly annoy you; but they can also seriously damage your computer. Trojans can also wipe your disk, send your credit card numbers and passwords to strangers, or allow others to use your computer for illegal purposes, such as denying service protection, thereby damaging networks.
Your best defense is antivirus software that is automatically updated and closely monitors what you download from the Internet. With antivirus software, you only download what is safe from websites, thereby protecting your computer from viruses. Antivirus software is your best defense not only against Trojan viruses, but against much more - protecting you from spyware, adware, and other types of malicious attacks on your computer. With good antivirus software, you won't have to worry about losing your data or missing personal information.
Disguised malware
No matter what protective measures are taken, no network can be protected from one serious danger - human gullibility. This is exploited by malware called Trojan horses, whose malicious codes are hidden inside something completely harmless. But if the program was installed voluntarily, it can overcome any firewalls, authentication systems and virus scanners.
Trojan horses differ from each other in the harmful actions they perform once inside a computer. This can be either a harmless prank associated with displaying some obscenity or political slogan on the screen, or a real information disaster, leading to the destruction of data on the disk and damage to equipment. Some of the Trojan horses combine with viruses to spread between systems via email.
The most sophisticated ones act very treacherously and do not limit themselves to causing damage to the system. In addition to hacking, Trojan horses can be used to spy on people and act like real criminals, albeit virtual ones. No one can feel safe. In the fall of 2000, Microsoft suffered a highly publicized hacker attack in which the source code for its future operating system was stolen and possibly modified. This was the result of the introduction of a “Trojan horse” that concealed a “worm” - a program that “crawled” across the network and copied itself to other computers. Once installed on one of Microsoft's computers, the program began to spread across the network until it landed on a computer that contained important secret information. After this, the “Trojan horse” signaled its presence to the hacker and opened a “secret door” on the network.
So what can you do to avoid Microsoft's fate? Of course, you cannot expel all users from the network. However, there are several ways to minimize the risk, starting with vigilance and education. Regular backup is a necessary procedure for restoring information after exposure to those “Trojan horses” whose intervention is limited to data destruction. Using a full suite of security software, such as firewalls and virus scanners, can help catch some of the more notorious offenders. But the most important thing is to learn for yourself and explain to network users what “Trojan horses” are, how they operate and what type of programs they can hide. In addition, you need to figure out how to distinguish a Trojan horse from a real gift horse before it gets into your network.
Dark horses
Apart from Bubbleboy, which was very rare and penetrated through a now-fixed security hole in Microsoft Outlook, the virus is almost impossible to catch just by reading an email message. The user must be tricked into running the attached file, and virus creators have good reason to believe that this is not so difficult to do. Many people automatically double-click any file they receive via email, so they need to get into the habit of doing otherwise.
As you know, Windows files with the extensions *.com (command), *.exe (executable) and *.dll (dynamic link library) are programs. They have the potential to do almost anything to the system, so they need to be handled with extreme caution, i.e. you should only run them if the source you got them from is completely trustworthy and you know for sure What are these programs intended for? The fact that a program was emailed to you by a friend or colleague is not enough reason to run it. A Trojan horse could have infiltrated your friend's email system and sent itself to every address in your address book.
To prevent virus infections, many organizations have policies in place to prevent users from installing unauthorized software. However, these types of restrictions are often difficult to enforce and can prevent employees from using the truly best software tools on the market to do their jobs. Whether you enforce such rules or not, it is important that users are aware of the potential dangers. If employees are allowed to download programs, they must know which ones pose the greatest threat. If this is forbidden to them, then they will pay more attention to the rules, understanding what dictates them.
Pirated software poses the most serious threat because the source from which it comes is, by definition, untrustworthy. Serious programmers have long been sharpening their grudge against pirates who distribute Trojan horses under the guise of illegal programs. The first known attack on the Palm platform fell into this category, carried out using a program presented as an emulator of the popular GameBoy program called Liberty. Instead of the promised emulation, it deletes all files and applications.
The most dangerous type of files are system fragment files, the purpose of which is to transfer parts of documents between applications and the desktop (shell scrap object) - they seem to be specially created for use as a “Trojan horse”. Although they should have a *.shs or *.shb extension, they remain hidden in the Windows 98/Me environment, masquerading as any other file type. The first program to exploit such a vulnerability was the Stages virus, which appeared in June 1998. Pretending to be a harmless text file, it was actually a Visual Basic script and sent itself by email to everyone listed in the user's address book.
Fragment files are so dangerous that the Symantec Antivirus Research Center recommends against using them altogether. Since very few legitimate applications deal with these files, many users could easily do without them altogether by deleting the schscrap.dll file from the Windows/system directory on their PC. As a less drastic measure, you can prevent the system from hiding such files by deleting the HKEY_CLASSES_ROOT\ShellScrap registry entry.
Pulling on the reins
No matter how serious a threat viruses and worms pose, they are still not the most dangerous stuff that can be hidden in Trojan horses. Many of them are designed to gain access to your network and hide small server programs that operate almost unnoticed. With the help of these programs, a hacker can find out your secrets or even take control of your PC.
The most unscrupulous hacking tool is Back Orifice 2000, often simply called BO2K, created by the hacker team “Dead Cow Cult”. The authors define their program as a “remote administration tool” that allows you to control a computer without the user’s knowledge or consent. It can run almost unnoticed under any version of Windows, providing an unauthorized user with almost complete access to the system. In addition to copying and changing the contents of files, hackers armed with BO2K can record every user action and even receive a stream of video information from his screen in real time.
Ironically, the Cult of the Dead Cow team themselves became victims of the Trojan Horse. The first CDs of Back Orifice 2000 intended for distribution were infected with the terrible Chernobyl virus, which could cause irreversible damage to the equipment. Aspiring hackers attending the 1999 DefCon conference found that instead of gaining control of other people's computers, they lost control of their own as their hard drives were overwritten and their BIOS chips were wiped.
The attack on Microsoft in the fall of 2000 used a Trojan horse called QAZ, which masqueraded as the Notepad utility and was located in the file notedad.exe. The original Notepad program was still available, but was renamed note.exe so that users did not notice the changes. An administrator, knowing that this file was not included in the standard Windows installation, could delete it, causing Notepad to stop working and leaving the Trojan horse untouched.
Even if attackers have no interest in your information, gaining control of your computers is still a serious threat. The Distributed Denial of Service (DDoS) attacks that took down some popular Web sites in early 2000 were carried out using Trojan horses. These programs rely on thousands of computers working together, so they can't just run on just one of them. However, an attack becomes possible when one computer gains control over thousands of others.
The consequences of your participation in attacks like DDoS go beyond the fact that you are disapproved of as a member of the online community and your organization is at risk of litigation. For example, as a result of attacks on Yahoo! and eBay suffered not only from these servers, but also from thousands of home and office users whose computers were involved in these attacks. If your mail server is busy attacking, it will not be able to fulfill its main purpose.
Any PC connected to a telephone line is a potential target for financially motivated attacks, since its modem can be reprogrammed to call high-value phone numbers. There are known “Trojan horses” that replace a regular telephone number in the user’s dial-up access settings with an international one, calls to which can cost several dollars per minute. And if this number is actually connected to an Internet provider, the victim may not notice anything until he receives his phone bills.
This type of Trojan horse first appeared in 1998, when thousands of users in Europe who were downloading pornographic slide shows found that their modems were calling a very expensive number in the Republic of Ghana. The attack was ranked #3 on the Federal Trade Commission's list of the worst Internet scams and is considered more dangerous than phone piracy and pyramid schemes.
Close the door tightly
Most Trojan horses signal their presence to a hacker through a given TCP port, so a properly configured firewall can detect and block them. Lists of ports used by popular Trojan horses are published on special Web sites (see the Internet Resources sidebar), some of which can even perform scanning. However, recent versions of many malware can change the specified port, making it more difficult to detect. Antivirus software can also detect Trojan horses, although this comes with its own risks. Because such software must be updated regularly, the antivirus software company gains access to your network. In November 2000, an update to Network Associates' McAfee VirusScan software caused some systems to crash and cause the loss of unsaved data. This was due to a bug in the software rather than a deliberate act, but for already compromised companies such as Microsoft entering the antivirus software market, there is a risk that individual Trojan horses could use this method of attack.
The German government believes that Windows 2000 may already be harboring a Trojan horse. It has gone so far as to threaten to ban the distribution of this software until Microsoft removes the Disk Defragmenter utility, which allegedly hides this dangerous code. Microsoft declined to do so, but published detailed instructions on its German support site explaining to users how to uninstall the utility themselves. Those managers who are concerned about this fact should keep in mind that there is still no evidence that the mentioned “Trojan horse” even exists. In fact, the US government is so confident in the security of Windows 2000 that it uses the software in many of its organizations, including the military.
Although the press and some users often refer to any piece of malware as a virus, security experts know that this is not the case. Here's a brief description of the three most common types of malware, each of which can be hidden inside a Trojan horse.
A virus is a self-replicating code that attaches itself to another file in the same way that real viruses attach to living cells. Viruses initially attacked program files with *.com or *.exe extensions, but the spread of scripting languages allowed them to infect office documents and even email messages.
A worm is a stand-alone program that typically reproduces itself by copying itself to other computers on the network. They are sometimes called bacteria because they are independent of other programs. The most widespread program is happy99.exe, which paralyzed many computers two years ago and still appears occasionally - especially around New Year.
The logic bomb does not play, but can cause serious damage. These are usually simple programs that perform harmful functions, such as deleting user files when executed. The modern Internet is not only an extremely useful information environment, but also a potential source of various dangers that threaten both the computers of ordinary users and servers. And if you believe the statistics, the most serious of these threats are viruses, especially the so-called Trojan horses. The origin of this term is known to everyone from school history courses. He identifies a gift that poses some kind of threat to its recipient. In principle, this very accurately describes this class of malware. These "gifts" can cause serious harm to Internet users. Well, in order not to be unfounded, let us, dear readers, consider the action Trojan horses in more detail.
Trojan horses- this is one of the most dangerous threats to a computer and its owner on the Internet
Remote administration
Remote administration Trojans allow a hacker to control the victim computer
Today you can find many programs that allow you to remotely administer both individual computers and entire computer systems. These are very convenient utilities that significantly simplify the task of local network administrators and allow them to save time (and therefore company money). The operating principle of such programs is simple. A special agent is installed on the remote PC. After this, the administrator can launch the main module on his machine at any time, connect to another computer and be able to fully manage it.
Now imagine that a personal computer user does not know about the agent installed on his system. And the latter communicates not with a machine neighboring on the local network, but with a PC remote thousands of kilometers away, behind which a hacker is sitting. In this case, the attacker can do anything: obtain passwords, copy personal documents, install any software, simply reboot or turn off the computer... That's why Trojan horses(actually these are agents of remote administration utilities) of the considered class are considered the most dangerous. They provide the attacker with virtually unlimited possibilities to control the victim’s machine.
Data theft
Some Trojans can steal user passwords
To another extremely dangerous group Trojan horses include those that are aimed at stealing information from users. They pose a particularly serious threat to home PC owners. It would seem that everything should be quite the opposite. Well, what can Do ordinary users have secret data? Much more interesting to hackers should be companies, each of which is full of trade secrets, and they can always try to sell them to competitors. However, there is one problem. After all Trojan the horse cannot independently find files with secret documentation. In addition, it is quite difficult to transmit any significant amounts of data over the Internet without being noticed. But from the computers of home users (often less secure), it is easy to steal, for example, passwords for accessing the operating system or the Internet.
Moreover, it was the last option that gained the most popularity. By using Trojan horses that steal passwords to access the Network, attackers who are connected to the same provider as the victim, can It's easy to shift your Internet costs to other people simply by using their login credentials. In addition, sometimes there are malicious programs with a rather complex algorithm that can try to retrieve passwords saved in the browser from various web services, FTP servers, etc.
Espionage
Spy Trojans allow a hacker to obtain detailed information about the user, including his passwords for various services.
Today, attackers are increasingly using espionage. Its essence is as follows. A special agent is installed on the victim’s computer, which, working unnoticed by the user, collects certain information about him and sends it to the hacker via the Internet. They even came up with a special term for such software - spyware. Modern spyware can do a lot: keep a log of the keys pressed by a person on the keyboard, periodically take screenshots of the entire screen and the active window, record the names of running programs, open documents and addresses of visited web pages.
All this allows attackers to obtain very detailed data about their victim, including the passwords needed to access the Internet and use various services.
However, in fairness it is worth noting that the vast majority Trojan spying horses record only the sequence of keys pressed. Firstly, this is the most critical information. This is how you can find out user passwords, for example, for various online services: email, online stores, etc. And having received them, the attacker will be able to safely use these resources in the future on behalf of the victim. Secondly, the list of pressed keys takes up a relatively small volume. And the less data, the easier it is to quietly transfer it to a hacker’s computer.
Page transitions
Some Trojans force the user to open certain websites
There are quite a few affiliate programs on the Internet today. Their essence is as follows. A person attracts visitors to the sponsor’s website, for each of whom he receives a small reward. In principle, affiliate programs are an absolutely normal phenomenon. But only as long as both parties follow the rules and adhere to generally accepted norms. Meanwhile, many resources with “adults only” content turn a blind eye to the actions of their partners, as a result of which the following happens.
Some people use Trojan horses. That is, they infect the computers of Internet users with such malicious programs that constantly change the home page in the browser to the address of the partner’s website, when going to which several more pop-up windows with sponsors’ web projects immediately open. In addition, such Trojan horses capable of independently initiating the opening of the address specified by them upon the occurrence of certain events (connecting to the Internet, opening a new browser window, etc.).
Carrying out attacks
Trojan horses used to carry out DDoS attacks
Therefore, most often, attackers act according to the following scheme. First they infect with a special Trojan horse as many machines as possible of ordinary Internet users. This malicious program lives on the PC for the time being, without revealing itself in any way and without performing any destructive actions. However, upon receiving a special command from the control center, the Trojan is activated and begins sending the packets required for the attack to the specified victim. And since there can be hundreds and thousands of such computers, it is not surprising that the server “crashes.” Basically for the user himself Trojan horses This class is practically not dangerous. Except for the moment that during their work his channel is loaded quite seriously. In addition, few Internet users will enjoy the fact that he actually became an accomplice in the crime.
Trojan horses can used to download other malicious software onto the user’s computer and install it
Recently, the requirements for malware have changed. If earlier all viruses were very small, then modern ones Trojan horses can be large enough. This is due to their great functionality (for example, spyware and remote administration utilities) and the technologies used. Meanwhile, it is not always possible to unnoticedly download such volumes of information onto the user’s computer. Therefore, hackers began to use the following technique. First, the PC is infected with a rather small utility that establishes a connection with a specific server, downloads other malicious software from there, installs and runs it. Universal loaders are especially dangerous in this regard. They allow an attacker to install different Trojan horses or even a whole bunch of them. It all depends on what is currently on the specified server.
Let's sum it up
So, as you and I, dear readers, have seen, modern Trojan horses really pose a serious threat to the security of any computer connected to the World Wide Web. Moreover, it is necessary to take into account that today there are programs related to two, three, or even more classes at once. Such Trojans can, for example, spy on a user, secretly download and install other software on his computer, and participate in attacks. Meanwhile, protecting yourself from this threat is generally not difficult. A regularly updated anti-virus program, a properly configured firewall and periodic updates of the operating system and software used are quite enough for this.
Today on the World Wide Web you can find so many underwater reefs in the form of viruses that you can’t even count them. Naturally, all threats are classified according to the method of penetration into the system, the harm caused and methods of removal. Unfortunately, one of the most dangerous is the Trojan virus (or Trojan). We will try to consider what this threat is. Ultimately, we’ll also figure out how to safely remove this crap from a computer or mobile device.
"Trojan" - what is it?
Trojan viruses are a self-copying type with their own executable codes or embedded in other applications, which pose a fairly serious threat to any computer or mobile system.
For the most part, Windows and Android systems are most affected. Until recently, it was believed that such viruses did not affect UNIX-like operating systems. However, just a few weeks ago, Apple mobile gadgets were also attacked by the virus. It is believed that the Trojan poses a threat. We will now see what this virus is.
Analogy with history
The comparison with historical events is not accidental. And before we figure it out, let’s turn to Homer’s immortal work “The Iliad,” which describes the capture of rebellious Troy. As you know, it was impossible to enter the city in the usual way or take it by storm, so it was decided to give the residents a huge horse as a sign of reconciliation.
As it turned out, there were soldiers inside it, who opened the city gates, after which Troy fell. The Trojan program behaves in exactly the same way. The saddest thing is that such viruses do not spread spontaneously, like some other threats, but purposefully.
How does the threat enter the system?
The most common method used to penetrate a computer or mobile system is to disguise itself as some kind of attractive or even standard program for the user. In some cases, a virus may embed its own codes into existing applications (most often these are system services or user programs).
Finally, malicious code can enter computers and networks in the form of graphic images or even HTML documents - either arriving as email attachments or copied from removable media.
With all this, if the code is embedded in a standard application, it can still partially perform its functions; the virus itself is activated when the corresponding service is launched. It’s worse when the service is at startup and starts with the system.
Consequences of exposure
Regarding the impact of the virus, it may partially cause system crashes or interruption of Internet access. But this is not his main goal. The main task of the Trojan is to steal confidential data for the purpose of using it by third parties.
Here you will find PIN codes for bank cards, logins with passwords for accessing certain Internet resources, and state registration data (numbers and personal identification numbers, etc.), in general, everything that is not subject to disclosure, according to the opinion of the owner of the computer or mobile device (of course, provided that such data is stored there).
Unfortunately, when such information is stolen, it is impossible to predict how it will be used in the future. On the other hand, you don’t have to be surprised if one day they call you from some bank and say that you have a loan debt, or all the money will disappear from your bank card. And these are just flowers.
on Windows
Now let's move on to the most important thing: how To do this is not as easy as some naive users believe. Of course, in some cases it is possible to find and neutralize the body of the virus, but since, as mentioned above, it is capable of creating its own copies, and not just one or two, finding and removing them can become a real headache. At the same time, neither a firewall nor standard anti-virus protection will help if the virus has already been missed and infiltrated into the system.
In this case, it is recommended to remove the Trojan using portable anti-virus utilities, and in the case of RAM capture, with special programs loaded before starting the operating system from an optical media (disk) or USB device.
Among portable applications, it is worth noting products like Dr. Web Cure It and Kaspersky Virus Removal Tool. Of the disk programs, Kaspersky Rescue Disc is the most functional. It goes without saying that their use is not a dogma. Today you can find any amount of such software.
How to remove a Trojan from Android
As for Android systems, things are not so simple. Portable applications have not been created for them. In principle, as an option, you can try connecting the device to a computer and scanning the internal and external memory with a computer utility. But if you look at the other side of the coin, where is the guarantee that when connected, the virus will not penetrate the computer?
In such a situation, the problem of how to remove a Trojan from Android can be solved by installing the appropriate software, for example from Google Market. Of course, there are so many things here that you are simply at a loss as to what exactly to choose.
But most experts and specialists in the field of data protection are inclined to think that the best application is 360 Security, which is capable of not only identifying threats of almost all known types, but also providing comprehensive protection for the mobile device in the future. It goes without saying that it will constantly hang in RAM, creating an additional load, but, you see, security is still more important.
What else is worth paying attention to
So we have dealt with the topic “Trojan - what is this type of virus?” Separately, I would like to draw the attention of users of all systems, without exception, to a few more points. First of all, before opening email attachments, always scan them with an antivirus. When installing programs, carefully read the proposals for installing additional components such as add-ons or browser panels (the virus can be disguised there too). Do not visit dubious sites if you see an antivirus warning. Do not use the simplest free antiviruses (it is better to install the same Eset Smart Security package and activate using free keys every 30 days). Finally, store passwords, PIN codes, bank card numbers and everything else in encrypted form exclusively on removable media. Only in this case can you be at least partially confident that they will not be stolen or, even worse, used for malicious purposes.
1. A Trojan horse is a program that gives outsiders access to a computer to perform any actions at the destination without warning the computer owner, or sends collected information to a specific address. Very often, Trojans get onto a computer along with useful programs or popular utilities, masquerading as them.
Quite often, the term “Trojan” refers to a virus. In fact, this is far from the case. Unlike viruses, Trojans are aimed at obtaining confidential information and accessing certain computer resources.
There are various possible ways for a Trojan to enter your system. Most often this happens when you launch any useful program in which the Trojan server is embedded. At the time of the first launch, the server copies itself to some directory, registers itself for launch in the system registry, and even if the carrier program never starts again, the system is already infected with a Trojan. You can infect a machine by running an infected program. This usually happens if programs are downloaded not from official servers, but from personal pages. A Trojan can also be introduced by strangers if they have access to the machine, simply by launching it from a floppy disk.
Some examples of Trojans:
Backdoor, Donald Dick, Crack2000, Extacis,KillCMOS and Netbus.
2. A virus is a program that can enter a computer in a variety of ways and cause effects ranging from merely annoying to very destructive. Viruses can enter computers through email, the Internet, various types of disks, etc., and have the following characteristics:
They are able to multiply, infecting other files and programs.
Computer viruses are called viruses because of their 
similarities with biological viruses.
Just as biological viruses enter the body and infect cells, computer viruses enter computers and infect files. Both types of viruses can reproduce themselves and spread by transmitting infection from one infected system to another. Just as a biological virus is a microorganism, a computer virus is a microprogram.
3. A worm is a program very similar to a virus. It is capable of self-replication and can lead to negative consequences for your system. However, worms do not need to infect other files to reproduce.
This is a type of malicious or, as they are also called, malicious programs. Such virtual worms have appeared a long time ago, along with viruses and spyware. A computer worm is similar to a virus because it enters the computer attached to a file. But unlike a virus, a worm has the ability to reproduce itself on your computer without requiring any user action. Another feature of a computer worm is that it not only spreads throughout the entire area of your computer, but also automatically sends copies of itself via email.
It should also be understood that the longer a worm is in a computer system, the more harm and destruction it causes.Worms, unlike viruses, simply copy themselves, damaging files, but reproduction can occur very quickly, the network becomes oversaturated, which leads to the destruction of the latter. Some of the more notorious worms include (usually sent over the Internet):
I Love You, Navidad, Pretty Park, Happy99, ExploreZip.
Trojan program. (also - Trojan, Trojan, Trojan horse) is a malicious program used by an attacker to collect information, destroy or modify it, disrupt the operation of a computer or use its resources for unseemly purposes. The effect of a Trojan may not actually be malicious, but Trojans have earned their notoriety for their use in the installation of programs such as Backdoor. Based on the principle of distribution and action, a Trojan is not a virus, since it is not capable of self-propagation.
The Trojan horse is launched manually by the user or automatically by a program or part of the operating system running on the victim computer (as a module or utility program). To do this, the program file (its name, program icon) is called a service name, disguised as another program (for example, installing another program), a file of a different type, or simply given an attractive name, icon, etc. for launching. A simple example of a Trojan can be a program waterfalls.scr, whose author claims to be a free screen saver. When launched, it loads hidden programs, commands and scripts with or without the user's consent or knowledge. Trojan horses are often used to trick security systems, leaving the system vulnerable, thereby allowing unauthorized access to the user's computer.
A Trojan program can, to one degree or another, imitate (or even completely replace) the task or data file it is disguised as (installation program, application program, game, application document, picture). In particular, an attacker can assemble an existing program with Trojan components added to its source code, and then pass it off as the original or replace it.
Similar malicious and camouflage functions are also used by computer viruses, but unlike them, Trojan programs cannot spread on their own. At the same time, a Trojan program can be a virus module.
Etymology
The name “Trojan program” comes from the name “Trojan horse” - a wooden horse, according to legend, given by the ancient Greeks to the inhabitants of Troy, inside which hid warriors who later opened the gates of the city to the conquerors. This name, first of all, reflects the secrecy and potential insidiousness of the true intentions of the program developer.
Spreading
Trojan programs are placed by the attacker on open resources (file servers, writable drives of the computer itself), storage media, or sent via messaging services (for example, e-mail) with the expectation that they will be launched on a specific, member of a certain circle, or arbitrary “ target computer.
Sometimes the use of Trojans is only part of a planned multi-stage attack on certain computers, networks or resources (including third parties).
Trojan body types
Trojan program bodies are almost always designed for a variety of malicious purposes, but can also be harmless. They are broken down into categories based on how Trojans infiltrate and cause harm to a system. There are 6 main types:
1. remote access;
2. destruction of data;
3. bootloader;
4. server;
5. security program deactivator;
6. DoS attacks.
Goals
The purpose of the Trojan program can be:
* uploading and downloading files;
* copying false links leading to fake websites, chat rooms or other registration sites;
* interfering with the user's work (as a joke or to achieve other goals);
* theft of data of value or secret, including information for authentication, for unauthorized access to resources (including third systems), fishing for details regarding bank accounts that can be used for criminal purposes, cryptographic information (for encryption and digital signatures);
* file encryption during a code virus attack;
* distribution of other malicious programs such as viruses. This type of Trojan is called Dropper;
* vandalism: destruction of data (erasing or overwriting data on a disk, hard-to-see damage to files) and equipment, disabling or failure to service computer systems, networks, etc., including as part of a botnet (an organized group of zombie computers), for example , to organize a DoS attack on the target computer (or server) simultaneously from many infected computers or send spam. For this purpose, hybrids of a Trojan horse and a network worm are sometimes used - programs that have the ability to quickly spread across computer networks and capture infected computers in a zombie network.;
* collecting email addresses and using them to send spam;
* direct computer control (allowing remote access to the victim computer);
* spying on the user and secretly communicating information to third parties, such as, for example, website visiting habits;
* registration of keystrokes (Keylogger) for the purpose of stealing information such as passwords and credit card numbers;
* obtaining unauthorized (and/or free) access to the resources of the computer itself or third resources accessible through it;
* Backdoor installation;
* using a telephone modem to make expensive calls, which entails significant amounts of telephone bills;
* deactivating or interfering with the operation of anti-virus programs and firewalls.
Symptoms of Trojan infection
* appearance of new applications in the startup registry;
* displaying fake downloads of video programs, games, porn videos and porn sites that you did not download or visit;
* taking screenshots;
* opening and closing the CD-ROM console;
* playing sounds and/or images, demonstrating photographs;
* restarting the computer while an infected program is starting;
* random and/or random shutdown of the computer.
Removal methods
Because Trojans come in many types and forms, there is no single method for removing them. The simplest solution is to clean out the Temporary Internet Files folder or find the malicious file and delete it manually (Safe Mode is recommended). In principle, antivirus programs are capable of detecting and removing Trojans automatically. If the antivirus is unable to find the Trojan, downloading the OS from an alternative source may allow the antivirus program to detect the Trojan and remove it. It is extremely important to regularly update the anti-virus database to ensure greater detection accuracy.
Disguise
Many Trojans can be on a user's computer without his knowledge. Sometimes Trojans are registered in the Registry, which leads to their automatic launch when Windows starts. Trojans can also be combined with legitimate files. When a user opens such a file or launches an application, the Trojan is also launched.
How the Trojan works
Trojans usually consist of two parts: Client and Server. The server runs on the victim machine and monitors connections from the Client used by the attacking party. When the Server is running, it monitors a port or multiple ports for a connection from the Client. In order for an attacker to connect to the Server, it must know the IP address of the machine on which the Server is running. Some Trojans send the IP address of the victim machine to the attacking party via email or other means. As soon as a connection has been made with the Server, the Client can send commands to it, which the Server will execute on the victim machine. Currently, thanks to NAT technology, it is impossible to access most computers through their external IP address. And now many Trojans connect to the attacker's computer, which is set to accept connections, instead of the attacker itself trying to connect to the victim. Many modern Trojans can also easily bypass firewalls on the victim’s computer.
This article is licensed under